Fix issue #9711: raise ValueError is SSLConnection constructor is invoked with keyfile and not certfile.

author: Giampaolo Rodolà <g.rodola@gmail.com> 2010-08-30 18:28:05 (GMT)
committer: Giampaolo Rodolà <g.rodola@gmail.com> 2010-08-30 18:28:05 (GMT)
commit: 8b7da623ceb1e37d757cef95204c2384e1044a44 (patch)
tree: d6d5ac714496dd1f7d8042d9a6c9f43a6e264cb5 /Lib
parent: 40d9a4e854d71a9c307f4f92a1e8336b4714a3c8 (diff)
download: cpython-8b7da623ceb1e37d757cef95204c2384e1044a44.zip
cpython-8b7da623ceb1e37d757cef95204c2384e1044a44.tar.gz
cpython-8b7da623ceb1e37d757cef95204c2384e1044a44.tar.bz2
2 files changed, 14 insertions, 7 deletions
diff --git a/Lib/ssl.py b/Lib/ssl.py
index a634442..e83d889 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -125,6 +125,8 @@ class SSLSocket(socket):
             if server_side and not certfile:
                 raise ValueError("certfile must be specified for server-side "
                                  "operations")
+            if keyfile and not certfile:
+                raise ValueError("certfile must be specified")
             if certfile and not keyfile:
                 keyfile = certfile
             self.context = SSLContext(ssl_version)
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index a3d1df1..8e38ae0 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -174,19 +174,24 @@ class BasicSocketTests(unittest.TestCase):
 
     def test_errors(self):
         sock = socket.socket()
-        with self.assertRaisesRegexp(ValueError, "certfile must be specified"):
-            ssl.wrap_socket(sock, server_side=True)
-            ssl.wrap_socket(sock, server_side=True, certfile="")
+        self.assertRaisesRegexp(ValueError,
+                        "certfile must be specified",
+                        ssl.wrap_socket, sock, keyfile=CERTFILE)
+        self.assertRaisesRegexp(ValueError,
+                        "certfile must be specified for server-side operations",
+                        ssl.wrap_socket, sock, server_side=True)
+        self.assertRaisesRegexp(ValueError,
+                        "certfile must be specified for server-side operations",
+                        ssl.wrap_socket, sock, server_side=True, certfile="")
         s = ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE)
         self.assertRaisesRegexp(ValueError, "can't connect in server-side mode",
                                 s.connect, (HOST, 8080))
         with self.assertRaises(IOError) as cm:
             ssl.wrap_socket(socket.socket(), certfile=WRONGCERT)
         self.assertEqual(cm.exception.errno, errno.ENOENT)
-        # XXX - temporarily disabled as per issue #9711
-        #with self.assertRaises(IOError) as cm:
-        #    ssl.wrap_socket(socket.socket(), keyfile=WRONGCERT)
-        #self.assertEqual(cm.exception.errno, errno.ENOENT)
+        with self.assertRaises(IOError) as cm:
+            ssl.wrap_socket(socket.socket(), certfile=CERTFILE, keyfile=WRONGCERT)
+        self.assertEqual(cm.exception.errno, errno.ENOENT)
         with self.assertRaises(IOError) as cm:
             ssl.wrap_socket(socket.socket(), certfile=WRONGCERT, keyfile=WRONGCERT)
         self.assertEqual(cm.exception.errno, errno.ENOENT)
author	Giampaolo Rodolà <g.rodola@gmail.com>	2010-08-30 18:28:05 (GMT)
committer	Giampaolo Rodolà <g.rodola@gmail.com>	2010-08-30 18:28:05 (GMT)
commit	8b7da623ceb1e37d757cef95204c2384e1044a44 (patch)
tree	d6d5ac714496dd1f7d8042d9a6c9f43a6e264cb5 /Lib
parent	40d9a4e854d71a9c307f4f92a1e8336b4714a3c8 (diff)
download	cpython-8b7da623ceb1e37d757cef95204c2384e1044a44.zip cpython-8b7da623ceb1e37d757cef95204c2384e1044a44.tar.gz cpython-8b7da623ceb1e37d757cef95204c2384e1044a44.tar.bz2