From 0f17486e1399516fab9f0c7e9a624ae0385442b8 Mon Sep 17 00:00:00 2001
From: Aleksandr Mironov <a.m.mironov@gmail.com>
Date: Thu, 12 Jul 2018 11:14:53 +0300
Subject: [PATCH] Pass CA params to broker's SSL context

---
 hbmqtt/broker.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hbmqtt/broker.py b/hbmqtt/broker.py
index d4c3610..6e498b2 100644
--- a/hbmqtt/broker.py
+++ b/hbmqtt/broker.py
@@ -250,7 +250,12 @@ class Broker:
 
                     if ssl_active:
                         try:
-                            sc = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+                            sc = ssl.create_default_context(
+                                ssl.Purpose.CLIENT_AUTH,
+                                cafile=listener.get('cafile'),
+                                capath=listener.get('capath'),
+                                cadata=listener.get('cadata')
+                            )
                             sc.load_cert_chain(listener['certfile'], listener['keyfile'])
                             sc.verify_mode = ssl.CERT_OPTIONAL
                         except KeyError as ke: