Skip to content

Commit

Permalink
verify strings are now correctly passed to aiohttp.TCPConnector (#851)
Browse files Browse the repository at this point in the history
Co-authored-by: Fergus Mitchell <f.mitchell@mwam.com>
  • Loading branch information
FHTMitchell and FHTMitchell authored Feb 10, 2021
1 parent 3faf885 commit 9e7a608
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions aiobotocore/endpoint.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import aiohttp
import asyncio
import io
import pathlib
import ssl
import aiohttp.http_exceptions
from aiohttp.client import URL
Expand Down Expand Up @@ -285,6 +286,7 @@ def create_endpoint(self, service_model, region_name, endpoint_url,
sock_read=read_timeout
)

verify = self._get_verify_value(verify)
ssl_context = None
if client_cert:
if isinstance(client_cert, str):
Expand All @@ -293,14 +295,18 @@ def create_endpoint(self, service_model, region_name, endpoint_url,
elif isinstance(client_cert, tuple):
cert_file, key_file = client_cert
else:
assert False
raise TypeError("client_cert must be str or tuple, not %s" %
client_cert.__class__.__name__)

ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain(cert_file, key_file)
elif isinstance(verify, (str, pathlib.Path)):
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH,
cafile=str(verify))

connector = aiohttp.TCPConnector(
limit=max_pool_connections,
verify_ssl=self._get_verify_value(verify),
verify_ssl=bool(verify),
ssl_context=ssl_context,
**connector_args)

Expand Down

0 comments on commit 9e7a608

Please sign in to comment.