[Python-checkins] [2.7] bpo-38338, test.pythoninfo: add more ssl infos (GH-16543)
Victor Stinner
webhook-mailer at python.org
Wed Oct 2 12:36:40 EDT 2019
https://github.com/python/cpython/commit/403ca7ea70232e520af18511fbfb89b58ef2a046
commit: 403ca7ea70232e520af18511fbfb89b58ef2a046
branch: 2.7
author: Victor Stinner <vstinner at redhat.com>
committer: GitHub <noreply at github.com>
date: 2019-10-02T18:36:32+02:00
summary:
[2.7] bpo-38338, test.pythoninfo: add more ssl infos (GH-16543)
test.pythoninfo now logs environment variables used by OpenSSL and
Python ssl modules, and logs attributes of 3 SSL contexts
(SSLContext, default HTTPS context, stdlib context).
(cherry picked from commit 1df1c2f8df53d005ff47af81aa02c58752b84e20)
files:
M Lib/test/pythoninfo.py
diff --git a/Lib/test/pythoninfo.py b/Lib/test/pythoninfo.py
index a6983ba021c67..12de99b09d5e2 100644
--- a/Lib/test/pythoninfo.py
+++ b/Lib/test/pythoninfo.py
@@ -439,10 +439,15 @@ def collect_sysconfig(info_add):
def collect_ssl(info_add):
+ import os
try:
import ssl
except ImportError:
return
+ try:
+ import _ssl
+ except ImportError:
+ _ssl = None
def format_attr(attr, value):
if attr.startswith('OP_'):
@@ -459,6 +464,61 @@ def format_attr(attr, value):
)
copy_attributes(info_add, ssl, 'ssl.%s', attributes, formatter=format_attr)
+ options_names = []
+ protocol_names = {}
+ verify_modes = {}
+ for name in dir(ssl):
+ if name.startswith('OP_'):
+ options_names.append((name, getattr(ssl, name)))
+ elif name.startswith('PROTOCOL_'):
+ protocol_names[getattr(ssl, name)] = name
+ elif name.startswith('CERT_'):
+ verify_modes[getattr(ssl, name)] = name
+ options_names.sort(key=lambda item: item[1], reverse=True)
+
+ def formatter(attr_name, value):
+ if attr_name == 'options':
+ options_text = []
+ for opt_name, opt_value in options_names:
+ if value & opt_value:
+ options_text.append(opt_name)
+ value &= ~opt_value
+ if value:
+ options_text.append(str(value))
+ return '|' .join(options_text)
+ elif attr_name == 'verify_mode':
+ return verify_modes.get(value, value)
+ elif attr_name == 'protocol':
+ return protocol_names.get(value, value)
+ else:
+ return value
+
+ for name, ctx in (
+ ('SSLContext(PROTOCOL_TLS)', ssl.SSLContext(ssl.PROTOCOL_TLS)),
+ ('default_https_context', ssl._create_default_https_context()),
+ ('stdlib_context', ssl._create_stdlib_context()),
+ ):
+ attributes = (
+ 'minimum_version',
+ 'maximum_version',
+ 'protocol',
+ 'options',
+ 'verify_mode',
+ )
+ copy_attributes(info_add, ctx, 'ssl.%s.%%s' % name, attributes, formatter=formatter)
+
+ env_names = ["OPENSSL_CONF", "SSLKEYLOGFILE"]
+ if _ssl is not None and hasattr(_ssl, 'get_default_verify_paths'):
+ parts = _ssl.get_default_verify_paths()
+ env_names.extend((parts[0], parts[2]))
+
+ for name in env_names:
+ try:
+ value = os.environ[name]
+ except KeyError:
+ continue
+ info_add('ssl.environ[%s]' % name, value)
+
def collect_socket(info_add):
import socket
More information about the Python-checkins
mailing list