Issue #10443: Add the SSLContext.set_default_verify_paths() method.

2010-11-17 20:29:42 +00:00 · 2010-11-17 20:29:42 +00:00 · 664c2d1fc0
parent b6d4ee5361
commit 664c2d1fc0
4 changed files with 29 additions and 0 deletions
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@ -536,6 +536,15 @@ to speed up repeated connections from the same clients.
   following an `OpenSSL specific layout
   <http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>`_.

+.. method:: SSLContext.set_default_verify_paths()
+
+   Load a set of default "certification authority" (CA) certificates from
+   a filesystem path defined when building the OpenSSL library.  Unfortunately,
+   there's no easy way to know whether this method succeeds: no error is
+   returned if no certificates are to be found.  When the OpenSSL library is
+   provided as part of the operating system, though, it is likely to be
+   configured properly.
+
 .. method:: SSLContext.set_ciphers(ciphers)

   Set the available ciphers for sockets created with this context.
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -412,6 +412,12 @@ class ContextTests(unittest.TestCase):
                'cache_full': 0,
            })

+    def test_set_default_verify_paths(self):
+        # There's not much we can do to test that it acts as expected,
+        # so just check it doesn't crash or raise an exception.
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        ctx.set_default_verify_paths()
+

 class NetworkedTests(unittest.TestCase):

--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -13,6 +13,8 @@ Core and Builtins
 Library
 -------

+- Issue #10443: Add the SSLContext.set_default_verify_paths() method.
+
 - Issue #10440: Support RUSAGE_THREAD as a constant in the resource module.
  Patch by Robert Collins.

--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@ -1783,6 +1783,16 @@ error:
    return NULL;
 }

+static PyObject *
+set_default_verify_paths(PySSLContext *self, PyObject *unused)
+{
+    if (!SSL_CTX_set_default_verify_paths(self->ctx)) {
+        _setSSLError(NULL, 0, __FILE__, __LINE__);
+        return NULL;
+    }
+    Py_RETURN_NONE;
+}
+
 static PyGetSetDef context_getsetlist[] = {
    {"options", (getter) get_options,
                (setter) set_options, NULL},
@ -1802,6 +1812,8 @@ static struct PyMethodDef context_methods[] = {
                              METH_VARARGS | METH_KEYWORDS, NULL},
    {"session_stats", (PyCFunction) session_stats,
                      METH_NOARGS, NULL},
+    {"set_default_verify_paths", (PyCFunction) set_default_verify_paths,
+                                 METH_NOARGS, NULL},
    {NULL, NULL}        /* sentinel */
 };