You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
2.8 KiB
92 lines
2.8 KiB
6 years ago
|
|
||
|
# HG changeset patch
|
||
|
# User Benjamin Peterson <benjamin@python.org>
|
||
|
# Date 1412221981 14400
|
||
|
# Node ID 1a36d4e8cf4edfdc4c7d59a40075b8cf00e3ad3c
|
||
|
# Parent 222e0faa5fa9567f657f13fc78a60069142e09ae
|
||
|
fix sslwrap_simple (closes #22523)
|
||
|
|
||
|
Thanks Alex Gaynor.
|
||
|
|
||
|
diff --git a/Lib/ssl.py b/Lib/ssl.py
|
||
|
--- a/Lib/ssl.py
|
||
|
+++ b/Lib/ssl.py
|
||
|
@@ -969,16 +969,16 @@ def get_protocol_name(protocol_code):
|
||
|
# a replacement for the old socket.ssl function
|
||
|
|
||
|
def sslwrap_simple(sock, keyfile=None, certfile=None):
|
||
|
-
|
||
|
"""A replacement for the old socket.ssl function. Designed
|
||
|
for compability with Python 2.5 and earlier. Will disappear in
|
||
|
Python 3.0."""
|
||
|
-
|
||
|
if hasattr(sock, "_sock"):
|
||
|
sock = sock._sock
|
||
|
|
||
|
- ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE,
|
||
|
- PROTOCOL_SSLv23, None)
|
||
|
+ ctx = SSLContext(PROTOCOL_SSLv23)
|
||
|
+ if keyfile or certfile:
|
||
|
+ ctx.load_cert_chain(certfile, keyfile)
|
||
|
+ ssl_sock = ctx._wrap_socket(sock, server_side=False)
|
||
|
try:
|
||
|
sock.getpeername()
|
||
|
except socket_error:
|
||
|
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
|
||
|
--- a/Lib/test/test_ssl.py
|
||
|
+++ b/Lib/test/test_ssl.py
|
||
|
@@ -94,6 +94,8 @@ class BasicTests(unittest.TestCase):
|
||
|
pass
|
||
|
else:
|
||
|
raise
|
||
|
+
|
||
|
+
|
||
|
def can_clear_options():
|
||
|
# 0.9.8m or higher
|
||
|
return ssl._OPENSSL_API_VERSION >= (0, 9, 8, 13, 15)
|
||
|
@@ -2944,7 +2946,7 @@ def test_main(verbose=False):
|
||
|
if not os.path.exists(filename):
|
||
|
raise support.TestFailed("Can't read certificate file %r" % filename)
|
||
|
|
||
|
- tests = [ContextTests, BasicSocketTests, SSLErrorTests]
|
||
|
+ tests = [ContextTests, BasicTests, BasicSocketTests, SSLErrorTests]
|
||
|
|
||
|
if support.is_resource_enabled('network'):
|
||
|
tests.append(NetworkedTests)
|
||
|
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
|
||
|
--- a/Modules/_ssl.c
|
||
|
+++ b/Modules/_ssl.c
|
||
|
@@ -517,10 +517,12 @@ newPySSLSocket(PySSLContext *sslctx, PyS
|
||
|
self->socket_type = socket_type;
|
||
|
self->Socket = sock;
|
||
|
Py_INCREF(self->Socket);
|
||
|
- self->ssl_sock = PyWeakref_NewRef(ssl_sock, NULL);
|
||
|
- if (self->ssl_sock == NULL) {
|
||
|
- Py_DECREF(self);
|
||
|
- return NULL;
|
||
|
+ if (ssl_sock != Py_None) {
|
||
|
+ self->ssl_sock = PyWeakref_NewRef(ssl_sock, NULL);
|
||
|
+ if (self->ssl_sock == NULL) {
|
||
|
+ Py_DECREF(self);
|
||
|
+ return NULL;
|
||
|
+ }
|
||
|
}
|
||
|
return self;
|
||
|
}
|
||
|
@@ -2931,8 +2933,12 @@ static int
|
||
|
|
||
|
ssl = SSL_get_app_data(s);
|
||
|
assert(PySSLSocket_Check(ssl));
|
||
|
- ssl_socket = PyWeakref_GetObject(ssl->ssl_sock);
|
||
|
- Py_INCREF(ssl_socket);
|
||
|
+ if (ssl->ssl_sock == NULL) {
|
||
|
+ ssl_socket = Py_None;
|
||
|
+ } else {
|
||
|
+ ssl_socket = PyWeakref_GetObject(ssl->ssl_sock);
|
||
|
+ Py_INCREF(ssl_socket);
|
||
|
+ }
|
||
|
if (ssl_socket == Py_None) {
|
||
|
goto error;
|
||
|
}
|
||
|
|