bpo-38338, test.pythoninfo: add more ssl infos (GH-16539)

test.pythoninfo now logs environment variables used by OpenSSL and Python ssl modules, and logs attributes of 3 SSL contexts (SSLContext, default HTTPS context, stdlib context). (cherry picked from commit b3e7045f83) Co-authored-by: Victor Stinner <vstinner@python.org>
2019-10-02 09:52:50 -07:00 · 2019-10-02 09:52:50 -07:00 · 183733dfb6
parent a72de93388
commit 183733dfb6
1 changed files with 31 additions and 0 deletions
--- a/Lib/test/pythoninfo.py
+++ b/Lib/test/pythoninfo.py
@ -470,10 +470,15 @@ def collect_sysconfig(info_add):


 def collect_ssl(info_add):
+    import os
    try:
        import ssl
    except ImportError:
        return
+    try:
+        import _ssl
+    except ImportError:
+        _ssl = None

    def format_attr(attr, value):
        if attr.startswith('OP_'):
@ -490,6 +495,32 @@ def collect_ssl(info_add):
    )
    copy_attributes(info_add, ssl, 'ssl.%s', attributes, formatter=format_attr)

+    for name, ctx in (
+        ('SSLContext', ssl.SSLContext()),
+        ('default_https_context', ssl._create_default_https_context()),
+        ('stdlib_context', ssl._create_stdlib_context()),
+    ):
+        attributes = (
+            'minimum_version',
+            'maximum_version',
+            'protocol',
+            'options',
+            'verify_mode',
+        )
+        copy_attributes(info_add, ctx, f'ssl.{name}.%s', attributes)
+
+    env_names = ["OPENSSL_CONF", "SSLKEYLOGFILE"]
+    if _ssl is not None and hasattr(_ssl, 'get_default_verify_paths'):
+        parts = _ssl.get_default_verify_paths()
+        env_names.extend((parts[0], parts[2]))
+
+    for name in env_names:
+        try:
+            value = os.environ[name]
+        except KeyError:
+            continue
+        info_add('ssl.environ[%s]' % name, value)
+

 def collect_socket(info_add):
    import socket