[New-bugs-announce] [issue16487] Allow ssl certificates to be speficfied from memory rather than files.

[Kristján Valur Jónsson]

New submission from Kristján Valur Jónsson:

The _ssl module (and indeed the openssl lib) relies heaviliy on actual filesystem locations to load certificates.  A client or a server may not want to rely on physical filesystem locations to load certificates for authentication or verification.  Physical disc files are cumbersome and present a management burden in the presence of multiple processes.

This patch adds extensions to the _ssl.c file which allows certificates, keys and certification chains to be provided by file contents, rather than file name.  

The ctx.load_cert_chain and ctx.load_verify_locations take additional arguments to specify the data on this form.

the ssl.wrap_socket does not add arguments, rather the function is polymorphic in that the conents of the certfil/keyfile are examined and treated as file-data if beginning with -----BEGIN.  the ca_certs is similarly treated as a list of file contents, if it is a list, (rather than a string)

This patch is the result of work at CCP for deploying ssl clients and servers in an isolated environment without having to resort to temporary disk files.

----------
components: Extension Modules
files: sslpatch1.patch
keywords: patch
messages: 175691
nosy: kristjan.jonsson
priority: normal
severity: normal
status: open
title: Allow ssl certificates to be speficfied from memory rather than files.
type: enhancement
versions: Python 3.4
Added file: http://bugs.python.org/file28002/sslpatch1.patch

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16487>
_______________________________________