fix sslwrap_simple (closes #22523)

Thanks Alex Gaynor.

fix sslwrap_simple (closes #22523)
Thanks Alex Gaynor.
2f33456e · Benjamin Peterson · 0d377b37 · 2f33456e · 2f33456e · 2f33456e
Commit 2f33456e authored Oct 01, 2014 by Benjamin Peterson
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 11 deletions

Lib/ssl.py Lib/ssl.py +4 -4

Lib/test/test_ssl.py Lib/test/test_ssl.py +3 -1

Modules/_ssl.c Modules/_ssl.c +12 -6

No files found.
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -969,16 +969,16 @@ def get_protocol_name(protocol_code):
 # a replacement for the old socket.ssl function
 def sslwrap_simple(sock, keyfile=None, certfile=None):
    """A replacement for the old socket.ssl function.  Designed
    for compability with Python 2.5 and earlier.  Will disappear in
    Python 3.0."""
    if hasattr(sock, "_sock"):
        sock = sock._sock
-    ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE,
+    ctx = SSLContext(PROTOCOL_SSLv23)
-                            PROTOCOL_SSLv23, None)
+    if keyfile or certfile:
+        ctx.load_cert_chain(certfile, keyfile)
+    ssl_sock = ctx._wrap_socket(sock, server_side=False)
    try:
        sock.getpeername()
    except socket_error:

--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -94,6 +94,8 @@ class BasicTests(unittest.TestCase):
                pass
            else:
                raise
 def can_clear_options():
    # 0.9.8m or higher
    return ssl._OPENSSL_API_VERSION >= (0, 9, 8, 13, 15)
@@ -2944,7 +2946,7 @@ def test_main(verbose=False):
        if not os.path.exists(filename):
            raise support.TestFailed("Can't read certificate file %r" % filename)
-    tests = [ContextTests, BasicSocketTests, SSLErrorTests]
+    tests = [ContextTests, BasicTests, BasicSocketTests, SSLErrorTests]
    if support.is_resource_enabled('network'):
        tests.append(NetworkedTests)

--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -517,10 +517,12 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock,
    self->socket_type = socket_type;
    self->Socket = sock;
    Py_INCREF(self->Socket);
-    self->ssl_sock = PyWeakref_NewRef(ssl_sock, NULL);
+    if (ssl_sock != Py_None) {
-    if (self->ssl_sock == NULL) {
+        self->ssl_sock = PyWeakref_NewRef(ssl_sock, NULL);
-        Py_DECREF(self);
+        if (self->ssl_sock == NULL) {
-        return NULL;
+            Py_DECREF(self);
+            return NULL;
+        }
    }
    return self;
 }
@@ -2931,8 +2933,12 @@ _servername_callback(SSL *s, int *al, void *args)
    ssl = SSL_get_app_data(s);
    assert(PySSLSocket_Check(ssl));
-    ssl_socket = PyWeakref_GetObject(ssl->ssl_sock);
+    if (ssl->ssl_sock == NULL) {
-    Py_INCREF(ssl_socket);
+        ssl_socket = Py_None;
+    } else {
+        ssl_socket = PyWeakref_GetObject(ssl->ssl_sock);
+        Py_INCREF(ssl_socket);
+    }
    if (ssl_socket == Py_None) {
        goto error;
    }