[issue9706] ssl errors checking
report at bugs.python.org
Sat Aug 28 23:01:51 CEST 2010
Antoine Pitrou <pitrou at free.fr> added the comment:
> SSLError: _ssl.c:296: Both the key & certificate files must be
> specified for server-side operation
> I would change this behavior in SSLSocket constructor and raise
> ValueError if server_side is True and certfile is None.
> Also, the message coming from the C code should be adjusted to state
> than keyfile argument is not mandatory.
The message is arguably technically correct: you need both a (private)
key and a certificate. It's simply that they can be put in the same
> >>> s = ssl.wrap_socket(socket.socket(), server_side=1)
> >>> s.connect(('blogger.com', 443))
> For consistency I would expect something like ValueError("can't
> connect in server-side mode") on connect().
> ssl.SSLError: [Errno 336445442] _ssl.c:1604: error:140DC002:SSL
> routines:SSL_CTX_use_certificate_chain_file:system lib
> A simple "IOError No such file or directory 'xxx'" exception would be
> a lot more clear.
Agreed, but the OpenSSL error reporting system looks too convoluted (or
braindead) to easily allow such aliasing of errors. If you have an idea,
don't hesitate to share :)
> ssl.SSLError: [Errno 336445449] _ssl.c:1604: error:140DC009:SSL
> routines:SSL_CTX_use_certificate_chain_file:PEM lib
> If possible, the error should be more clear about what happened.
> Something like "malformed certfile was provided" or something.
Same as above: the error message and numeric code come from OpenSSL, not
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list