An interpreted, interactive, object-oriented programming language
CentOS Sources
2016-11-03 04a68005eb0951d26178e5ef3bd0bf3e3b3bcffd
commit | author | age
04a680 1 From c1f4979e7019f6c1ce9e5a02c2e3f8ca146645bc Mon Sep 17 00:00:00 2001
CS 2 From: Charalampos Stratakis <cstratak@redhat.com>
3 Date: Mon, 11 Jul 2016 14:20:01 +0200
4 Subject: [PATCH] Allow the keyfile argument of SSLContext.load_cert_chain to
5  be set to None
6
7 ---
8  Modules/_ssl.c | 30 +++++++++++++++++++++++-------
9  1 file changed, 23 insertions(+), 7 deletions(-)
10
11 diff --git a/Modules/_ssl.c b/Modules/_ssl.c
12 index 38eba1d..1786afd 100644
13 --- a/Modules/_ssl.c
14 +++ b/Modules/_ssl.c
15 @@ -2445,8 +2445,8 @@ static PyObject *
f63228 16  load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
CS 17  {
18      char *kwlist[] = {"certfile", "keyfile", "password", NULL};
19 -    PyObject *password = NULL;
20 -    char *certfile_bytes = NULL, *keyfile_bytes = NULL;
04a680 21 +    PyObject *keyfile = NULL, *keyfile_bytes = NULL, *password = NULL;
f63228 22 +    char *certfile_bytes = NULL;
04a680 23      pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback;
CS 24      void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata;
25      _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 };
26 @@ -2455,11 +2455,27 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
f63228 27      errno = 0;
CS 28      ERR_clear_error();
29      if (!PyArg_ParseTupleAndKeywords(args, kwds,
30 -            "et|etO:load_cert_chain", kwlist,
31 +            "et|OO:load_cert_chain", kwlist,
32              Py_FileSystemDefaultEncoding, &certfile_bytes,
33 -            Py_FileSystemDefaultEncoding, &keyfile_bytes,
34 -            &password))
35 +            &keyfile, &password))
36          return NULL;
37 +
38 +    if (keyfile && keyfile != Py_None) {
39 +        if (PyString_Check(keyfile)) {
40 +            Py_INCREF(keyfile);
41 +            keyfile_bytes = keyfile;
42 +        } else {
43 +            PyObject *u = PyUnicode_FromObject(keyfile);
44 +            if (!u)
45 +                goto error;
46 +            keyfile_bytes = PyUnicode_AsEncodedString(
47 +                u, Py_FileSystemDefaultEncoding, NULL);
48 +            Py_DECREF(u);
49 +            if (!keyfile_bytes)
50 +                goto error;
51 +        }
52 +    }
04a680 53 +
CS 54      if (password && password != Py_None) {
55          if (PyCallable_Check(password)) {
56              pw_info.callable = password;
57 @@ -2489,7 +2505,7 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
f63228 58      }
CS 59      PySSL_BEGIN_ALLOW_THREADS_S(pw_info.thread_state);
60      r = SSL_CTX_use_PrivateKey_file(self->ctx,
61 -        keyfile_bytes ? keyfile_bytes : certfile_bytes,
62 +        keyfile_bytes ? PyBytes_AS_STRING(keyfile_bytes) : certfile_bytes,
63          SSL_FILETYPE_PEM);
64      PySSL_END_ALLOW_THREADS_S(pw_info.thread_state);
65      if (r != 1) {
04a680 66 @@ -2521,8 +2537,8 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
f63228 67  error:
CS 68      SSL_CTX_set_default_passwd_cb(self->ctx, orig_passwd_cb);
69      SSL_CTX_set_default_passwd_cb_userdata(self->ctx, orig_passwd_userdata);
70 +    Py_XDECREF(keyfile_bytes);
71      PyMem_Free(pw_info.password);
72 -    PyMem_Free(keyfile_bytes);
73      PyMem_Free(certfile_bytes);
74      return NULL;
75  }
04a680 76 -- 
CS 77 2.7.4
78