From 850dc86ac0c24085ab784a10238f12fd554c9edf Mon Sep 17 00:00:00 2001
From: jan iversen <jancasacondor@gmail.com>
Date: Wed, 27 Mar 2024 11:51:19 +0100
Subject: [PATCH] Remove certfile,keyfile,password from TLS client.

---
 API_changes.rst                |  1 +
 examples/client_async.py       |  7 ++++---
 examples/client_sync.py        |  7 ++++---
 pymodbus/client/tls.py         | 24 ++++--------------------
 test/sub_client/test_client.py | 24 ++++++++++++++++++++----
 5 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/API_changes.rst b/API_changes.rst
index de3850124..a9ed32476 100644
--- a/API_changes.rst
+++ b/API_changes.rst
@@ -6,6 +6,7 @@ Versions (X.Y.Z) where Z > 0 e.g. 3.0.1 do NOT have API changes!
 API changes 3.7.0
 -----------------
 - class method generate_ssl() added to TLS client (sync/async).
+- removed certfile, keyfile, password from TLS client, please use generate_ssl()
 
 
 API changes 3.6.0
diff --git a/examples/client_async.py b/examples/client_async.py
index e5554b3b4..a5200fb05 100755
--- a/examples/client_async.py
+++ b/examples/client_async.py
@@ -97,10 +97,11 @@ def setup_async_client(description=None, cmdline=None):
             #    retries=3,
             #    retry_on_empty=False,
             # TLS setup parameters
-            #    sslctx=sslctx,
-            certfile=helper.get_certificate("crt"),
-            keyfile=helper.get_certificate("key"),
+            sslctx=modbusClient.AsyncModbusTlsClient.generate_ssl(
+                certfile=helper.get_certificate("crt"),
+                keyfile=helper.get_certificate("key"),
             #    password="none",
+            ),
             server_hostname="localhost",
         )
     return client
diff --git a/examples/client_sync.py b/examples/client_sync.py
index ccb28ec8f..c074bb403 100755
--- a/examples/client_sync.py
+++ b/examples/client_sync.py
@@ -103,10 +103,11 @@ def setup_sync_client(description=None, cmdline=None):
             #    retries=3,
             #    retry_on_empty=False,
             # TLS setup parameters
-            #    sslctx=None,
-            certfile=helper.get_certificate("crt"),
-            keyfile=helper.get_certificate("key"),
+            sslctx=modbusClient.ModbusTlsClient.generate_ssl(
+                certfile=helper.get_certificate("crt"),
+                keyfile=helper.get_certificate("key"),
             #    password=None,
+            ),
             server_hostname="localhost",
         )
     return client
diff --git a/pymodbus/client/tls.py b/pymodbus/client/tls.py
index d5b56f980..58f80e51e 100644
--- a/pymodbus/client/tls.py
+++ b/pymodbus/client/tls.py
@@ -23,9 +23,6 @@ class AsyncModbusTlsClient(AsyncModbusTcpClient):
     :param port: Port used for communication
     :param source_address: Source address of client
     :param sslctx: SSLContext to use for TLS
-    :param certfile: Cert file path for TLS server request
-    :param keyfile: Key file path for TLS server request
-    :param password: Password for for decrypting private key file
     :param server_hostname: Bind certificate to host
 
