[pypy-commit] pypy stdlib-2.7.9: Implemented load_cert_chain on _ssl.SSLContext

Tue Dec 30 23:39:22 CET 2014

Author: Alex Gaynor <alex.gaynor at gmail.com>
Branch: stdlib-2.7.9
Changeset: r75174:5a86dc612e6b
Date: 2014-12-30 14:39 -0800
http://bitbucket.org/pypy/pypy/changeset/5a86dc612e6b/

Log:	Implemented load_cert_chain on _ssl.SSLContext

diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -925,6 +925,43 @@
                         "CERT_OPTIONAL or CERT_REQUIRED")
         self.check_hostname = check_hostname
 
+    def load_cert_chain_w(self, space, w_certfile, w_keyfile=None):
+        if space.is_none(w_certfile):
+            certfile = None
+        else:
+            certfile = space.str_w(w_certfile)
+        if space.is_none(w_keyfile):
+            keyfile = certfile
+        else:
+            keyfile = space.str_w(w_keyfile)
+
+        set_errno(0)
+
+        ret = libssl_SSL_CTX_use_certificate_chain_file(self.ctx, certfile)
+        if ret != 1:
+            errno = get_errno()
+            if errno:
+                libssl_ERR_clear_error()
+                raise wrap_oserror(space, OSError(errno, ''),
+                                   exception_name = 'w_IOError')
+            else:
+                raise _ssl_seterror(space, None, -1)
+
+        ret = libssl_SSL_CTX_use_PrivateKey_file(self.ctx, keyfile,
+                                                 SSL_FILETYPE_PEM)
+        if ret != 1:
+            errno = get_errno()
+            if errno:
+                libssl_ERR_clear_error()
+                raise wrap_oserror(space, OSError(errno, ''),
+                                   exception_name = 'w_IOError')
+            else:
+                raise _ssl_seterror(space, None, -1)
+
+        ret = libssl_SSL_CTX_check_private_key(self.ctx)
+        if ret != 1:
+            raise _ssl_seterror(space, None, -1)
+
     def load_verify_locations_w(self, space, w_cafile=None, w_capath=None):
         if space.is_none(w_cafile):
             cafile = None
@@ -956,6 +993,7 @@
     _wrap_socket=interp2app(_SSLContext.descr_wrap_socket),
     set_ciphers=interp2app(_SSLContext.descr_set_ciphers),
     load_verify_locations=interp2app(_SSLContext.load_verify_locations_w),
+    load_cert_chain=interp2app(_SSLContext.load_cert_chain_w),
     set_default_verify_paths=interp2app(_SSLContext.descr_set_default_verify_paths),
 
     options=GetSetProperty(_SSLContext.descr_get_options,
diff --git a/pypy/module/_ssl/test/test_ssl.py b/pypy/module/_ssl/test/test_ssl.py
--- a/pypy/module/_ssl/test/test_ssl.py
+++ b/pypy/module/_ssl/test/test_ssl.py
@@ -261,6 +261,15 @@
         tmpfile.write(SSL_EMPTYCERT)
         cls.w_emptycert = cls.space.wrap(str(tmpfile))
 
+    def test_load_cert_chain(self):
+        import _ssl
+        ctx = _ssl._SSLContext(_ssl.PROTOCOL_TLSv1)
+        ctx.load_cert_chain(self.keycert)
+        ctx.load_cert_chain(self.cert, self.key)
+        raises(IOError, ctx.load_cert_chain, "inexistent.pem")
+        raises(_ssl.SSLError, ctx.load_cert_chain, self.badcert)
+        raises(_ssl.SSLError, ctx.load_cert_chain, self.emptycert)
+
     def test_load_verify_locations(self):
         import _ssl
         ctx = _ssl._SSLContext(_ssl.PROTOCOL_TLSv1)
