Improve error signalling for client certificates.

2 files changed, 15 insertions, 3 deletions

diff --git a/netlib/tcp.py b/netlib/tcp.py
index 4b547d1f..d0ca09f3 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -177,11 +177,14 @@ class TCPClient:
             clientcert: Path to a file containing both client cert and private key.
         """
         context = SSL.Context(method)
-        if not options is None:
+        if options is not None:
             ctx.set_options(options)
         if clientcert:
-            context.use_privatekey_file(clientcert)
-            context.use_certificate_file(clientcert)
+            try:
+                context.use_privatekey_file(clientcert)
+                context.use_certificate_file(clientcert)
+            except SSL.Error, v:
+                raise NetLibError("SSL client certificate error: %s"%str(v))
         self.connection = SSL.Connection(context, self.connection)
         self.ssl_established = True
         if sni:
diff --git a/test/test_tcp.py b/test/test_tcp.py
index 034e43b9..0417aa21 100644
--- a/test/test_tcp.py
+++ b/test/test_tcp.py
@@ -189,6 +189,15 @@ class TestSSLClientCert(ServerTestBase):
         c.convert_to_ssl(clientcert=tutils.test_data.path("data/clientcert/client.pem"))
         assert c.rfile.readline().strip() == "1"
 
+    def test_clientcert_err(self):
+        c = tcp.TCPClient("127.0.0.1", self.port)
+        c.connect()
+        tutils.raises(
+            tcp.NetLibError,
+            c.convert_to_ssl,
+            clientcert=tutils.test_data.path("data/clientcert/make")
+        )
+
 
 class TestSNI(ServerTestBase):
     @classmethod