Use a custom exception.

Hoisted global _context declaration.
Added test cases.

Author: JasonGowthorpe

hyper/common/exceptions.py

@@ -64,3 +64,10 @@ def __init__(self, negotiated, sock):
         super(HTTPUpgrade, self).__init__()
         self.negotiated = negotiated
         self.sock = sock
+
+
+class MissingCertFile(Exception):
+    """
+    The certificate file could not be found.
+    """
+    pass

hyper/tls.py

@@ -6,7 +6,7 @@
 Contains the TLS/SSL logic for use in hyper.
 """
 import os.path as path
-
+from common.exceptions import MissingCertFile
 from .compat import ignore_missing, ssl
 
 
@@ -29,12 +29,13 @@ def wrap_socket(sock, server_hostname, ssl_context=None, force_proto=None):
     A vastly simplified SSL wrapping function. We'll probably extend this to
     do more things later.
     """
+
+    global _context
+
     if ssl_context:
         # if an SSLContext is provided then use it instead of default context
         _ssl_context = ssl_context
     else:
-        global _context
-
         # create the singleton SSLContext we use
         if _context is None:  # pragma: no cover
             _context = init_context()
@@ -102,7 +103,7 @@ def init_context(cert_path=None, cert=None, cert_password=None):
                   "ensure the default cert.pem file is included in the " +
                   "distribution or provide a custom certificate when " +
                   "creating the connection.")
-        raise Exception(errMsg)
+        raise MissingCertFile(errMsg)
 
     context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
     context.set_default_verify_paths()

test/test_SSLContext.py

@@ -14,6 +14,7 @@
 CLIENT_CERT_FILE = os.path.join(TEST_CERTS_DIR, 'client.crt')
 CLIENT_KEY_FILE = os.path.join(TEST_CERTS_DIR, 'client.key')
 CLIENT_PEM_FILE = os.path.join(TEST_CERTS_DIR, 'nopassword.pem')
+MISSING_PEM_FILE = os.path.join(TEST_CERTS_DIR, 'missing.pem')
 
 
 class TestSSLContext(object):
@@ -60,3 +61,46 @@ def test_client_certificates(self):
             cert=(CLIENT_CERT_FILE, CLIENT_KEY_FILE),
             cert_password=b'abc123')
         hyper.tls.init_context(cert=CLIENT_PEM_FILE)
+
+    def test_HTTPConnection_with_missing_certs(self):
+        # Clear any prevously created global context
+        hyper.tls._context = None
+        backup_cert_loc = hyper.tls.cert_loc
+        hyper.tls.cert_loc = MISSING_PEM_FILE
+
+        succeeded = False
+        threwExpectedException = False
+        try:
+            HTTPConnection('http2bin.org', 443)
+            succeeded = True
+        except hyper.common.exceptions.MissingCertFile:
+            threwExpectedException = True
+        except:
+            pass
+
+        hyper.tls.cert_loc = backup_cert_loc
+
+        assert not succeeded
+        assert threwExpectedException
+
+    def test_HTTPConnection_with_missing_certs_and_custom_context(self):
+        # Clear any prevously created global context
+        hyper.tls._context = None
+        backup_cert_loc = hyper.tls.cert_loc
+        hyper.tls.cert_loc = MISSING_PEM_FILE
+
+        context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+        context.set_default_verify_paths()
+        context.verify_mode = ssl.CERT_REQUIRED
+        context.check_hostname = True
+        context.set_npn_protocols(['h2', 'h2-15'])
+        context.options |= ssl.OP_NO_COMPRESSION
+
+        conn = HTTPConnection('http2bin.org', 443, ssl_context=context)
+
+        hyper.tls.cert_loc = backup_cert_loc
+
+        assert conn.ssl_context.check_hostname
+        assert conn.ssl_context.verify_mode == ssl.CERT_REQUIRED
+        assert conn.ssl_context.options & ssl.OP_NO_COMPRESSION != 0
+