aboutsummaryrefslogtreecommitdiffstats
path: root/netlib/tcp.py
diff options
context:
space:
mode:
Diffstat (limited to 'netlib/tcp.py')
-rw-r--r--netlib/tcp.py10
1 files changed, 10 insertions, 0 deletions
diff --git a/netlib/tcp.py b/netlib/tcp.py
index 6423888a..68a71270 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -584,6 +584,7 @@ class TCPClient(_Connection):
self.address = address
self.source_address = source_address
self.cert = None
+ self.server_certs = []
self.ssl_verification_error = None
self.sni = None
@@ -668,6 +669,10 @@ class TCPClient(_Connection):
self.cert = certutils.SSLCert(self.connection.get_peer_certificate())
+ # Keep all server certificates in a list
+ for i in self.connection.get_peer_cert_chain():
+ self.server_certs.append(certutils.SSLCert(i))
+
# Validate TLS Hostname
try:
crt = dict(
@@ -734,6 +739,7 @@ class BaseHandler(_Connection):
request_client_cert=None,
chain_file=None,
dhparams=None,
+ extra_chain_certs=None,
**sslctx_kwargs):
"""
cert: A certutils.SSLCert object or the path to a certificate
@@ -769,6 +775,10 @@ class BaseHandler(_Connection):
else:
context.use_certificate_chain_file(cert)
+ if extra_chain_certs:
+ for i in extra_chain_certs:
+ context.add_extra_chain_cert(i.x509)
+
if handle_sni:
# SNI callback happens during do_handshake()
context.set_tlsext_servername_callback(handle_sni)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 06:01:52 +0000