|
 |
f63228 |
diff -up Python-2.7.5/Modules/_ssl.c.none Python-2.7.5/Modules/_ssl.c
|
|
|
f63228 |
--- Python-2.7.5/Modules/_ssl.c.none 2015-08-06 10:41:14.091782344 +0200
|
|
|
f63228 |
+++ Python-2.7.5/Modules/_ssl.c 2015-08-06 11:02:49.010193679 +0200
|
|
|
f63228 |
@@ -472,7 +472,7 @@ static PyObject *
|
|
|
f63228 |
context_new_args(PyTypeObject *type, int proto_version);
|
|
|
f63228 |
|
|
|
f63228 |
static PyObject *
|
|
|
f63228 |
-load_cert_chain_args(PySSLContext *self, char *certfile_bytes, char *keyfile_bytes, PyObject *password);
|
|
|
f63228 |
+load_cert_chain_args(PySSLContext *self, char *certfile_bytes, PyObject *keyfile, PyObject *password);
|
|
|
f63228 |
|
|
|
f63228 |
static PyObject *
|
|
|
f63228 |
set_ciphers_args(PySSLContext *self, const char *cipherlist);
|
|
|
f63228 |
@@ -484,7 +484,7 @@ static int
|
|
|
f63228 |
set_verify_mode_args(PySSLContext *self, int n);
|
|
|
f63228 |
|
|
|
f63228 |
static PySSLObject *
|
|
|
f63228 |
-newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
|
|
|
f63228 |
+newPySSLObject(PySocketSockObject *Sock, PyObject *key_file, char *cert_file,
|
|
|
f63228 |
enum py_ssl_server_or_client socket_type,
|
|
|
f63228 |
enum py_ssl_cert_requirements certreq,
|
|
|
f63228 |
enum py_ssl_version proto_version,
|
|
|
f63228 |
@@ -512,7 +512,7 @@ newPySSLObject(PySocketSockObject *Sock,
|
|
|
f63228 |
ERR_clear_error();
|
|
|
f63228 |
|
|
|
f63228 |
if ((socket_type == PY_SSL_SERVER) &&
|
|
|
f63228 |
- ((key_file == NULL) || (cert_file == NULL))) {
|
|
|
f63228 |
+ ((key_file == Py_None) || (cert_file == NULL) || (key_file == NULL))) {
|
|
|
f63228 |
errstr = ERRSTR("Both the key & certificate files "
|
|
|
f63228 |
"must be specified for server-side operation");
|
|
|
f63228 |
goto fail;
|
|
|
f63228 |
@@ -680,7 +680,7 @@ PySSL_sslwrap(PyObject *self, PyObject *
|
|
|
f63228 |
int server_side = 0;
|
|
|
f63228 |
int verification_mode = PY_SSL_CERT_NONE;
|
|
|
f63228 |
int protocol = PY_SSL_VERSION_SSL23;
|
|
|
f63228 |
- char *key_file = NULL;
|
|
|
f63228 |
+ PyObject *key_file = NULL;
|
|
|
f63228 |
char *cert_file = NULL;
|
|
|
f63228 |
PyObject *cacerts_file;
|
|
|
f63228 |
const char *ciphers = NULL;
|
|
|
f63228 |
@@ -2660,22 +2660,39 @@ static PyObject *
|
|
|
f63228 |
load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
|
|
|
f63228 |
{
|
|
|
f63228 |
char *kwlist[] = {"certfile", "keyfile", "password", NULL};
|
|
|
f63228 |
- PyObject *password = NULL;
|
|
|
f63228 |
- char *certfile_bytes = NULL, *keyfile_bytes = NULL;
|
|
|
f63228 |
+ PyObject *password = NULL, *keyfile = NULL;
|
|
|
f63228 |
+ char *certfile_bytes = NULL;
|
|
|
f63228 |
|
|
|
f63228 |
errno = 0;
|
|
|
f63228 |
