Thomas D. Uram
turam at MCS.ANL.GOV
Thu Jun 9 04:53:38 CEST 2005
On 06/08/05 21:29, Heikki Toivonen wrote:
> Thomas D. Uram wrote:
>>I have two problems with SSL.Context.load_verify_locations:
>>- OpenSSL regards each of the args cafile and capath as optional, but m2crypto requires
>>the cafile arg to be present (via an assertion). Is there a reason for this?
> I don't know, but I think that assertion is actually bogus. I think it
> would make more sense to enable the commented out assertion above.
I agree; that's what I've done locally.
> I don't see why you would want to call this with both cafile and capath
> as None. In that case the underlying OpenSSL function returns 0 (for
I was unclear. I want to call with only the capath keyword arg.
>>- Since these are string args, SWIG requires that they be so, and doesn't allow None to be
>>passed in (for mapping to NULL in the C code). A SWIG typemap to map from Py_None to NULL
>>for 'char *' args would do the trick (and, in fact, seems like the right thing for SWIG to
>>do in general). Is there another way round this problem?
> I think you are mistaken. When I comment out the assert I can call the
> method with both capath and cafile as None and it will work as expected
> (returns 0).
Strange. I'm using m2crypto-0.13, and I get this:
Traceback (most recent call last):
File "echod-iterative.py", line 26, in ?
File "/home/turam/lib/python2.3/site-packages/M2Crypto/SSL/Context.py", line 115, in
return m2.ssl_ctx_load_verify_locations(self.ctx, cafile, capath or '')
TypeError: ssl_ctx_load_verify_locations() argument 2 must be string, not None
Are you using 0.13? Should I be working from CVS?
> So, do you want me to take out the assert, or re-enable the assert above
> when both of these are None?
I think re-enabling the cafile/capath assertion makes the most sense.
More information about the python-crypto