[Python-checkins] bpo-38338, test.pythoninfo: add more ssl infos (GH-16539)

Miss Islington (bot) webhook-mailer at python.org
Wed Oct 2 12:15:01 EDT 2019


https://github.com/python/cpython/commit/ab98cd8aee5a5a7222b82ff13d61f0d33e72a889
commit: ab98cd8aee5a5a7222b82ff13d61f0d33e72a889
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2019-10-02T09:14:57-07:00
summary:

bpo-38338, test.pythoninfo: add more ssl infos (GH-16539)


test.pythoninfo now logs environment variables used by OpenSSL and
Python ssl modules, and logs attributes of 3 SSL contexts
(SSLContext, default HTTPS context, stdlib context).
(cherry picked from commit b3e7045f8314e7b62cd95861d207fe2f97e47198)

Co-authored-by: Victor Stinner <vstinner at python.org>

files:
M Lib/test/pythoninfo.py

diff --git a/Lib/test/pythoninfo.py b/Lib/test/pythoninfo.py
index 580956633f4d4..9a9d26dca490c 100644
--- a/Lib/test/pythoninfo.py
+++ b/Lib/test/pythoninfo.py
@@ -439,10 +439,15 @@ def collect_sysconfig(info_add):
 
 
 def collect_ssl(info_add):
+    import os
     try:
         import ssl
     except ImportError:
         return
+    try:
+        import _ssl
+    except ImportError:
+        _ssl = None
 
     def format_attr(attr, value):
         if attr.startswith('OP_'):
@@ -459,6 +464,32 @@ def format_attr(attr, value):
     )
     copy_attributes(info_add, ssl, 'ssl.%s', attributes, formatter=format_attr)
 
+    for name, ctx in (
+        ('SSLContext', ssl.SSLContext()),
+        ('default_https_context', ssl._create_default_https_context()),
+        ('stdlib_context', ssl._create_stdlib_context()),
+    ):
+        attributes = (
+            'minimum_version',
+            'maximum_version',
+            'protocol',
+            'options',
+            'verify_mode',
+        )
+        copy_attributes(info_add, ctx, f'ssl.{name}.%s', attributes)
+
+    env_names = ["OPENSSL_CONF", "SSLKEYLOGFILE"]
+    if _ssl is not None and hasattr(_ssl, 'get_default_verify_paths'):
+        parts = _ssl.get_default_verify_paths()
+        env_names.extend((parts[0], parts[2]))
+
+    for name in env_names:
+        try:
+            value = os.environ[name]
+        except KeyError:
+            continue
+        info_add('ssl.environ[%s]' % name, value)
+
 
 def collect_socket(info_add):
     import socket



More information about the Python-checkins mailing list