[Python-checkins] r80314 - in python/trunk: Lib/test/test_ssl.py Misc/NEWS Modules/_ssl.c

antoine.pitrou python-checkins at python.org
Wed Apr 21 21:28:03 CEST 2010


Author: antoine.pitrou
Date: Wed Apr 21 21:28:03 2010
New Revision: 80314

Log:
Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".



Modified:
   python/trunk/Lib/test/test_ssl.py
   python/trunk/Misc/NEWS
   python/trunk/Modules/_ssl.c

Modified: python/trunk/Lib/test/test_ssl.py
==============================================================================
--- python/trunk/Lib/test/test_ssl.py	(original)
+++ python/trunk/Lib/test/test_ssl.py	Wed Apr 21 21:28:03 2010
@@ -232,6 +232,26 @@
         if test_support.verbose:
             sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
 
+    def test_algorithms(self):
+        # Issue #8484: all algorithms should be available when verifying a
+        # certificate.
+        # NOTE: https://sha256.tbs-internet.com is another possible test host
+        remote = ("sha2.hboeck.de", 443)
+        sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem")
+        s = ssl.wrap_socket(socket.socket(socket.AF_INET),
+                            cert_reqs=ssl.CERT_REQUIRED,
+                            ca_certs=sha256_cert,)
+        with test_support.transient_internet():
+            try:
+                s.connect(remote)
+                if test_support.verbose:
+                    sys.stdout.write("\nCipher with %r is %r\n" %
+                                     (remote, s.cipher()))
+                    sys.stdout.write("Certificate is:\n%s\n" %
+                                     pprint.pformat(s.getpeercert()))
+            finally:
+                s.close()
+
 
 try:
     import threading

Modified: python/trunk/Misc/NEWS
==============================================================================
--- python/trunk/Misc/NEWS	(original)
+++ python/trunk/Misc/NEWS	Wed Apr 21 21:28:03 2010
@@ -20,6 +20,10 @@
 Library
 -------
 
+- Issue #8484: Load all ciphers and digest algorithms when initializing
+  the _ssl extension, such that verification of some SSL certificates
+  doesn't fail because of an "unknown algorithm".
+
 - Issue #8437: Fix test_gdb failures, patch written by Dave Malcolm
 
 - Issue #4814: timeout parameter is now applied also for connections resulting

Modified: python/trunk/Modules/_ssl.c
==============================================================================
--- python/trunk/Modules/_ssl.c	(original)
+++ python/trunk/Modules/_ssl.c	Wed Apr 21 21:28:03 2010
@@ -1603,13 +1603,14 @@
 
 	/* Init OpenSSL */
 	SSL_load_error_strings();
+	SSL_library_init();
 #ifdef WITH_THREAD
 	/* note that this will start threading if not already started */
 	if (!_setup_ssl_threads()) {
 		return;
 	}
 #endif
-	SSLeay_add_ssl_algorithms();
+	OpenSSL_add_all_algorithms();
 
 	/* Add symbols to module dict */
 	PySSLErrorObject = PyErr_NewException("ssl.SSLError",


More information about the Python-checkins mailing list