Remove certfile,keyfile,password from TLS client. (#2121)

API_changes.rst

@@ -6,6 +6,7 @@ Versions (X.Y.Z) where Z > 0 e.g. 3.0.1 do NOT have API changes!
 API changes 3.7.0
 -----------------
 - class method generate_ssl() added to TLS client (sync/async).
+- removed certfile, keyfile, password from TLS client, please use generate_ssl()
 
 
 API changes 3.6.0

examples/client_async.py

@@ -97,10 +97,11 @@ def setup_async_client(description=None, cmdline=None):
             #    retries=3,
             #    retry_on_empty=False,
             # TLS setup parameters
-            #    sslctx=sslctx,
-            certfile=helper.get_certificate("crt"),
-            keyfile=helper.get_certificate("key"),
+            sslctx=modbusClient.AsyncModbusTlsClient.generate_ssl(
+                certfile=helper.get_certificate("crt"),
+                keyfile=helper.get_certificate("key"),
             #    password="none",
+            ),
             server_hostname="localhost",
         )
     return client

examples/client_sync.py

@@ -103,10 +103,11 @@ def setup_sync_client(description=None, cmdline=None):
             #    retries=3,
             #    retry_on_empty=False,
             # TLS setup parameters
-            #    sslctx=None,
-            certfile=helper.get_certificate("crt"),
-            keyfile=helper.get_certificate("key"),
+            sslctx=modbusClient.ModbusTlsClient.generate_ssl(
+                certfile=helper.get_certificate("crt"),
+                keyfile=helper.get_certificate("key"),
             #    password=None,
+            ),
             server_hostname="localhost",
         )
     return client

pymodbus/client/tls.py

@@ -23,9 +23,6 @@ class AsyncModbusTlsClient(AsyncModbusTcpClient):
     :param port: Port used for communication
     :param source_address: Source address of client
     :param sslctx: SSLContext to use for TLS
-    :param certfile: Cert file path for TLS server request
-    :param keyfile: Key file path for TLS server request
-    :param password: Password for for decrypting private key file
     :param server_hostname: Bind certificate to host
 
     Common optional parameters:
@@ -60,10 +57,7 @@ def __init__(
         host: str,
         port: int = 802,
         framer: Framer = Framer.TLS,
-        sslctx: ssl.SSLContext | None = None,
-        certfile: str | None = None,
-        keyfile: str | None = None,
-        password: str | None = None,
+        sslctx: ssl.SSLContext = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT),
         server_hostname: str | None = None,
         **kwargs: Any,
     ):
@@ -74,9 +68,7 @@ def __init__(
             port=port,
             framer=framer,
             CommType=CommType.TLS,
-            sslctx=CommParams.generate_ssl(
-                False, certfile, keyfile, password, sslctx=sslctx
-            ),
+            sslctx=sslctx,
             **kwargs,
         )
         self.server_hostname = server_hostname
@@ -125,9 +117,6 @@ class ModbusTlsClient(ModbusTcpClient):
     :param port: Port used for communication
     :param source_address: Source address of client
     :param sslctx: SSLContext to use for TLS
-    :param certfile: Cert file path for TLS server request
-    :param keyfile: Key file path for TLS server request
-    :param password: Password for decrypting private key file
     :param server_hostname: Bind certificate to host
     :param kwargs: Experimental parameters
 
@@ -165,20 +154,15 @@ def __init__(
         host: str,
         port: int = 802,
         framer: Framer = Framer.TLS,
-        sslctx: ssl.SSLContext | None = None,
-        certfile: str | None = None,
-        keyfile: str | None = None,
-        password: str | None = None,
+        sslctx: ssl.SSLContext = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT),
         server_hostname: str | None = None,
         **kwargs: Any,
     ):
         """Initialize Modbus TLS Client."""
         super().__init__(
             host, CommType=CommType.TLS, port=port, framer=framer, **kwargs
         )
-        self.sslctx = CommParams.generate_ssl(
-            False, certfile, keyfile, password, sslctx=sslctx
-        )
+        self.sslctx = sslctx
         self.server_hostname = server_hostname
 
 

test/sub_client/test_client.py

@@ -14,6 +14,7 @@
 import pymodbus.other_message as pdu_other_msg
 import pymodbus.register_read_message as pdu_reg_read
 import pymodbus.register_write_message as pdu_req_write
+from examples.helper import get_certificate
 from pymodbus import Framer
 from pymodbus.client.base import ModbusBaseClient
 from pymodbus.client.mixin import ModbusClientMixin
@@ -516,25 +517,40 @@ def test_client_tcp_reuse():
 
 def test_client_tls_connect():
     """Test the tls client connection method."""
+    sslctx=lib_client.ModbusTlsClient.generate_ssl(
+        certfile=get_certificate("crt"),
+        keyfile=get_certificate("key"),
+    )
     with mock.patch.object(ssl.SSLSocket, "connect") as mock_method:
-        client = lib_client.ModbusTlsClient("127.0.0.1")
+        client = lib_client.ModbusTlsClient(
+            "127.0.0.1",
+            sslctx=sslctx,
+        )
         assert client.connect()
 
     with mock.patch.object(socket, "create_connection") as mock_method:
         mock_method.side_effect = OSError()
-        client = lib_client.ModbusTlsClient("127.0.0.1")
+        client = lib_client.ModbusTlsClient("127.0.0.1", sslctx=sslctx)
         assert not client.connect()
 
 
 def test_client_tls_connect2():
     """Test the tls client connection method."""
+    sslctx=lib_client.ModbusTlsClient.generate_ssl(
+        certfile=get_certificate("crt"),
+        keyfile=get_certificate("key"),
+    )
     with mock.patch.object(ssl.SSLSocket, "connect") as mock_method:
-        client = lib_client.ModbusTlsClient("127.0.0.1", source_address=("0.0.0.0", 0))
+        client = lib_client.ModbusTlsClient(
+            "127.0.0.1",
+            sslctx=sslctx,
+            source_address=("0.0.0.0", 0)
+        )
         assert client.connect()
 
     with mock.patch.object(socket, "create_connection") as mock_method:
         mock_method.side_effect = OSError()
-        client = lib_client.ModbusTlsClient("127.0.0.1")
+        client = lib_client.ModbusTlsClient("127.0.0.1", sslctx=sslctx)
         assert not client.connect()