From: Ben Darnell <ben@bendarnell.com>
Date: Sun, 3 Jul 2011 01:34:23 +0000 (-0700)
Subject: Add support for client SSL certificates in simple_httpclient
X-Git-Tag: v2.1.0~132
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f621fe4cf9382be757b271cc1e4c57cc3bf5e30;p=thirdparty%2Ftornado.git

Add support for client SSL certificates in simple_httpclient
---

diff --git a/tornado/curl_httpclient.py b/tornado/curl_httpclient.py
index d7e191811..5a3e62483 100644
--- a/tornado/curl_httpclient.py
+++ b/tornado/curl_httpclient.py
@@ -392,6 +392,10 @@ def _curl_setup_request(curl, request, buffer, headers):
     else:
         curl.unsetopt(pycurl.USERPWD)
         logging.debug("%s %s", request.method, request.url)
+
+    if request.client_key is not None or request.client_cert is not None:
+        raise ValueError("Client certificate not supported with curl_httpclient")
+
     if threading.activeCount() > 1:
         # libcurl/pycurl is not thread-safe by default.  When multiple threads
         # are used, signals should be disabled.  This has the side effect
diff --git a/tornado/httpclient.py b/tornado/httpclient.py
index 1b1336c90..56d727317 100644
--- a/tornado/httpclient.py
+++ b/tornado/httpclient.py
@@ -200,7 +200,8 @@ class HTTPRequest(object):
                  proxy_host=None, proxy_port=None, proxy_username=None,
                  proxy_password='', allow_nonstandard_methods=False,
                  validate_cert=True, ca_certs=None,
-                 allow_ipv6=None):
+                 allow_ipv6=None,
+                 client_key=None, client_cert=None):
         """Creates an `HTTPRequest`.
 
         All parameters except `url` are optional.
@@ -249,6 +250,8 @@ class HTTPRequest(object):
            to mix requests with ca_certs and requests that use the defaults.
         :arg bool allow_ipv6: Use IPv6 when available?  Default is false in 
            `simple_httpclient` and true in `curl_httpclient`
+        :arg string client_key: Filename for client SSL key, if any
+        :arg string client_cert: Filename for client SSL certificate, if any
         """
         if headers is None:
             headers = httputil.HTTPHeaders()
@@ -280,6 +283,8 @@ class HTTPRequest(object):
         self.validate_cert = validate_cert
         self.ca_certs = ca_certs
         self.allow_ipv6 = allow_ipv6
+        self.client_key = client_key
+        self.client_cert = client_cert
         self.start_time = time.time()
 
 
diff --git a/tornado/simple_httpclient.py b/tornado/simple_httpclient.py
index d592c580d..6b4645cc2 100644
--- a/tornado/simple_httpclient.py
+++ b/tornado/simple_httpclient.py
@@ -176,6 +176,10 @@ class _HTTPConnection(object):
                     ssl_options["ca_certs"] = request.ca_certs
                 else:
                     ssl_options["ca_certs"] = _DEFAULT_CA_CERTS
+                if request.client_key is not None:
+                    ssl_options["keyfile"] = request.client_key
+                if request.client_cert is not None:
+                    ssl_options["certfile"] = request.client_cert
                 self.stream = SSLIOStream(socket.socket(af, socktype, proto),
                                           io_loop=self.io_loop,
                                           ssl_options=ssl_options)