Issue #10443: Add the SSLContext.set_default_verify_paths() method.

664c2d1f · Antoine Pitrou · b6d4ee53 · 664c2d1f · 664c2d1f · 664c2d1f
Commit 664c2d1f authored Nov 17, 2010 by Antoine Pitrou
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 0 deletions

Doc/library/ssl.rst Doc/library/ssl.rst +9 -0

Lib/test/test_ssl.py Lib/test/test_ssl.py +6 -0

Misc/NEWS Misc/NEWS +2 -0

Modules/_ssl.c Modules/_ssl.c +12 -0

No files found.
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -536,6 +536,15 @@ to speed up repeated connections from the same clients.
   following an `OpenSSL specific layout
   <http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>`_.
+.. method:: SSLContext.set_default_verify_paths()
+   Load a set of default "certification authority" (CA) certificates from
+   a filesystem path defined when building the OpenSSL library.  Unfortunately,
+   there's no easy way to know whether this method succeeds: no error is
+   returned if no certificates are to be found.  When the OpenSSL library is
+   provided as part of the operating system, though, it is likely to be
+   configured properly.
 .. method:: SSLContext.set_ciphers(ciphers)
   Set the available ciphers for sockets created with this context.

--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -412,6 +412,12 @@ class ContextTests(unittest.TestCase):
                'cache_full': 0,
            })
+    def test_set_default_verify_paths(self):
+        # There's not much we can do to test that it acts as expected,
+        # so just check it doesn't crash or raise an exception.
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        ctx.set_default_verify_paths()
 class NetworkedTests(unittest.TestCase):

--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,8 @@ Core and Builtins
 Library
 -------
+- Issue #10443: Add the SSLContext.set_default_verify_paths() method.
 - Issue #10440: Support RUSAGE_THREAD as a constant in the resource module.
  Patch by Robert Collins.

--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1783,6 +1783,16 @@ error:
    return NULL;
 }
+static PyObject *
+set_default_verify_paths(PySSLContext *self, PyObject *unused)
+{
+    if (!SSL_CTX_set_default_verify_paths(self->ctx)) {
+        _setSSLError(NULL, 0, __FILE__, __LINE__);
+        return NULL;
+    }
+    Py_RETURN_NONE;
+}
 static PyGetSetDef context_getsetlist[] = {
    {"options", (getter) get_options,
                (setter) set_options, NULL},
@@ -1802,6 +1812,8 @@ static struct PyMethodDef context_methods[] = {
                              METH_VARARGS | METH_KEYWORDS, NULL},
    {"session_stats", (PyCFunction) session_stats,
                      METH_NOARGS, NULL},
+    {"set_default_verify_paths", (PyCFunction) set_default_verify_paths,
+                                 METH_NOARGS, NULL},
    {NULL, NULL}        /* sentinel */
 };