diff options
author | Christian Heimes <christian@python.org> | 2021-04-23 12:23:35 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-23 12:23:35 (GMT) |
commit | e259a77f21bdfc7d4195913b379cbd6daee45d0d (patch) | |
tree | d1c35ee7f36aeb28cb0dd098e6c7925f87075239 /Modules/_ssl.c | |
parent | d4fff1f580aed5d26b9b501d0e626f50da9f7bb7 (diff) | |
download | cpython-e259a77f21bdfc7d4195913b379cbd6daee45d0d.zip cpython-e259a77f21bdfc7d4195913b379cbd6daee45d0d.tar.gz cpython-e259a77f21bdfc7d4195913b379cbd6daee45d0d.tar.bz2 |
[3.9] bpo-43920: Make load_verify_locations(cadata) error message consistent (GH-25554) (GH-25555)
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit b9ad88be0304136c3fe5959c65a5d2c75490cd80)
Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules/_ssl.c')
-rw-r--r-- | Modules/_ssl.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 3f14590..97e314b 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -4095,7 +4095,7 @@ _add_ca_certs(PySSLContext *self, const void *data, Py_ssize_t len, { BIO *biobuf = NULL; X509_STORE *store; - int retval = 0, err, loaded = 0; + int retval = -1, err, loaded = 0; assert(filetype == SSL_FILETYPE_ASN1 || filetype == SSL_FILETYPE_PEM); @@ -4149,23 +4149,32 @@ _add_ca_certs(PySSLContext *self, const void *data, Py_ssize_t len, } err = ERR_peek_last_error(); - if ((filetype == SSL_FILETYPE_ASN1) && - (loaded > 0) && - (ERR_GET_LIB(err) == ERR_LIB_ASN1) && - (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) { + if (loaded == 0) { + const char *msg = NULL; + if (filetype == SSL_FILETYPE_PEM) { + msg = "no start line: cadata does not contain a certificate"; + } else { + msg = "not enough data: cadata does not contain a certificate"; + } + _setSSLError(msg, 0, __FILE__, __LINE__); + retval = -1; + } else if ((filetype == SSL_FILETYPE_ASN1) && + (ERR_GET_LIB(err) == ERR_LIB_ASN1) && + (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) { /* EOF ASN1 file, not an error */ ERR_clear_error(); retval = 0; } else if ((filetype == SSL_FILETYPE_PEM) && - (loaded > 0) && (ERR_GET_LIB(err) == ERR_LIB_PEM) && (ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) { /* EOF PEM file, not an error */ ERR_clear_error(); retval = 0; - } else { + } else if (err != 0) { _setSSLError(NULL, 0, __FILE__, __LINE__); retval = -1; + } else { + retval = 0; } BIO_free(biobuf); |