[New-bugs-announce] [issue9706] ssl errors checking
Giampaolo Rodola'
report at bugs.python.org
Sat Aug 28 21:19:03 CEST 2010
New submission from Giampaolo Rodola' <g.rodola at gmail.com>:
There are various errors I think ssl module should check.
In the examples below I'll always refer to ssl.wrap_socket() function but I expect that ssl.SSLContext suffers the exact same issues.
=== server side mode ===
When server_side option is set to True it is always required that at least a certfile argument is specified. This condition is not verified if the socket is still not connected:
>>> ssl.wrap_socket(socket.socket(), server_side=1)
<ssl.SSLSocket object, fd=3, family=2, type=1, proto=0>
...later on, when the socket will be connected, we'll get this message:
SSLError: _ssl.c:296: Both the key & certificate files must be specified for server-side operation
I would change this behavior in SSLSocket constructor and raise ValueError if server_side is True and certfile is None.
Also, the message coming from the C code should be adjusted to state than keyfile argument is not mandatory.
=== server side on connect ===
>>> s = ssl.wrap_socket(socket.socket(), server_side=1)
>>> s.connect(('blogger.com', 443))
>>>
For consistency I would expect something like ValueError("can't connect in server-side mode") on connect().
=== no such certfile ===
>>> os.path.exists('xxx')
False
>>> ssl.wrap_socket(socket.socket(), certfile='xxx')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 404, in wrap_socket
ciphers=ciphers)
File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 132, in __init__
self.context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [Errno 336445442] _ssl.c:1604: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
>>>
A simple "IOError No such file or directory 'xxx'" exception would be a lot more clear.
=== invalid certfile ===
>>> open('foo', 'w').write('blabla')
6
>>> ssl.wrap_socket(socket.socket(), certfile="foo")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 404, in wrap_socket
ciphers=ciphers)
File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 132, in __init__
self.context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [Errno 336445449] _ssl.c:1604: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
>>>
If possible, the error should be more clear about what happened. Something like "malformed certfile was provided" or something.
----------
messages: 115166
nosy: giampaolo.rodola, janssen, pitrou
priority: normal
severity: normal
status: open
title: ssl errors checking
versions: Python 3.2
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9706>
_______________________________________
More information about the New-bugs-announce
mailing list