support pinning to ssl certificate via fingerprint

[requiredfield]

I need to access an API over https which uses a self-signed cert. I'd like to pin my aiohttp client to the certificate I expect by fingerprint as opposed to by PEM data.

It looks like this is possible in requests with something like http://stackoverflow.com/a/26494652/3341853, but I could imagine aiohttp (and requests as well) supporting a much friendlier API, something like:

aiohttp.request('GET', url, verify_fingerprint='...')

Thanks for your consideration and for all the great work on aiohttp, it's awesome.

[asvetlov]

I think verify_fingerprint should be TCPConnector parameter.

See also https://github.com/kennethreitz/requests/blob/35d083e1665beff39aabe47a79cd1f867b897b0c/requests/packages/urllib3/util/ssl_.py#L19 for example of verification code.

[requiredfield]

I think verify_fingerprint should be TCPConnector parameter.

Sounds good to me!

See also https://github.com/kennethreitz/requests/blob/35d083e1665beff39aabe47a79cd1f867b897b0c/requests/packages/urllib3/util/ssl_.py#L19 for example of verification code.

Nice! (Note the most up-to-date version of this upstream is currently https://github.com/shazow/urllib3/blob/master/urllib3/util/ssl_.py#L112 )

[requiredfield]

@asvetlov Just started playing around with a patch and came up with requiredfield/aiohttp@4e66d78. Am I at all on the right track?

[requiredfield]

Went ahead and started a pull request for this in #361

[asvetlov]

The PR looks pretty good

[asvetlov]

Fixed in #366

[lock]

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.