From 0352ec0bd3aabb131b0cbb649f2062d59fc8f4a1 Mon Sep 17 00:00:00 2001 From: Cory Benfield Date: Thu, 5 Nov 2015 13:21:21 +0000 Subject: [PATCH] Add support for a directory of CAs --- HISTORY.rst | 8 ++++++++ docs/user/advanced.rst | 2 +- requests/adapters.py | 8 +++++++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/HISTORY.rst b/HISTORY.rst index 02593a34..34226f49 100644 --- a/HISTORY.rst +++ b/HISTORY.rst @@ -3,6 +3,14 @@ Release History --------------- +dev (XXXX) +++++++++++ + +**Minor Improvements** (Backwards compatible) + +- The ``verify`` keyword argument now supports being passed a path to a + directory of CA certificates, not just a single-file bundle. + 2.8.1 (2015-10-13) ++++++++++++++++++ diff --git a/docs/user/advanced.rst b/docs/user/advanced.rst index 62959a93..f0d2ffd9 100644 --- a/docs/user/advanced.rst +++ b/docs/user/advanced.rst @@ -201,7 +201,7 @@ I don't have SSL setup on this domain, so it fails. Excellent. GitHub does thoug >>> requests.get('https://github.com', verify=True) -You can pass ``verify`` the path to a CA_BUNDLE file with certificates of trusted CAs:: +You can pass ``verify`` the path to a CA_BUNDLE file or directory with certificates of trusted CAs:: >>> requests.get('https://github.com', verify='/path/to/certfile') diff --git a/requests/adapters.py b/requests/adapters.py index c69c082e..44f5064a 100644 --- a/requests/adapters.py +++ b/requests/adapters.py @@ -8,6 +8,7 @@ This module contains the transport adapters that Requests uses to define and maintain connections. """ +import os.path import socket from .models import Response @@ -185,10 +186,15 @@ class HTTPAdapter(BaseAdapter): raise Exception("Could not find a suitable SSL CA certificate bundle.") conn.cert_reqs = 'CERT_REQUIRED' - conn.ca_certs = cert_loc + + if not os.path.isdir(cert_loc): + conn.ca_certs = cert_loc + else: + conn.ca_cert_dir = cert_loc else: conn.cert_reqs = 'CERT_NONE' conn.ca_certs = None + conn.ca_cert_dir = None if cert: if not isinstance(cert, basestring):