summaryrefslogtreecommitdiffstats
path: root/Modules/_ssl.c
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2010-04-17 17:40:45 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2010-04-17 17:40:45 (GMT)
commit2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817 (patch)
treea34682efe1b686fe2dc9d04b7c8d71edb69ed4e9 /Modules/_ssl.c
parentec8dfeb27e46f826b0c7f03196f70520a33828d6 (diff)
downloadcpython-2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817.zip
cpython-2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817.tar.gz
cpython-2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817.tar.bz2
Merged revisions 80151 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk ........ r80151 | antoine.pitrou | 2010-04-17 19:10:38 +0200 (sam., 17 avril 2010) | 4 lines Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the available cipher list. Helps fix test_ssl with OpenSSL 1.0.0. ........
Diffstat (limited to 'Modules/_ssl.c')
-rw-r--r--Modules/_ssl.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 5cb7e0a..8784972 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -262,7 +262,7 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
enum py_ssl_server_or_client socket_type,
enum py_ssl_cert_requirements certreq,
enum py_ssl_version proto_version,
- char *cacerts_file)
+ char *cacerts_file, char *ciphers)
{
PySSLObject *self;
char *errstr = NULL;
@@ -310,6 +310,14 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
goto fail;
}
+ if (ciphers != NULL) {
+ ret = SSL_CTX_set_cipher_list(self->ctx, ciphers);
+ if (ret == 0) {
+ errstr = ERRSTR("No cipher can be selected.");
+ goto fail;
+ }
+ }
+
if (certreq != PY_SSL_CERT_NONE) {
if (cacerts_file == NULL) {
errstr = ERRSTR("No root certificates specified for "
@@ -408,14 +416,15 @@ PySSL_sslwrap(PyObject *self, PyObject *args)
char *key_file = NULL;
char *cert_file = NULL;
char *cacerts_file = NULL;
+ char *ciphers = NULL;
- if (!PyArg_ParseTuple(args, "O!i|zziiz:sslwrap",
+ if (!PyArg_ParseTuple(args, "O!i|zziizz:sslwrap",
PySocketModule.Sock_Type,
&Sock,
&server_side,
&key_file, &cert_file,
&verification_mode, &protocol,
- &cacerts_file))
+ &cacerts_file, &ciphers))
return NULL;
/*
@@ -428,12 +437,13 @@ PySSL_sslwrap(PyObject *self, PyObject *args)
return (PyObject *) newPySSLObject(Sock, key_file, cert_file,
server_side, verification_mode,
- protocol, cacerts_file);
+ protocol, cacerts_file,
+ ciphers);
}
PyDoc_STRVAR(ssl_doc,
"sslwrap(socket, server_side, [keyfile, certfile, certs_mode, protocol,\n"
-" cacertsfile]) -> sslobject");
+" cacertsfile, ciphers]) -> sslobject");
/* SSL object methods */