From b614606b35a9b336875e46fe6d4e856392cb9b71 Mon Sep 17 00:00:00 2001 From: liris Date: Mon, 4 Jan 2016 17:04:42 +0900 Subject: [PATCH] fixed #227 --- ChangeLog | 1 + websocket/_http.py | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 49b339c..959589a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ ChangeLog - use inspect.getfullargspec with Python 3.x (#219) - Check that exception message is actually a string before trying for substring check (#224) - Use pre-initialized stream socket (#226) + - fixed TypeError: cafile, capath and cadata cannot be all omitted (#227) - 0.34.0 diff --git a/websocket/_http.py b/websocket/_http.py index c4a6956..63f3f83 100644 --- a/websocket/_http.py +++ b/websocket/_http.py @@ -129,7 +129,8 @@ def _can_use_sni(): def _wrap_sni_socket(sock, sslopt, hostname, check_hostname): context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_SSLv23)) - context.load_verify_locations(cafile=sslopt.get('ca_certs', None)) + if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE: + context.load_verify_locations(cafile=sslopt.get('ca_certs', None)) if sslopt.get('certfile', None): context.load_cert_chain( sslopt['certfile'], @@ -156,11 +157,12 @@ def _wrap_sni_socket(sock, sslopt, hostname, check_hostname): def _ssl_socket(sock, user_sslopt, hostname): sslopt = dict(cert_reqs=ssl.CERT_REQUIRED) + sslopt.update(user_sslopt) + certPath = os.path.join( os.path.dirname(__file__), "cacert.pem") - if os.path.isfile(certPath): + if os.path.isfile(certPath) and user_sslopt.get('ca_certs', None) == None: sslopt['ca_certs'] = certPath - sslopt.update(user_sslopt) check_hostname = sslopt["cert_reqs"] != ssl.CERT_NONE and sslopt.pop('check_hostname', True) if _can_use_sni():