3 files changed, 11 insertions, 9 deletions

diff --git a/libmproxy/cmdline.py b/libmproxy/cmdline.py
index 16678486..99b76e68 100644
--- a/libmproxy/cmdline.py
+++ b/libmproxy/cmdline.py
@@ -407,7 +407,7 @@ def proxy_ssl_options(parser):
     group.add_argument(
         "--client-certs", action="store",
         type=str, dest="clientcerts", default=None,
-        help="Client certificate directory."
+        help="Client certificate file or directory."
     )
     group.add_argument(
         "--no-upstream-cert", default=False,
diff --git a/libmproxy/models/connections.py b/libmproxy/models/connections.py
index 3aa522ea..0991955d 100644
--- a/libmproxy/models/connections.py
+++ b/libmproxy/models/connections.py
@@ -174,11 +174,14 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
     def establish_ssl(self, clientcerts, sni, **kwargs):
         clientcert = None
         if clientcerts:
-            path = os.path.join(
-                clientcerts,
-                self.address.host.encode("idna")) + ".pem"
-            if os.path.exists(path):
-                clientcert = path
+            if os.path.isfile(clientcerts):
+                clientcert = clientcerts
+            else:
+                path = os.path.join(
+                    clientcerts,
+                    self.address.host.encode("idna")) + ".pem"
+                if os.path.exists(path):
+                    clientcert = path
 
         self.convert_to_ssl(cert=clientcert, sni=sni, **kwargs)
         self.sni = sni
diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py
index c7b51311..b1478655 100644
--- a/libmproxy/proxy/config.py
+++ b/libmproxy/proxy/config.py
@@ -133,10 +133,9 @@ def process_proxy_options(parser, options):
 
     if options.clientcerts:
         options.clientcerts = os.path.expanduser(options.clientcerts)
-        if not os.path.exists(options.clientcerts) or not os.path.isdir(options.clientcerts):
+        if not os.path.exists(options.clientcerts):
             return parser.error(
-                "Client certificate directory does not exist or is not a directory: %s" %
-                options.clientcerts
+                "Client certificate path does not exist: %s" % options.clientcerts
             )
 
     if options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd: