ssl证书校验配置

libertyzhu · libertyzhu · commit b7a96daa26d2 · 2024-11-11T16:57:58.000+08:00
diff --git a/qcloud_cos/cos_client.py b/qcloud_cos/cos_client.py
@@ -44,7 +44,7 @@ def __init__(self, Appid=None, Region=None, SecretId=None, SecretKey=None, Token
                  Access_id=None, Access_key=None, Secret_id=None, Secret_key=None, Endpoint=None, IP=None, Port=None,
                  Anonymous=None, UA=None, Proxies=None, Domain=None, ServiceDomain=None, KeepAlive=True, PoolConnections=10,
                  PoolMaxSize=10, AllowRedirects=False, SignHost=True, EndpointCi=None, EndpointPic=None, EnableOldDomain=True, EnableInternalDomain=True, SignParams=True,
-                 AutoSwitchDomainOnRetry=False, VerifySSL=None):
+                 AutoSwitchDomainOnRetry=False, VerifySSL=None, SSLCert=None):
         """初始化，保存用户的信息
 
         :param Appid(string): 用户APPID.
@@ -76,7 +76,8 @@ def __init__(self, Appid=None, Region=None, SecretId=None, SecretKey=None, Token
         :param EnableInternalDomain(bool):  是否使用内网域名访问COS
         :param SignParams(bool): 是否将请求参数算入签名
         :param AutoSwitchDomainOnRetry(bool): 重试请求时是否将myqcloud.com域名切换为tencentcos.cn
-        :param VerifySSL(bool): 是否开启SSL证书校验
+        :param VerifySSL(bool or string): 是否开启SSL证书校验, 或客户端CA bundle证书文件路径. 示例: True/False 或 '/path/certfile'
+        :param SSLCert(string or tuple): 客户端SSL证书路径. 示例: '/path/client.pem' 或 ('/path/client.cert', '/path/client.key')
         """
         self._appid = to_unicode(Appid)
         self._token = to_unicode(Token)
@@ -103,6 +104,7 @@ def __init__(self, Appid=None, Region=None, SecretId=None, SecretKey=None, Token
         self._sign_params = SignParams
         self._auto_switch_domain_on_retry = AutoSwitchDomainOnRetry
         self._verify_ssl = VerifySSL
+        self._ssl_cert = SSLCert
 
         if self._domain is None:
             self._endpoint = format_endpoint(Endpoint, Region, u'cos.', EnableOldDomain, EnableInternalDomain)
@@ -382,8 +384,12 @@ def send_request(self, method, url, bucket=None, timeout=30, cos_request=True, c
                 except Exception as ioe:
                     file_position = None
             kwargs['data'] = to_bytes(kwargs['data'])
-        if self._conf._ip is not None and self._conf._scheme == 'https' or self._conf._verify_ssl is False:
-            kwargs['verify'] = False
+        # 使用https访问时可设置ssl证书校验相关参数
+        if self._conf._scheme == 'https':
+            if self._conf._verify_ssl is not None:
+                kwargs['verify'] = self._conf._verify_ssl
+            if self._conf._ssl_cert is not None:
+                kwargs['cert'] = self._conf._ssl_cert
         if self._conf._allow_redirects is not None:
             kwargs['allow_redirects'] = self._conf._allow_redirects
         exception_logbuf = list() # 记录每次重试的错误日志
