[Python-checkins] r80318 - in python/branches/release31-maint: Lib/test/sha256.pem Lib/test/support.py Lib/test/test_ssl.py Misc/NEWS Modules/_ssl.c
antoine.pitrou
python-checkins at python.org
Wed Apr 21 21:52:52 CEST 2010
Author: antoine.pitrou
Date: Wed Apr 21 21:52:52 2010
New Revision: 80318
Log:
Merged revisions 80317 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80317 | antoine.pitrou | 2010-04-21 21:46:23 +0200 (mer., 21 avril 2010) | 15 lines
Merged revisions 80314-80315 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines
Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
........
r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines
Forgot to add the sample certificate (followup to r80314)
........
................
Added:
python/branches/release31-maint/Lib/test/sha256.pem
- copied unchanged from r80317, /python/branches/py3k/Lib/test/sha256.pem
Modified:
python/branches/release31-maint/ (props changed)
python/branches/release31-maint/Lib/test/support.py
python/branches/release31-maint/Lib/test/test_ssl.py
python/branches/release31-maint/Misc/NEWS
python/branches/release31-maint/Modules/_ssl.c
Modified: python/branches/release31-maint/Lib/test/support.py
==============================================================================
--- python/branches/release31-maint/Lib/test/support.py (original)
+++ python/branches/release31-maint/Lib/test/support.py Wed Apr 21 21:52:52 2010
@@ -607,6 +607,17 @@
@contextlib.contextmanager
+def transient_internet():
+ """Return a context manager that raises ResourceDenied when various issues
+ with the Internet connection manifest themselves as exceptions."""
+ time_out = TransientResource(IOError, errno=errno.ETIMEDOUT)
+ socket_peer_reset = TransientResource(socket.error, errno=errno.ECONNRESET)
+ ioerror_peer_reset = TransientResource(IOError, errno=errno.ECONNRESET)
+ with time_out, socket_peer_reset, ioerror_peer_reset:
+ yield
+
+
+ at contextlib.contextmanager
def captured_output(stream_name):
"""Run the 'with' statement body using a StringIO object in place of a
specific attribute on the sys module.
Modified: python/branches/release31-maint/Lib/test/test_ssl.py
==============================================================================
--- python/branches/release31-maint/Lib/test/test_ssl.py (original)
+++ python/branches/release31-maint/Lib/test/test_ssl.py Wed Apr 21 21:52:52 2010
@@ -176,6 +176,26 @@
if support.verbose:
sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
+ def test_algorithms(self):
+ # Issue #8484: all algorithms should be available when verifying a
+ # certificate.
+ # NOTE: https://sha256.tbs-internet.com is another possible test host
+ remote = ("sha2.hboeck.de", 443)
+ sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem")
+ s = ssl.wrap_socket(socket.socket(socket.AF_INET),
+ cert_reqs=ssl.CERT_REQUIRED,
+ ca_certs=sha256_cert,)
+ with support.transient_internet():
+ try:
+ s.connect(remote)
+ if support.verbose:
+ sys.stdout.write("\nCipher with %r is %r\n" %
+ (remote, s.cipher()))
+ sys.stdout.write("Certificate is:\n%s\n" %
+ pprint.pformat(s.getpeercert()))
+ finally:
+ s.close()
+
try:
import threading
Modified: python/branches/release31-maint/Misc/NEWS
==============================================================================
--- python/branches/release31-maint/Misc/NEWS (original)
+++ python/branches/release31-maint/Misc/NEWS Wed Apr 21 21:52:52 2010
@@ -33,6 +33,10 @@
Library
-------
+- Issue #8484: Load all ciphers and digest algorithms when initializing
+ the _ssl extension, such that verification of some SSL certificates
+ doesn't fail because of an "unknown algorithm".
+
- Issue #4814: timeout parameter is now applied also for connections resulting
from PORT/EPRT commands.
Modified: python/branches/release31-maint/Modules/_ssl.c
==============================================================================
--- python/branches/release31-maint/Modules/_ssl.c (original)
+++ python/branches/release31-maint/Modules/_ssl.c Wed Apr 21 21:52:52 2010
@@ -1652,13 +1652,14 @@
/* Init OpenSSL */
SSL_load_error_strings();
+ SSL_library_init();
#ifdef WITH_THREAD
/* note that this will start threading if not already started */
if (!_setup_ssl_threads()) {
return NULL;
}
#endif
- SSLeay_add_ssl_algorithms();
+ OpenSSL_add_all_algorithms();
/* Add symbols to module dict */
PySSLErrorObject = PyErr_NewException("ssl.SSLError",
More information about the Python-checkins
mailing list