Add ssl_password to default_config dicts. Send ssl_password when loading cert chains (#750)

Author: Ashley McKemie

kafka/client_async.py

@@ -59,6 +59,7 @@ class KafkaClient(object):
         'ssl_cafile': None,
         'ssl_certfile': None,
         'ssl_keyfile': None,
+        'ssl_password': None,
         'ssl_crlfile': None,
     }
 

kafka/conn.py

@@ -71,6 +71,7 @@ class BrokerConnection(object):
         'ssl_certfile': None,
         'ssl_keyfile': None,
         'ssl_crlfile': None,
+        'ssl_password': None,
         'api_version': (0, 8, 2),  # default to most restrictive
         'state_change_callback': lambda conn: True,
     }
@@ -228,7 +229,8 @@ def _wrap_ssl(self):
                 log.info('%s: Loading SSL Key from %s', str(self), self.config['ssl_keyfile'])
                 self._ssl_context.load_cert_chain(
                     certfile=self.config['ssl_certfile'],
-                    keyfile=self.config['ssl_keyfile'])
+                    keyfile=self.config['ssl_keyfile'],
+                    password=self.config['ssl_password'])
             if self.config['ssl_crlfile']:
                 if not hasattr(ssl, 'VERIFY_CRL_CHECK_LEAF'):
                     log.error('%s: No CRL support with this version of Python.'

kafka/consumer/group.py

@@ -196,6 +196,7 @@ class KafkaConsumer(six.Iterator):
         'ssl_certfile': None,
         'ssl_keyfile': None,
         'ssl_crlfile': None,
+        'ssl_password': None,
         'api_version': 'auto',
         'api_version_auto_timeout_ms': 2000,
         'connections_max_idle_ms': 9 * 60 * 1000, # not implemented yet