ERR_clear_error();
|
|
|
f63228 |
if (!PyArg_ParseTupleAndKeywords(args, kwds,
|
|
|
f63228 |
- "et|etO:load_cert_chain", kwlist,
|
|
|
f63228 |
+ "et|OO:load_cert_chain", kwlist,
|
|
|
f63228 |
Py_FileSystemDefaultEncoding, &certfile_bytes,
|
|
|
f63228 |
- Py_FileSystemDefaultEncoding, &keyfile_bytes,
|
|
|
f63228 |
- &password))
|
|
|
f63228 |
+ &keyfile, &password))
|
|
|
f63228 |
return NULL;
|
|
|
f63228 |
- return load_cert_chain_args(self, certfile_bytes, keyfile_bytes, password);
|
|
|
f63228 |
+ return load_cert_chain_args(self, certfile_bytes, keyfile, password);
|
|
|
f63228 |
}
|
|
|
f63228 |
|
|
|
f63228 |
static PyObject *
|
|
|
f63228 |
-load_cert_chain_args(PySSLContext *self, char *certfile_bytes, char *keyfile_bytes ,PyObject *password){
|
|
|
f63228 |
+load_cert_chain_args(PySSLContext *self, char *certfile_bytes, PyObject *keyfile ,PyObject *password){
|
|
|
f63228 |
+
|
|
|
f63228 |
+ PyObject *keyfile_bytes = NULL;
|
|
|
f63228 |
+
|
|
|
f63228 |
+ if (keyfile && keyfile != Py_None) {
|
|
|
f63228 |
+ if (PyString_Check(keyfile)) {
|
|
|
f63228 |
+ Py_INCREF(keyfile);
|
|
|
f63228 |
+ keyfile_bytes = keyfile;
|
|
|
f63228 |
+ } else {
|
|
|
f63228 |
+ PyObject *u = PyUnicode_FromObject(keyfile);
|
|
|
f63228 |
+ if (!u)
|
|
|
f63228 |
+ goto error;
|
|
|
f63228 |
+ keyfile_bytes = PyUnicode_AsEncodedString(
|
|
|
f63228 |
+ u, Py_FileSystemDefaultEncoding, NULL);
|
|
|
f63228 |
+ Py_DECREF(u);
|
|
|
f63228 |
+ if (!keyfile_bytes)
|
|
|
f63228 |
+ goto error;
|
|
|
f63228 |
+ }
|
|
|
f63228 |
+ }
|
|
|
f63228 |
|
|
|
f63228 |
pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback;
|
|
|
f63228 |
void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata;
|
|
|
f63228 |
@@ -2711,7 +2728,7 @@ load_cert_chain_args(PySSLContext *self,
|
|
|
f63228 |
}
|
|
|
f63228 |
PySSL_BEGIN_ALLOW_THREADS_S(pw_info.thread_state);
|
|
|
f63228 |
r = SSL_CTX_use_PrivateKey_file(self->ctx,
|
|
|
f63228 |
- keyfile_bytes ? keyfile_bytes : certfile_bytes,
|
|
|
f63228 |
+ keyfile_bytes ? PyBytes_AS_STRING(keyfile_bytes) : certfile_bytes,
|
|
|
f63228 |
SSL_FILETYPE_PEM);
|
|
|
f63228 |
PySSL_END_ALLOW_THREADS_S(pw_info.thread_state);
|
|
|
f63228 |
if (r != 1) {
|
|
|
f63228 |
@@ -2743,8 +2760,8 @@ load_cert_chain_args(PySSLContext *self,
|
|
|
f63228 |
error:
|
|
|
f63228 |
SSL_CTX_set_default_passwd_cb(self->ctx, orig_passwd_cb);
|
|
|
f63228 |
SSL_CTX_set_default_passwd_cb_userdata(self->ctx, orig_passwd_userdata);
|
|
|
f63228 |
+ Py_XDECREF(keyfile_bytes);
|
|
|
f63228 |
PyMem_Free(pw_info.password);
|
|
|
f63228 |
- PyMem_Free(keyfile_bytes);
|
|
|
f63228 |
PyMem_Free(certfile_bytes);
|
|
|
f63228 |
return NULL;
|
|
|
f63228 |
}
|