Skip to content

Loading…

Fix #1424 -- add support for SSL client certificates #1566

Merged
merged 1 commit into from

2 participants

@brutasse

The test is a bit basic but follows what's being done for the --cert. I had test failures when running tox locally but the test I added passes.

I tried locally with a self-signed CA and it worked fine. It'd be perfect for securing devpi instances :)

@brutasse

Ok, tests ran fine but the pypy build took too long…

https://travis-ci.org/pypa/pip/builds/18869132

@dstufft
Python Packaging Authority member

I kicked off the build, should get a passing test in an hour or so.

@dstufft dstufft commented on an outdated diff
pip/cmdoptions.py
@@ -158,6 +158,14 @@ def make(self):
metavar='path',
help="Path to alternate CA bundle.")
+client_cert = OptionMaker(
+ '--client-cert',
+ dest='client_cert',
+ type='str',
+ default=None,
+ metavar='path',
+ help="Path to SSL client certificate.")
@dstufft Python Packaging Authority member
dstufft added a note

I'd like this help expanded a little bit to mention that it should be a single file that contains both the private key and the certificate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@dstufft
Python Packaging Authority member

Overall this looks pretty good to me, sorry for the delay in reviewing it.

@brutasse

@dstufft no problem! I just expanded the help as requested. Let me know if this is good enough.

@dstufft
Python Packaging Authority member

Looks good to me! However it appears I can't merge this because of a conflict. Can you rebase onto the latest develop?

@dstufft
Python Packaging Authority member

Looks good, will merge once tests pass.

@dstufft dstufft merged commit ec23cfb into pypa:develop

1 check passed

Details default The Travis CI build passed
@brutasse brutasse deleted the unknown repository branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 7, 2014
  1. @brutasse
This page is out of date. Refresh to see the latest.
Showing with 21 additions and 0 deletions.
  1. +2 −0 CHANGES.txt
  2. +4 −0 pip/basecommand.py
  3. +10 −0 pip/cmdoptions.py
  4. +5 −0 tests/unit/test_options.py
View
2 CHANGES.txt
@@ -9,6 +9,8 @@
* `wsgiref` and `argparse` (for >py26) are now excluded from `pip list` and `pip
freeze` (PR #1606, #1369)
+* Fixed #1424. Add ``--client-cert`` option for SSL client certificates.
+
**1.5.4 (2014-02-21)**
View
4 pip/basecommand.py
@@ -60,6 +60,10 @@ def _build_session(self, options):
if options.cert:
session.verify = options.cert
+ # Handle SSL client certificate
+ if options.client_cert:
+ session.cert = options.client_cert
+
# Handle timeouts
if options.timeout:
session.timeout = options.timeout
View
10 pip/cmdoptions.py
@@ -166,6 +166,15 @@ def make(self):
metavar='path',
help="Path to alternate CA bundle.")
+client_cert = OptionMaker(
+ '--client-cert',
+ dest='client_cert',
+ type='str',
+ default=None,
+ metavar='path',
+ help="Path to SSL client certificate, a single file containing the "
+ "private key and the certificate in PEM format.")
+
index_url = OptionMaker(
'-i', '--index-url', '--pypi-url',
dest='index_url',
@@ -357,6 +366,7 @@ def make(self):
skip_requirements_regex,
exists_action,
cert,
+ client_cert,
]
}
View
5 tests/unit/test_options.py
@@ -254,6 +254,11 @@ def test_cert(self):
options2, args2 = main(['fake', '--cert', 'path'])
assert options1.cert == options2.cert == 'path'
+ def test_client_cert(self):
+ options1, args1 = main(['--client-cert', 'path', 'fake'])
+ options2, args2 = main(['fake', '--client-cert', 'path'])
+ assert options1.client_cert == options2.client_cert == 'path'
+
class TestOptionsConfigFiles(object):
Something went wrong with that request. Please try again.