summaryrefslogtreecommitdiffstats
path: root/Modules/_ssl.c
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2021-04-23 12:23:35 (GMT)
committerGitHub <noreply@github.com>2021-04-23 12:23:35 (GMT)
commite259a77f21bdfc7d4195913b379cbd6daee45d0d (patch)
treed1c35ee7f36aeb28cb0dd098e6c7925f87075239 /Modules/_ssl.c
parentd4fff1f580aed5d26b9b501d0e626f50da9f7bb7 (diff)
downloadcpython-e259a77f21bdfc7d4195913b379cbd6daee45d0d.zip
cpython-e259a77f21bdfc7d4195913b379cbd6daee45d0d.tar.gz
cpython-e259a77f21bdfc7d4195913b379cbd6daee45d0d.tar.bz2
[3.9] bpo-43920: Make load_verify_locations(cadata) error message consistent (GH-25554) (GH-25555)
Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit b9ad88be0304136c3fe5959c65a5d2c75490cd80) Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules/_ssl.c')
-rw-r--r--Modules/_ssl.c23
1 files changed, 16 insertions, 7 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 3f14590..97e314b 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -4095,7 +4095,7 @@ _add_ca_certs(PySSLContext *self, const void *data, Py_ssize_t len,
{
BIO *biobuf = NULL;
X509_STORE *store;
- int retval = 0, err, loaded = 0;
+ int retval = -1, err, loaded = 0;
assert(filetype == SSL_FILETYPE_ASN1 || filetype == SSL_FILETYPE_PEM);
@@ -4149,23 +4149,32 @@ _add_ca_certs(PySSLContext *self, const void *data, Py_ssize_t len,
}
err = ERR_peek_last_error();
- if ((filetype == SSL_FILETYPE_ASN1) &&
- (loaded > 0) &&
- (ERR_GET_LIB(err) == ERR_LIB_ASN1) &&
- (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) {
+ if (loaded == 0) {
+ const char *msg = NULL;
+ if (filetype == SSL_FILETYPE_PEM) {
+ msg = "no start line: cadata does not contain a certificate";
+ } else {
+ msg = "not enough data: cadata does not contain a certificate";
+ }
+ _setSSLError(msg, 0, __FILE__, __LINE__);
+ retval = -1;
+ } else if ((filetype == SSL_FILETYPE_ASN1) &&
+ (ERR_GET_LIB(err) == ERR_LIB_ASN1) &&
+ (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) {
/* EOF ASN1 file, not an error */
ERR_clear_error();
retval = 0;
} else if ((filetype == SSL_FILETYPE_PEM) &&
- (loaded > 0) &&
(ERR_GET_LIB(err) == ERR_LIB_PEM) &&
(ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
/* EOF PEM file, not an error */
ERR_clear_error();
retval = 0;
- } else {
+ } else if (err != 0) {
_setSSLError(NULL, 0, __FILE__, __LINE__);
retval = -1;
+ } else {
+ retval = 0;
}
BIO_free(biobuf);