[pypy-commit] pypy stdlib-2.7.9: Implemented load_cert_chain on _ssl.SSLContext
alex_gaynor
noreply at buildbot.pypy.org
Tue Dec 30 23:39:22 CET 2014
Author: Alex Gaynor <alex.gaynor at gmail.com>
Branch: stdlib-2.7.9
Changeset: r75174:5a86dc612e6b
Date: 2014-12-30 14:39 -0800
http://bitbucket.org/pypy/pypy/changeset/5a86dc612e6b/
Log: Implemented load_cert_chain on _ssl.SSLContext
diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -925,6 +925,43 @@
"CERT_OPTIONAL or CERT_REQUIRED")
self.check_hostname = check_hostname
+ def load_cert_chain_w(self, space, w_certfile, w_keyfile=None):
+ if space.is_none(w_certfile):
+ certfile = None
+ else:
+ certfile = space.str_w(w_certfile)
+ if space.is_none(w_keyfile):
+ keyfile = certfile
+ else:
+ keyfile = space.str_w(w_keyfile)
+
+ set_errno(0)
+
+ ret = libssl_SSL_CTX_use_certificate_chain_file(self.ctx, certfile)
+ if ret != 1:
+ errno = get_errno()
+ if errno:
+ libssl_ERR_clear_error()
+ raise wrap_oserror(space, OSError(errno, ''),
+ exception_name = 'w_IOError')
+ else:
+ raise _ssl_seterror(space, None, -1)
+
+ ret = libssl_SSL_CTX_use_PrivateKey_file(self.ctx, keyfile,
+ SSL_FILETYPE_PEM)
+ if ret != 1:
+ errno = get_errno()
+ if errno:
+ libssl_ERR_clear_error()
+ raise wrap_oserror(space, OSError(errno, ''),
+ exception_name = 'w_IOError')
+ else:
+ raise _ssl_seterror(space, None, -1)
+
+ ret = libssl_SSL_CTX_check_private_key(self.ctx)
+ if ret != 1:
+ raise _ssl_seterror(space, None, -1)
+
def load_verify_locations_w(self, space, w_cafile=None, w_capath=None):
if space.is_none(w_cafile):
cafile = None
@@ -956,6 +993,7 @@
_wrap_socket=interp2app(_SSLContext.descr_wrap_socket),
set_ciphers=interp2app(_SSLContext.descr_set_ciphers),
load_verify_locations=interp2app(_SSLContext.load_verify_locations_w),
+ load_cert_chain=interp2app(_SSLContext.load_cert_chain_w),
set_default_verify_paths=interp2app(_SSLContext.descr_set_default_verify_paths),
options=GetSetProperty(_SSLContext.descr_get_options,
diff --git a/pypy/module/_ssl/test/test_ssl.py b/pypy/module/_ssl/test/test_ssl.py
--- a/pypy/module/_ssl/test/test_ssl.py
+++ b/pypy/module/_ssl/test/test_ssl.py
@@ -261,6 +261,15 @@
tmpfile.write(SSL_EMPTYCERT)
cls.w_emptycert = cls.space.wrap(str(tmpfile))
+ def test_load_cert_chain(self):
+ import _ssl
+ ctx = _ssl._SSLContext(_ssl.PROTOCOL_TLSv1)
+ ctx.load_cert_chain(self.keycert)
+ ctx.load_cert_chain(self.cert, self.key)
+ raises(IOError, ctx.load_cert_chain, "inexistent.pem")
+ raises(_ssl.SSLError, ctx.load_cert_chain, self.badcert)
+ raises(_ssl.SSLError, ctx.load_cert_chain, self.emptycert)
+
def test_load_verify_locations(self):
import _ssl
ctx = _ssl._SSLContext(_ssl.PROTOCOL_TLSv1)
More information about the pypy-commit
mailing list