diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-17 17:40:45 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-17 17:40:45 (GMT) |
commit | 2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817 (patch) | |
tree | a34682efe1b686fe2dc9d04b7c8d71edb69ed4e9 /Modules/_ssl.c | |
parent | ec8dfeb27e46f826b0c7f03196f70520a33828d6 (diff) | |
download | cpython-2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817.zip cpython-2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817.tar.gz cpython-2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817.tar.bz2 |
Merged revisions 80151 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80151 | antoine.pitrou | 2010-04-17 19:10:38 +0200 (sam., 17 avril 2010) | 4 lines
Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the
available cipher list. Helps fix test_ssl with OpenSSL 1.0.0.
........
Diffstat (limited to 'Modules/_ssl.c')
-rw-r--r-- | Modules/_ssl.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 5cb7e0a..8784972 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -262,7 +262,7 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file, enum py_ssl_server_or_client socket_type, enum py_ssl_cert_requirements certreq, enum py_ssl_version proto_version, - char *cacerts_file) + char *cacerts_file, char *ciphers) { PySSLObject *self; char *errstr = NULL; @@ -310,6 +310,14 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file, goto fail; } + if (ciphers != NULL) { + ret = SSL_CTX_set_cipher_list(self->ctx, ciphers); + if (ret == 0) { + errstr = ERRSTR("No cipher can be selected."); + goto fail; + } + } + if (certreq != PY_SSL_CERT_NONE) { if (cacerts_file == NULL) { errstr = ERRSTR("No root certificates specified for " @@ -408,14 +416,15 @@ PySSL_sslwrap(PyObject *self, PyObject *args) char *key_file = NULL; char *cert_file = NULL; char *cacerts_file = NULL; + char *ciphers = NULL; - if (!PyArg_ParseTuple(args, "O!i|zziiz:sslwrap", + if (!PyArg_ParseTuple(args, "O!i|zziizz:sslwrap", PySocketModule.Sock_Type, &Sock, &server_side, &key_file, &cert_file, &verification_mode, &protocol, - &cacerts_file)) + &cacerts_file, &ciphers)) return NULL; /* @@ -428,12 +437,13 @@ PySSL_sslwrap(PyObject *self, PyObject *args) return (PyObject *) newPySSLObject(Sock, key_file, cert_file, server_side, verification_mode, - protocol, cacerts_file); + protocol, cacerts_file, + ciphers); } PyDoc_STRVAR(ssl_doc, "sslwrap(socket, server_side, [keyfile, certfile, certs_mode, protocol,\n" -" cacertsfile]) -> sslobject"); +" cacertsfile, ciphers]) -> sslobject"); /* SSL object methods */ |