4 files changed, 20 insertions, 40 deletions

diff --git a/libpathod/pathoc.py b/libpathod/pathoc.py
index 56708696..31180083 100644
--- a/libpathod/pathoc.py
+++ b/libpathod/pathoc.py
@@ -22,7 +22,7 @@ class Response:
 
 
 class Pathoc(tcp.TCPClient):
-    def __init__(self, address, ssl=None, sni=None, sslversion=1, clientcert=None, ciphers=None):
+    def __init__(self, address, ssl=None, sni=None, sslversion=4, clientcert=None, ciphers=None):
         tcp.TCPClient.__init__(self, address)
         self.settings = dict(
             staticdir = os.getcwd(),
diff --git a/libpathod/pathod.py b/libpathod/pathod.py
index c0c89ff1..2feb6996 100644
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@@ -14,15 +14,18 @@ class PathodError(Exception): pass
 
 
 class SSLOptions:
-    def __init__(self, confdir=CONFDIR, cn=None, certfile=None, 
+    def __init__(self, confdir=CONFDIR, cn=None, certfile=None, cacert=None,
                        not_after_connect=None, request_client_cert=False, 
                        sslversion=tcp.SSLv23_METHOD, ciphers=None):
         self.confdir = confdir
         self.cn = cn
-        cacert = os.path.join(confdir, CA_CERT_NAME)
-        self.cacert = os.path.expanduser(cacert)
-        if not os.path.exists(self.cacert):
-            certutils.dummy_ca(self.cacert)
+        if cacert:
+            self.cacert = os.path.expanduser(cacert)
+        else:
+            cacert = os.path.join(confdir, CA_CERT_NAME)
+            self.cacert = os.path.expanduser(cacert)
+            if not os.path.exists(self.cacert):
+                certutils.dummy_ca(self.cacert)
         self.certstore = certutils.CertStore(self.cacert)
         self.certfile = certfile 
         self.not_after_connect = not_after_connect
@@ -30,6 +33,15 @@ class SSLOptions:
         self.ciphers = ciphers
         self.sslversion = sslversion
 
+    def get_cert(self, name):
+        if self.certfile:
+            return certutils.SSLCert.from_pem(file(self.certfile, "rb").read())
+        if self.cn:
+            name = self.cn
+        elif not name:
+            name = DEFAULT_CERT_DOMAIN
+        return self.certstore.get_cert(name, [])
+
 
 
 class PathodHandler(tcp.BaseHandler):
@@ -91,7 +103,7 @@ class PathodHandler(tcp.BaseHandler):
             if not self.server.ssloptions.not_after_connect:
                 try:
                     self.convert_to_ssl(
-                        self.server.ssloptions.certstore.get_cert(DEFAULT_CERT_DOMAIN, []),
+                        self.server.ssloptions.get_cert(None),
                         self.server.ssloptions.cacert,
                         handle_sni = self.handle_sni,
                         request_client_cert = self.server.ssloptions.request_client_cert,
@@ -199,10 +211,7 @@ class PathodHandler(tcp.BaseHandler):
         if self.server.ssl:
             try:
                 self.convert_to_ssl(
-                    self.server.ssloptions.certstore.get_cert(
-                        self.server.ssloptions.cn or DEFAULT_CERT_DOMAIN,   
-                        []
-                    ),
+                    self.server.ssloptions.get_cert(None),
                     self.server.ssloptions.cacert,
                     handle_sni = self.handle_sni,
                     request_client_cert = self.server.ssloptions.request_client_cert,
diff --git a/libpathod/resources/server.crt b/libpathod/resources/server.crt
deleted file mode 100644
index ddcc0a33..00000000
--- a/libpathod/resources/server.crt
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICITCCAYoCCQDkPC8Z2YHxuDANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO
-WjEOMAwGA1UECBMFT3RhZ28xEDAOBgNVBAcTB0R1bmVkaW4xDzANBgNVBAoTBlBh
-dGhvZDETMBEGA1UEAxMKcGF0aG9kLm9yZzAeFw0xMjA0MjgyMzEyNTZaFw0yMDA3
-MTUyMzEyNTZaMFUxCzAJBgNVBAYTAk5aMQ4wDAYDVQQIEwVPdGFnbzEQMA4GA1UE
-BxMHRHVuZWRpbjEPMA0GA1UEChMGUGF0aG9kMRMwEQYDVQQDEwpwYXRob2Qub3Jn
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrc44bNmzRsfnAXKeaLA/GLc+R
-zJUl+CtGghe5K9ESYqmF9JvKegfWpYqTqWZM+WtoQtkR4SLW/6KS2sXO2bwzdC/m
-pfTYB+rFf6uRTNILBPkpb2YHh+p1ldwgRJ8ftqZrOyPv1lMP0mCgAMGR75rGvC5D
-TbQZU7O8foyQYzz58wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACkZH6zSOlk1pcLN
-9qwDuCG8yw3SR1E+B8n/jOiysqA8eZc5EL7njJMSZZMTHqfIfx6sfHH5aPSgCGCL
-EzBz741uKkzuai1GXr34tqf3z1faSws00lJG5jHYevef9Og1RtClPfGcrH25+I1Z
-unGdLFYj1i6owrv0UdWyHQxepzKV
------END CERTIFICATE-----
diff --git a/libpathod/resources/server.key b/libpathod/resources/server.key
deleted file mode 100644
index ce07e7c2..00000000
--- a/libpathod/resources/server.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDrc44bNmzRsfnAXKeaLA/GLc+RzJUl+CtGghe5K9ESYqmF9JvK
-egfWpYqTqWZM+WtoQtkR4SLW/6KS2sXO2bwzdC/mpfTYB+rFf6uRTNILBPkpb2YH
-h+p1ldwgRJ8ftqZrOyPv1lMP0mCgAMGR75rGvC5DTbQZU7O8foyQYzz58wIDAQAB
-AoGAFNKvarCxhwoacGzBVd03t+stRFO3jRgZm669sl6xqtKW84XikVGhh9Y0H0MI
-DR6x5RKkZ/RlRGZvVlWK0PRotGjIoepX3D+LBFgCJjVVI+dHjRAZ3758e+iqC7Zy
-3gVX7+fqiL56R5lZ02TofM/5I6JoJq/3ZP4SGB1tUO+BVaECQQD/SK/cxxhwdn0U
-juPWvAp8iKXiI5YttkzIUdyezv3ZKW8YzcvFokKL0WrFOM3bbJNDomGZgtyZmB+3
-c0/dCPwtAkEA7Byge10ovR4/c3t0ELQ/O8mKz48gPkd82Up369amAfkhmGxfYgDr
-gMx7ExTKxaa1swjrD/h7jtz5MvukqXACnwJAFw5ai8cThvy8mUG6hCdhjxPMX5s1
-MhW345O5KEKrnJRoa0YS9FuORRB54ywZM4sf1cjxpaqy/9BEdQ4eFWl9VQJBANr+
-ylLh21Fd5thD3ylHJYdcreVKCUv6nnAkRAp4ss0Nt/1aNzX9SHHUNytBk7mzoMAI
-O446mM+vYWvKP7XwcF0CQFFWxyizXOJG7rf72RtXCHf+LdJGJaOa9yLFdrMDBPtX
-pDz6hFPxk54zecInfOJwcWkKFSniYLNii6dA3Nf2Ng0=
------END RSA PRIVATE KEY-----