add support for sslcrl

Author: jdobes

asyncpg/connect_utils.py

@@ -222,7 +222,7 @@ def _parse_hostlist(hostlist, port, *, unquote=False):
 
 def _parse_connect_dsn_and_args(*, dsn, host, port, user,
                                 password, passfile, database, ssl,
-                                sslcert, sslkey, sslrootcert,
+                                sslcert, sslkey, sslrootcert, sslcrl,
                                 connect_timeout, server_settings):
     # `auth_hosts` is the version of host information for the purposes
     # of reading the pgpass file.
@@ -326,6 +326,11 @@ def _parse_connect_dsn_and_args(*, dsn, host, port, user,
                 if sslrootcert is None:
                     sslrootcert = val
 
+            if 'sslcrl' in query:
+                val = query.pop('sslcrl')
+                if sslcrl is None:
+                    sslcrl = val
+
             if query:
                 if server_settings is None:
                     server_settings = query
@@ -443,7 +448,6 @@ def _parse_connect_dsn_and_args(*, dsn, host, port, user,
                 '`sslmode` parameter must be one of: {}'.format(modes))
 
         # docs at https://www.postgresql.org/docs/10/static/libpq-connect.html
-        # Not implemented: sslcrl param.
         if sslmode < SSLMode.allow:
             ssl = False
         else:
@@ -462,12 +466,18 @@ def _parse_connect_dsn_and_args(*, dsn, host, port, user,
             if sslrootcert is None:
                 sslrootcert = os.getenv('PGSSLROOTCERT')
 
+            if sslcrl is None:
+                sslcrl = os.getenv('PGSSLCRL')
+
             if sslcert:
                 ssl.load_cert_chain(sslcert, keyfile=sslkey)
 
             if sslrootcert:
                 ssl.load_verify_locations(cafile=sslrootcert)
 
+            if sslcrl:
+                ssl.load_verify_locations(cafile=sslcrl)
+
     elif ssl is True:
         ssl = ssl_module.create_default_context()
         sslmode = SSLMode.verify_full
@@ -495,7 +505,7 @@ def _parse_connect_arguments(*, dsn, host, port, user, password, passfile,
                              statement_cache_size,
                              max_cached_statement_lifetime,
                              max_cacheable_statement_size,
-                             ssl, sslcert, sslkey, sslrootcert,
+                             ssl, sslcert, sslkey, sslrootcert, sslcrl,
                              server_settings):
 
     local_vars = locals()
@@ -525,7 +535,7 @@ def _parse_connect_arguments(*, dsn, host, port, user, password, passfile,
         dsn=dsn, host=host, port=port, user=user,
         password=password, passfile=passfile, ssl=ssl,
         sslcert=sslcert, sslkey=sslkey, sslrootcert=sslrootcert,
-        database=database, connect_timeout=timeout,
+        sslcrl=sslcrl, database=database, connect_timeout=timeout,
         server_settings=server_settings)
 
     config = _ClientConfiguration(

asyncpg/connection.py

@@ -1758,6 +1758,7 @@ async def connect(dsn=None, *,
                   sslcert=None,
                   sslkey=None,
                   sslrootcert=None,
+                  sslcrl=None,
                   connection_class=Connection,
                   record_class=protocol.Record,
                   server_settings=None):
@@ -1912,6 +1913,10 @@ async def connect(dsn=None, *,
         This parameter specifies the name of a file containing SSL certificate
         authority (CA) certificate(s).
 
+    :param sslcrl
+        This parameter specifies the file name of the SSL certificate
+        revocation list (CRL).
+
     :param dict server_settings:
         An optional dict of server runtime parameters.  Refer to
         PostgreSQL documentation for
@@ -2007,6 +2012,7 @@ async def connect(dsn=None, *,
         sslcert=sslcert,
         sslkey=sslkey,
         sslrootcert=sslrootcert,
+        sslcrl=sslcrl,
         database=database,
         server_settings=server_settings,
         command_timeout=command_timeout,