     Common optional parameters:
@@ -60,10 +57,7 @@ def __init__(
         host: str,
         port: int = 802,
         framer: Framer = Framer.TLS,
-        sslctx: ssl.SSLContext | None = None,
-        certfile: str | None = None,
-        keyfile: str | None = None,
-        password: str | None = None,
+        sslctx: ssl.SSLContext = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT),
         server_hostname: str | None = None,
         **kwargs: Any,
     ):
@@ -74,9 +68,7 @@ def __init__(
             port=port,
             framer=framer,
             CommType=CommType.TLS,
-            sslctx=CommParams.generate_ssl(
-                False, certfile, keyfile, password, sslctx=sslctx
-            ),
+            sslctx=sslctx,
             **kwargs,
         )
         self.server_hostname = server_hostname
@@ -125,9 +117,6 @@ class ModbusTlsClient(ModbusTcpClient):
     :param port: Port used for communication
     :param source_address: Source address of client
     :param sslctx: SSLContext to use for TLS
-    :param certfile: Cert file path for TLS server request
-    :param keyfile: Key file path for TLS server request
-    :param password: Password for decrypting private key file
     :param server_hostname: Bind certificate to host
     :param kwargs: Experimental parameters
 
@@ -165,10 +154,7 @@ def __init__(
         host: str,
         port: int = 802,
         framer: Framer = Framer.TLS,
-        sslctx: ssl.SSLContext | None = None,
-        certfile: str | None = None,
-        keyfile: str | None = None,
-        password: str | None = None,
+        sslctx: ssl.SSLContext = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT),
         server_hostname: str | None = None,
         **kwargs: Any,
     ):
@@ -176,9 +162,7 @@ def __init__(
         super().__init__(
             host, CommType=CommType.TLS, port=port, framer=framer, **kwargs
         )
-        self.sslctx = CommParams.generate_ssl(
-            False, certfile, keyfile, password, sslctx=sslctx
-        )
+        self.sslctx = sslctx
         self.server_hostname = server_hostname
 
 
diff --git a/test/sub_client/test_client.py b/test/sub_client/test_client.py
index 0af821878..43c858cfb 100755
--- a/test/sub_client/test_client.py
+++ b/test/sub_client/test_client.py
@@ -14,6 +14,7 @@
 import pymodbus.other_message as pdu_other_msg
 import pymodbus.register_read_message as pdu_reg_read
 import pymodbus.register_write_message as pdu_req_write
+from examples.helper import get_certificate
 from pymodbus import Framer
 from pymodbus.client.base import ModbusBaseClient
 from pymodbus.client.mixin import ModbusClientMixin
@@ -516,25 +517,40 @@ def test_client_tcp_reuse():
 
 def test_client_tls_connect():
     """Test the tls client connection method."""
+    sslctx=lib_client.ModbusTlsClient.generate_ssl(
+        certfile=get_certificate("crt"),
+        keyfile=get_certificate("key"),
+    )
     with mock.patch.object(ssl.SSLSocket, "connect") as mock_method:
-        client = lib_client.ModbusTlsClient("127.0.0.1")
+        client = lib_client.ModbusTlsClient(
+            "127.0.0.1",
+            sslctx=sslctx,
+        )
         assert client.connect()
 
     with mock.patch.object(socket, "create_connection") as mock_method:
         mock_method.side_effect = OSError()
-        client = lib_client.ModbusTlsClient("127.0.0.1")
+        client = lib_client.ModbusTlsClient("127.0.0.1", sslctx=sslctx)
         assert not client.connect()
 
 
 def test_client_tls_connect2():
     """Test the tls client connection method."""
+    sslctx=lib_client.ModbusTlsClient.generate_ssl(
+        certfile=get_certificate("crt"),
+        keyfile=get_certificate("key"),
+    )
     with mock.patch.object(ssl.SSLSocket, "connect") as mock_method:
-        client = lib_client.ModbusTlsClient("127.0.0.1", source_address=("0.0.0.0", 0))
+        client = lib_client.ModbusTlsClient(
+            "127.0.0.1",
+            sslctx=sslctx,
+            source_address=("0.0.0.0", 0)
+        )
         assert client.connect()
 
     with mock.patch.object(socket, "create_connection") as mock_method:
         mock_method.side_effect = OSError()
-        client = lib_client.ModbusTlsClient("127.0.0.1")
+        client = lib_client.ModbusTlsClient("127.0.0.1", sslctx=sslctx)
         assert not client.connect()