|
|
ae2451 |
From c1f4979e7019f6c1ce9e5a02c2e3f8ca146645bc Mon Sep 17 00:00:00 2001
|
|
|
ae2451 |
From: Charalampos Stratakis <cstratak@redhat.com>
|
|
|
ae2451 |
Date: Mon, 11 Jul 2016 14:20:01 +0200
|
|
|
ae2451 |
Subject: [PATCH] Allow the keyfile argument of SSLContext.load_cert_chain to
|
|
|
ae2451 |
be set to None
|
|
|
ae2451 |
|
|
|
ae2451 |
---
|
|
|
ae2451 |
Modules/_ssl.c | 30 +++++++++++++++++++++++-------
|
|
|
ae2451 |
1 file changed, 23 insertions(+), 7 deletions(-)
|
|
|
ae2451 |
|
|
|
ae2451 |
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
|
|
|
ae2451 |
index 38eba1d..1786afd 100644
|
|
|
ae2451 |
--- a/Modules/_ssl.c
|
|
|
ae2451 |
+++ b/Modules/_ssl.c
|
|
|
ae2451 |
@@ -2445,8 +2445,8 @@ static PyObject *
|
|
|
ae2451 |
load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
|
|
|
ae2451 |
{
|
|
|
ae2451 |
char *kwlist[] = {"certfile", "keyfile", "password", NULL};
|
|
|
ae2451 |
- PyObject *password = NULL;
|
|
|
ae2451 |
- char *certfile_bytes = NULL, *keyfile_bytes = NULL;
|
|
|
ae2451 |
+ PyObject *keyfile = NULL, *keyfile_bytes = NULL, *password = NULL;
|
|
|
ae2451 |
+ char *certfile_bytes = NULL;
|
|
|
ae2451 |
pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback;
|
|
|
ae2451 |
void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata;
|
|
|
ae2451 |
_PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 };
|
|
|
ae2451 |
@@ -2455,11 +2455,27 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
|
|
|
ae2451 |
errno = 0;
|
|
|
ae2451 |
ERR_clear_error();
|
|
|
ae2451 |
if (!PyArg_ParseTupleAndKeywords(args, kwds,
|
|
|
ae2451 |
- "et|etO:load_cert_chain", kwlist,
|
|
|
ae2451 |
+ "et|OO:load_cert_chain", kwlist,
|
|
|
ae2451 |
Py_FileSystemDefaultEncoding, &certfile_bytes,
|
|
|
ae2451 |
- Py_FileSystemDefaultEncoding, &keyfile_bytes,
|
|
|
ae2451 |
- &password))
|
|
|
ae2451 |
+ &keyfile, &password))
|
|
|
ae2451 |
return NULL;
|
|
|
ae2451 |
+
|
|
|
ae2451 |
+ if (keyfile && keyfile != Py_None) {
|
|
|
ae2451 |
+ if (PyString_Check(keyfile)) {
|
|
|
ae2451 |
+ Py_INCREF(keyfile);
|
|
|
ae2451 |
+ keyfile_bytes = keyfile;
|
|
|
ae2451 |
+ } else {
|
|
|
ae2451 |
+ PyObject *u = PyUnicode_FromObject(keyfile);
|
|
|
ae2451 |
+ if (!u)
|
|
|
ae2451 |
+ goto error;
|
|
|
ae2451 |
+ keyfile_bytes = PyUnicode_AsEncodedString(
|
|
|
ae2451 |
+ u, Py_FileSystemDefaultEncoding, NULL);
|
|
|
ae2451 |
+ Py_DECREF(u);
|
|
|
ae2451 |
+ if (!keyfile_bytes)
|
|
|
ae2451 |
+ goto error;
|
|
|
ae2451 |
+ }
|
|
|
ae2451 |
+ }
|
|
|
ae2451 |
+
|
|
|
ae2451 |
if (password && password != Py_None) {
|
|
|
ae2451 |
if (PyCallable_Check(password)) {
|
|
|
ae2451 |
pw_info.callable = password;
|
|
|
ae2451 |
@@ -2489,7 +2505,7 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
|
|
|
ae2451 |
}
|
|
|
ae2451 |
PySSL_BEGIN_ALLOW_THREADS_S(pw_info.thread_state);
|
|
|
ae2451 |
r = SSL_CTX_use_PrivateKey_file(self->ctx,
|
|
|
ae2451 |
- keyfile_bytes ? keyfile_bytes : certfile_bytes,
|
|
|
ae2451 |
+ keyfile_bytes ? PyBytes_AS_STRING(keyfile_bytes) : certfile_bytes,
|
|
|
ae2451 |
SSL_FILETYPE_PEM);
|
|
|
ae2451 |
PySSL_END_ALLOW_THREADS_S(pw_info.thread_state);
|
|
|
ae2451 |
if (r != 1) {
|
|
|
ae2451 |
@@ -2521,8 +2537,8 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
|
|
|
ae2451 |
error:
|
|
|
ae2451 |
SSL_CTX_set_default_passwd_cb(self->ctx, orig_passwd_cb);
|
|
|
ae2451 |
SSL_CTX_set_default_passwd_cb_userdata(self->ctx, orig_passwd_userdata);
|
|
|
ae2451 |
+ Py_XDECREF(keyfile_bytes);
|
|
|
ae2451 |
PyMem_Free(pw_info.password);
|
|
|
ae2451 |
- PyMem_Free(keyfile_bytes);
|
|
|
ae2451 |
PyMem_Free(certfile_bytes);
|
|
|
ae2451 |
return NULL;
|
|
|
ae2451 |
}
|
|
|
ae2451 |
--
|
|
|
ae2451 |
2.7.4
|
|
|
ae2451 |
|