diff options
author | Christian Heimes <christian@cheimes.de> | 2013-06-09 16:02:55 (GMT) |
---|---|---|
committer | Christian Heimes <christian@cheimes.de> | 2013-06-09 16:02:55 (GMT) |
commit | 6d7ad13a458afdf2cbdd0c3349b0589d7776cc8a (patch) | |
tree | 47e14221e1b28d34be82fe6a3e5fa554c03f51a1 /Lib | |
parent | 302b8c31ecefba371271ca51359ef30fcb3ddbcd (diff) | |
download | cpython-6d7ad13a458afdf2cbdd0c3349b0589d7776cc8a.zip cpython-6d7ad13a458afdf2cbdd0c3349b0589d7776cc8a.tar.gz cpython-6d7ad13a458afdf2cbdd0c3349b0589d7776cc8a.tar.bz2 |
Issue #18143: Implement ssl.get_default_verify_paths() in order to debug
the default locations for cafile and capath.
Diffstat (limited to 'Lib')
-rw-r--r-- | Lib/ssl.py | 20 | ||||
-rw-r--r-- | Lib/test/test_ssl.py | 13 |
2 files changed, 33 insertions, 0 deletions
@@ -89,6 +89,8 @@ ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY import textwrap import re +import os +import collections import _ssl # if we can't import it, let the error propagate @@ -222,6 +224,24 @@ def match_hostname(cert, hostname): "subjectAltName fields were found") +DefaultVerifyPaths = collections.namedtuple("DefaultVerifyPaths", + "cafile capath openssl_cafile_env openssl_cafile openssl_capath_env " + "openssl_capath") + +def get_default_verify_paths(): + """Return paths to default cafile and capath. + """ + parts = _ssl.get_default_verify_paths() + + # environment vars shadow paths + cafile = os.environ.get(parts[0], parts[1]) + capath = os.environ.get(parts[2], parts[3]) + + return DefaultVerifyPaths(cafile if os.path.isfile(cafile) else None, + capath if os.path.isdir(capath) else None, + *parts) + + class SSLContext(_SSLContext): """An SSLContext holds various SSL-related configuration options and data, such as certificates and possibly a private key.""" diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 224e0e2..6cecc17 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -394,6 +394,19 @@ class BasicSocketTests(unittest.TestCase): support.gc_collect() self.assertIn(r, str(cm.warning.args[0])) + def test_get_default_verify_paths(self): + paths = ssl.get_default_verify_paths() + self.assertEqual(len(paths), 6) + self.assertIsInstance(paths, ssl.DefaultVerifyPaths) + + with support.EnvironmentVarGuard() as env: + env["SSL_CERT_DIR"] = CAPATH + env["SSL_CERT_FILE"] = CERTFILE + paths = ssl.get_default_verify_paths() + self.assertEqual(paths.cafile, CERTFILE) + self.assertEqual(paths.capath, CAPATH) + + class ContextTests(unittest.TestCase): @skip_if_broken_ubuntu_ssl |