diff --git a/doc/source/authentication.rst b/doc/source/authentication.rst index 8043f92e..19b22980 100644 --- a/doc/source/authentication.rst +++ b/doc/source/authentication.rst @@ -31,7 +31,7 @@ essentially meaning that the authentication has not yet occurred. >>> from pylxd import Client >>> client = Client( - ... endpoint='http://10.0.0.1:8443', + ... endpoint='https://10.0.0.1:8443', ... cert=('lxd.crt', 'lxd.key')) >>> client.trusted False diff --git a/doc/source/usage.rst b/doc/source/usage.rst index e2eae8ad..0724998b 100644 --- a/doc/source/usage.rst +++ b/doc/source/usage.rst @@ -24,7 +24,7 @@ certificate to the `verify` argument: >>> from pylxd import Client >>> client = Client( - ... endpoint='http://10.0.0.1:8443', + ... endpoint='https://10.0.0.1:8443', ... cert=('/path/to/client.crt', '/path/to/client.key'), ... verify='/path/to/server.crt') @@ -38,7 +38,7 @@ for TLS verification. >>> from pylxd import Client >>> client = Client( - ... endpoint='http://10.0.0.1:8443', + ... endpoint='https://10.0.0.1:8443', ... cert=('/path/to/client.crt', '/path/to/client.key'), ... verify=False) diff --git a/pylxd/client.py b/pylxd/client.py index 51258e9d..d2f52b8e 100644 --- a/pylxd/client.py +++ b/pylxd/client.py @@ -570,7 +570,15 @@ def assert_has_api_extension(self, name): def authenticate(self, secret, use_token_auth=True): if self.trusted: return - cert = open(self.api.session.cert[0]).read().encode("utf-8") + + if not isinstance(self.api.session.cert, tuple): + raise exceptions.ClientConnectionFailed("No client certificate specified") + + try: + with open(self.api.session.cert[0]) as f: + cert = f.read().encode("utf-8") + except FileNotFoundError: + raise exceptions.ClientConnectionFailed("Client certificate not found") # Quirk to handle 5.21 that supports explicit trust tokens as well as # password auth. We need to ascertain if the provided secret is indeed a