[Python-checkins] cpython (2.7): allow keyfile argument to be None (closes #22787)

benjamin.peterson python-checkins at python.org
Tue Nov 4 03:12:17 CET 2014

• Previous message: [Python-checkins] cpython (3.4): test that keyfile can be None
• Next message: [Python-checkins] Daily reference leaks (205810ca5069): sum=3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

https://hg.python.org/cpython/rev/e54d0b197c82
changeset: 93379:e54d0b197c82
branch: 2.7
user: Benjamin Peterson <benjamin at python.org>
date: Mon Nov 03 21:12:05 2014 -0500
summary:
 allow keyfile argument to be None (closes #22787)
files:
 Misc/NEWS | 3 +++
 Modules/_ssl.c | 30 +++++++++++++++++++++++-------
 2 files changed, 26 insertions(+), 7 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -37,6 +37,9 @@
 Library
 -------
 
+- Issue #22787: Allow the keyfile argument of SSLContext.load_cert_chain to be
+ None.
+
 - Issue #22775: Fixed unpickling of Cookie.SimpleCookie with protocol 2.
 Patch by Tim Graham.
 
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2447,8 +2447,8 @@
 load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
 {
 char *kwlist[] = {"certfile", "keyfile", "password", NULL};
- PyObject *password = NULL;
- char *certfile_bytes = NULL, *keyfile_bytes = NULL;
+ PyObject *keyfile = NULL, *keyfile_bytes = NULL, *password = NULL;
+ char *certfile_bytes = NULL;
 pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback;
 void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata;
 _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 };
@@ -2457,11 +2457,27 @@
 errno = 0;
 ERR_clear_error();
 if (!PyArg_ParseTupleAndKeywords(args, kwds,
- "et|etO:load_cert_chain", kwlist,
+ "et|OO:load_cert_chain", kwlist,
 Py_FileSystemDefaultEncoding, &certfile_bytes,
- Py_FileSystemDefaultEncoding, &keyfile_bytes,
- &password))
+ &keyfile, &password))
 return NULL;
+
+ if (keyfile && keyfile != Py_None) {
+ if (PyString_Check(keyfile)) {
+ Py_INCREF(keyfile);
+ keyfile_bytes = keyfile;
+ } else {
+ PyObject *u = PyUnicode_FromObject(keyfile);
+ if (!u)
+ goto error;
+ keyfile_bytes = PyUnicode_AsEncodedString(
+ u, Py_FileSystemDefaultEncoding, NULL);
+ Py_DECREF(u);
+ if (!keyfile_bytes)
+ goto error;
+ }
+ }
+
 if (password && password != Py_None) {
 if (PyCallable_Check(password)) {
 pw_info.callable = password;
@@ -2491,7 +2507,7 @@
 }
 PySSL_BEGIN_ALLOW_THREADS_S(pw_info.thread_state);
 r = SSL_CTX_use_PrivateKey_file(self->ctx,
- keyfile_bytes ? keyfile_bytes : certfile_bytes,
+ keyfile_bytes ? PyBytes_AS_STRING(keyfile_bytes) : certfile_bytes,
 SSL_FILETYPE_PEM);
 PySSL_END_ALLOW_THREADS_S(pw_info.thread_state);
 if (r != 1) {
@@ -2523,8 +2539,8 @@
 error:
 SSL_CTX_set_default_passwd_cb(self->ctx, orig_passwd_cb);
 SSL_CTX_set_default_passwd_cb_userdata(self->ctx, orig_passwd_userdata);
+ Py_XDECREF(keyfile_bytes);
 PyMem_Free(pw_info.password);
- PyMem_Free(keyfile_bytes);
 PyMem_Free(certfile_bytes);
 return NULL;
 }
-- 
Repository URL: https://hg.python.org/cpython

---

• Previous message: [Python-checkins] cpython (3.4): test that keyfile can be None
• Next message: [Python-checkins] Daily reference leaks (205810ca5069): sum=3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list