[Python-checkins] r86498 - in python/branches/py3k: Doc/library/ssl.rst Lib/test/test_ssl.py Misc/NEWS Modules/_ssl.c

antoine.pitrou python-checkins at python.org
Wed Nov 17 21:29:42 CET 2010 

Author: antoine.pitrou
Date: Wed Nov 17 21:29:42 2010
New Revision: 86498

Log:
Issue #10443: Add the SSLContext.set_default_verify_paths() method.



Modified:
   python/branches/py3k/Doc/library/ssl.rst
   python/branches/py3k/Lib/test/test_ssl.py
   python/branches/py3k/Misc/NEWS
   python/branches/py3k/Modules/_ssl.c

Modified: python/branches/py3k/Doc/library/ssl.rst
==============================================================================
--- python/branches/py3k/Doc/library/ssl.rst	(original)
+++ python/branches/py3k/Doc/library/ssl.rst	Wed Nov 17 21:29:42 2010
@@ -536,6 +536,15 @@
    following an `OpenSSL specific layout
    <http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>`_.
 
+.. method:: SSLContext.set_default_verify_paths()
+
+   Load a set of default "certification authority" (CA) certificates from
+   a filesystem path defined when building the OpenSSL library.  Unfortunately,
+   there's no easy way to know whether this method succeeds: no error is
+   returned if no certificates are to be found.  When the OpenSSL library is
+   provided as part of the operating system, though, it is likely to be
+   configured properly.
+
 .. method:: SSLContext.set_ciphers(ciphers)
 
    Set the available ciphers for sockets created with this context.

Modified: python/branches/py3k/Lib/test/test_ssl.py
==============================================================================
--- python/branches/py3k/Lib/test/test_ssl.py	(original)
+++ python/branches/py3k/Lib/test/test_ssl.py	Wed Nov 17 21:29:42 2010
@@ -412,6 +412,12 @@
                 'cache_full': 0,
             })
 
+    def test_set_default_verify_paths(self):
+        # There's not much we can do to test that it acts as expected,
+        # so just check it doesn't crash or raise an exception.
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        ctx.set_default_verify_paths()
+
 
 class NetworkedTests(unittest.TestCase):
 

Modified: python/branches/py3k/Misc/NEWS
==============================================================================
--- python/branches/py3k/Misc/NEWS	(original)
+++ python/branches/py3k/Misc/NEWS	Wed Nov 17 21:29:42 2010
@@ -13,6 +13,8 @@
 Library
 -------
 
+- Issue #10443: Add the SSLContext.set_default_verify_paths() method.
+
 - Issue #10440: Support RUSAGE_THREAD as a constant in the resource module.
   Patch by Robert Collins.
 

Modified: python/branches/py3k/Modules/_ssl.c
==============================================================================
--- python/branches/py3k/Modules/_ssl.c	(original)
+++ python/branches/py3k/Modules/_ssl.c	Wed Nov 17 21:29:42 2010
@@ -1783,6 +1783,16 @@
     return NULL;
 }
 
+static PyObject *
+set_default_verify_paths(PySSLContext *self, PyObject *unused)
+{
+    if (!SSL_CTX_set_default_verify_paths(self->ctx)) {
+        _setSSLError(NULL, 0, __FILE__, __LINE__);
+        return NULL;
+    }
+    Py_RETURN_NONE;
+}
+
 static PyGetSetDef context_getsetlist[] = {
     {"options", (getter) get_options,
                 (setter) set_options, NULL},
@@ -1802,6 +1812,8 @@
                               METH_VARARGS | METH_KEYWORDS, NULL},
     {"session_stats", (PyCFunction) session_stats,
                       METH_NOARGS, NULL},
+    {"set_default_verify_paths", (PyCFunction) set_default_verify_paths,
+                                 METH_NOARGS, NULL},
     {NULL, NULL}        /* sentinel */
 };

More information about the Python-checkins mailing list