[Python-checkins] bpo-25404: SSLContext.load_dh_params() non-ASCII path (GH-3459)

Christian Heimes webhook-mailer at python.org
Sun Feb 25 03:48:04 EST 2018 

https://github.com/python/cpython/commit/6e8f395001b026daea047cf225dcca5a973ae824
commit: 6e8f395001b026daea047cf225dcca5a973ae824
branch: 2.7
author: Christian Heimes <christian at python.org>
committer: GitHub <noreply at github.com>
date: 2018-02-25T09:48:02+01:00
summary:

bpo-25404: SSLContext.load_dh_params() non-ASCII path (GH-3459)

SSLContext.load_dh_params() now supports non-ASCII path.

Signed-off-by: Christian Heimes <christian at python.org>

files:
A Misc/NEWS.d/next/Library/2017-09-08-11-04-10.bpo-25404.pXetCl.rst
M Lib/test/test_ssl.py
M Modules/_ssl.c

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index f172520011f4..b59fe73f04c7 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -14,7 +14,7 @@
 import os
 import errno
 import pprint
-import tempfile
+import shutil
 import urllib2
 import traceback
 import weakref
@@ -1000,6 +1000,10 @@ def test_load_dh_params(self):
         self.assertEqual(cm.exception.errno, errno.ENOENT)
         with self.assertRaises(ssl.SSLError) as cm:
             ctx.load_dh_params(CERTFILE)
+        with support.temp_dir() as d:
+            fname = os.path.join(d, u'dhpäräm.pem')
+            shutil.copy(DHFILE, fname)
+            ctx.load_dh_params(fname)
 
     @skip_if_broken_ubuntu_ssl
     def test_session_stats(self):
diff --git a/Misc/NEWS.d/next/Library/2017-09-08-11-04-10.bpo-25404.pXetCl.rst b/Misc/NEWS.d/next/Library/2017-09-08-11-04-10.bpo-25404.pXetCl.rst
new file mode 100644
index 000000000000..f816d7a0e874
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2017-09-08-11-04-10.bpo-25404.pXetCl.rst
@@ -0,0 +1 @@
+SSLContext.load_dh_params() now supports non-ASCII path.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index f70af266731a..ec61a700b042 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2983,13 +2983,25 @@ load_dh_params(PySSLContext *self, PyObject *filepath)
 {
     BIO *bio;
     DH *dh;
-    char *path = PyBytes_AsString(filepath);
-    if (!path) {
-        return NULL;
+    PyObject *filepath_bytes = NULL;
+
+    if (PyString_Check(filepath)) {
+        Py_INCREF(filepath);
+        filepath_bytes = filepath;
+    } else {
+        PyObject *u = PyUnicode_FromObject(filepath);
+        if (!u)
+            return NULL;
+        filepath_bytes = PyUnicode_AsEncodedString(
+            u, Py_FileSystemDefaultEncoding, NULL);
+        Py_DECREF(u);
+        if (!filepath_bytes)
+            return NULL;
     }
 
-    bio = BIO_new_file(path, "r");
+    bio = BIO_new_file(PyBytes_AS_STRING(filepath_bytes), "r");
     if (bio == NULL) {
+        Py_DECREF(filepath_bytes);
         ERR_clear_error();
         PyErr_SetFromErrnoWithFilenameObject(PyExc_IOError, filepath);
         return NULL;
@@ -2998,6 +3010,7 @@ load_dh_params(PySSLContext *self, PyObject *filepath)
     PySSL_BEGIN_ALLOW_THREADS
     dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
     BIO_free(bio);
+    Py_DECREF(filepath_bytes);
     PySSL_END_ALLOW_THREADS
     if (dh == NULL) {
         if (errno != 0) {

More information about the Python-checkins mailing list