[Jython-checkins] jython: _get_openssl_key_manager permit matching of the RSA private key to any cert in
darjus.loktevic
jython-checkins at python.org
Mon Aug 29 08:05:47 EDT 2016
https://hg.python.org/jython/rev/a758bc067952
changeset: 7952:a758bc067952
user: Darjus Loktevic <darjus at gmail.com>
date: Mon Aug 29 22:05:28 2016 +1000
summary:
_get_openssl_key_manager permit matching of the RSA private key to any cert in the pem file. Workarounds issue #2516
files:
Lib/_sslcerts.py | 19 +++++++++----------
1 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/Lib/_sslcerts.py b/Lib/_sslcerts.py
--- a/Lib/_sslcerts.py
+++ b/Lib/_sslcerts.py
@@ -119,20 +119,19 @@
from _socket import SSLError, SSL_ERROR_SSL
raise SSLError(SSL_ERROR_SSL, "PEM lib (No private key loaded)")
- keys_match = False
+ keys_match, validateable_keys_found = False, False
for cert in certs:
# TODO works for RSA only for now
- if not isinstance(cert.publicKey, RSAPublicKey) and isinstance(private_key, RSAPrivateCrtKey):
- keys_match = True
- continue
+ if isinstance(cert.publicKey, RSAPublicKey) and isinstance(private_key, RSAPrivateCrtKey):
+ validateable_keys_found = True
- if cert.publicKey.getModulus() == private_key.getModulus() \
- and cert.publicKey.getPublicExponent() == private_key.getPublicExponent():
- keys_match = True
- else:
- keys_match = False
+ if validateable_keys_found:
+ if cert.publicKey.getModulus() == private_key.getModulus() \
+ and cert.publicKey.getPublicExponent() == private_key.getPublicExponent():
+ keys_match = True
+ break
- if key_file is not None and not keys_match:
+ if key_file is not None and validateable_keys_found and not keys_match:
from _socket import SSLError, SSL_ERROR_SSL
raise SSLError(SSL_ERROR_SSL, "key values mismatch")
--
Repository URL: https://hg.python.org/jython
More information about the Jython-checkins
mailing list