[PYTHON-CRYPTO] SSL.Context.load_verify_locations

Thomas D. Uram turam at MCS.ANL.GOV
Thu Jun 9 04:53:38 CEST 2005


On 06/08/05 21:29, Heikki Toivonen wrote:
> Thomas D. Uram wrote:
> 
>>I have two problems with SSL.Context.load_verify_locations:
>>
>>- OpenSSL regards each of the args cafile and capath as optional, but m2crypto requires
>>the cafile arg to be present (via an assertion).  Is there a reason for this?
> 
> 
> I don't know, but I think that assertion is actually bogus. I think it
> would make more sense to enable the commented out assertion above.

I agree; that's what I've done locally.

> 
> I don't see why you would want to call this with both cafile and capath
> as None. In that case the underlying OpenSSL function returns 0 (for
> failure).

I was unclear.  I want to call with only the capath keyword arg.

> 
> 
>>- Since these are string args, SWIG requires that they be so, and doesn't allow None to be
>>passed in (for mapping to NULL in the C code).  A SWIG typemap to map from Py_None to NULL
>>for 'char *' args would do the trick (and, in fact, seems like the right thing for SWIG to
>>do in general).  Is there another way round this problem?
> 
> 
> I think you are mistaken. When I comment out the assert I can call the
> method with both capath and cafile as None and it will work as expected
> (returns 0).

Strange.  I'm using m2crypto-0.13, and I get this:

Traceback (most recent call last):
  File "echod-iterative.py", line 26, in ?
    capath='/home/turam/.AccessGrid/Config/trustedCACerts')
  File "/home/turam/lib/python2.3/site-packages/M2Crypto/SSL/Context.py", line 115, in
load_verify_locations
    return m2.ssl_ctx_load_verify_locations(self.ctx, cafile, capath or '')
TypeError: ssl_ctx_load_verify_locations() argument 2 must be string, not None

Are you using 0.13?  Should I be working from CVS?

> 
> 
> So, do you want me to take out the assert, or re-enable the assert above
> when both of these are None?

I think re-enabling the cafile/capath assertion makes the most sense.

Tom





More information about the python-crypto mailing list