|
 |
057d67 |
|
|
|
057d67 |
# HG changeset patch
|
|
|
057d67 |
# User Benjamin Peterson <benjamin@python.org>
|
|
|
057d67 |
# Date 1412221981 14400
|
|
|
057d67 |
# Node ID 1a36d4e8cf4edfdc4c7d59a40075b8cf00e3ad3c
|
|
|
057d67 |
# Parent 222e0faa5fa9567f657f13fc78a60069142e09ae
|
|
|
057d67 |
fix sslwrap_simple (closes #22523)
|
|
|
057d67 |
|
|
|
057d67 |
Thanks Alex Gaynor.
|
|
|
057d67 |
|
|
|
057d67 |
diff --git a/Lib/ssl.py b/Lib/ssl.py
|
|
|
057d67 |
--- a/Lib/ssl.py
|
|
|
057d67 |
+++ b/Lib/ssl.py
|
|
|
057d67 |
@@ -969,16 +969,16 @@ def get_protocol_name(protocol_code):
|
|
|
057d67 |
# a replacement for the old socket.ssl function
|
|
|
057d67 |
|
|
|
057d67 |
def sslwrap_simple(sock, keyfile=None, certfile=None):
|
|
|
057d67 |
-
|
|
|
057d67 |
"""A replacement for the old socket.ssl function. Designed
|
|
|
057d67 |
for compability with Python 2.5 and earlier. Will disappear in
|
|
|
057d67 |
Python 3.0."""
|
|
|
057d67 |
-
|
|
|
057d67 |
if hasattr(sock, "_sock"):
|
|
|
057d67 |
sock = sock._sock
|
|
|
057d67 |
|
|
|
057d67 |
- ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE,
|
|
|
057d67 |
- PROTOCOL_SSLv23, None)
|
|
|
057d67 |
+ ctx = SSLContext(PROTOCOL_SSLv23)
|
|
|
057d67 |
+ if keyfile or certfile:
|
|
|
057d67 |
+ ctx.load_cert_chain(certfile, keyfile)
|
|
|
057d67 |
+ ssl_sock = ctx._wrap_socket(sock, server_side=False)
|
|
|
057d67 |
try:
|
|
|
057d67 |
sock.getpeername()
|
|
|
057d67 |
except socket_error:
|
|
|
057d67 |
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
|
|
|
057d67 |
--- a/Lib/test/test_ssl.py
|
|
|
057d67 |
+++ b/Lib/test/test_ssl.py
|
|
|
057d67 |
@@ -94,6 +94,8 @@ class BasicTests(unittest.TestCase):
|
|
|
057d67 |
pass
|
|
|
057d67 |
else:
|
|
|
057d67 |
raise
|
|
|
057d67 |
+
|
|
|
057d67 |
+
|
|
|
057d67 |
def can_clear_options():
|
|
|
057d67 |
# 0.9.8m or higher
|
|
|
057d67 |
return ssl._OPENSSL_API_VERSION >= (0, 9, 8, 13, 15)
|
|
|
057d67 |
@@ -2944,7 +2946,7 @@ def test_main(verbose=False):
|
|
|
057d67 |
if not os.path.exists(filename):
|
|
|
057d67 |
raise support.TestFailed("Can't read certificate file %r" % filename)
|
|
|
057d67 |
|
|
|
057d67 |
- tests = [ContextTests, BasicSocketTests, SSLErrorTests]
|
|
|
057d67 |
+ tests = [ContextTests, BasicTests, BasicSocketTests, SSLErrorTests]
|
|
|
057d67 |
|
|
|
057d67 |
if support.is_resource_enabled('network'):
|
|
|
057d67 |
tests.append(NetworkedTests)
|
|
|
057d67 |
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
|
|
|
057d67 |
--- a/Modules/_ssl.c
|
|
|
057d67 |
+++ b/Modules/_ssl.c
|
|
|
057d67 |
@@ -517,10 +517,12 @@ newPySSLSocket(PySSLContext *sslctx, PyS
|
|
|
057d67 |
self->socket_type = socket_type;
|
|
|
057d67 |
self->Socket = sock;
|
|
|
057d67 |
Py_INCREF(self->Socket);
|
|
|
057d67 |
- self->ssl_sock = PyWeakref_NewRef(ssl_sock, NULL);
|
|
|
057d67 |
- if (self->ssl_sock == NULL) {
|
|
|
057d67 |
- Py_DECREF(self);
|
|
|
057d67 |
- return NULL;
|
|
|
057d67 |
+ if (ssl_sock != Py_None) {
|
|
|
057d67 |
+ self->ssl_sock = PyWeakref_NewRef(ssl_sock, NULL);
|
|
|
057d67 |
+ if (self->ssl_sock == NULL) {
|
|
|
057d67 |
+ Py_DECREF(self);
|
|
|
057d67 |
+ return NULL;
|
|
|
057d67 |
+ }
|
|
|
057d67 |
}
|
|
|
057d67 |
return self;
|
|
|
057d67 |
}
|
|
|
057d67 |
@@ -2931,8 +2933,12 @@ static int
|
|
|
057d67 |
|
|
|
057d67 |
ssl = SSL_get_app_data(s);
|
|
|
057d67 |
assert(PySSLSocket_Check(ssl));
|
|
|
057d67 |
- ssl_socket = PyWeakref_GetObject(ssl->ssl_sock);
|
|
|
057d67 |
- Py_INCREF(ssl_socket);
|
|
|
057d67 |
+ if (ssl->ssl_sock == NULL) {
|
|
|
057d67 |
+ ssl_socket = Py_None;
|
|
|
057d67 |
+ } else {
|
|
|
057d67 |
+ ssl_socket = PyWeakref_GetObject(ssl->ssl_sock);
|
|
|
057d67 |
+ Py_INCREF(ssl_socket);
|
|
|
057d67 |
+ }
|
|
|
057d67 |
if (ssl_socket == Py_None) {
|
|
|
057d67 |
goto error;
|
|
|
057d67 |
}
|
|
|
057d67 |
|