Message175691
| Author |
kristjan.jonsson |
| Recipients |
kristjan.jonsson |
| Date |
2012年11月16日.15:10:11 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1353078615.85.0.973290481578.issue16487@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
The _ssl module (and indeed the openssl lib) relies heaviliy on actual filesystem locations to load certificates. A client or a server may not want to rely on physical filesystem locations to load certificates for authentication or verification. Physical disc files are cumbersome and present a management burden in the presence of multiple processes.
This patch adds extensions to the _ssl.c file which allows certificates, keys and certification chains to be provided by file contents, rather than file name.
The ctx.load_cert_chain and ctx.load_verify_locations take additional arguments to specify the data on this form.
the ssl.wrap_socket does not add arguments, rather the function is polymorphic in that the conents of the certfil/keyfile are examined and treated as file-data if beginning with -----BEGIN. the ca_certs is similarly treated as a list of file contents, if it is a list, (rather than a string)
This patch is the result of work at CCP for deploying ssl clients and servers in an isolated environment without having to resort to temporary disk files. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2012年11月16日 15:10:16 | kristjan.jonsson | set | recipients:
+ kristjan.jonsson |
| 2012年11月16日 15:10:15 | kristjan.jonsson | set | messageid: <1353078615.85.0.973290481578.issue16487@psf.upfronthosting.co.za> |
| 2012年11月16日 15:10:15 | kristjan.jonsson | link | issue16487 messages |
| 2012年11月16日 15:10:15 | kristjan.jonsson | create |
|