From 7afe44ba4ee8810e24abfa32f74dfac61e5551d3 Mon Sep 17 00:00:00 2001
From: Kyle Morton <kylemorton@google.com>
Date: Sat, 20 Jun 2015 12:54:03 -0700
Subject: Updating TCPServer to allow tests (and potentially other use cases)
 to serve certificate chains instead of only single certificates.

---
 netlib/tcp.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'netlib/tcp.py')

diff --git a/netlib/tcp.py b/netlib/tcp.py
index 77eb7b52..61306e4e 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -567,7 +567,8 @@ class BaseHandler(_Connection):
                            dhparams=None,
                            **sslctx_kwargs):
         """
-            cert: A certutils.SSLCert object.
+            cert: A certutils.SSLCert object or the path to a certificate
+            chain file.
 
             handle_sni: SNI handler, should take a connection object. Server
             name can be retrieved like this:
@@ -594,7 +595,10 @@ class BaseHandler(_Connection):
         context = self._create_ssl_context(**sslctx_kwargs)
 
         context.use_privatekey(key)
-        context.use_certificate(cert.x509)
+        if isinstance(cert, certutils.SSLCert):
+            context.use_certificate(cert.x509)
+        else:
+            context.use_certificate_chain_file(cert)
 
         if handle_sni:
             # SNI callback happens during do_handshake()
-- 
cgit v1.2.3