summaryrefslogtreecommitdiffstats
path: root/Modules
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2010-04-17 17:10:38 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2010-04-17 17:10:38 (GMT)
commit0a6373c1a928e80c8c3fa9b88d925b3dccc5afc4 (patch)
treea943cdb41cc6eaf54fc12b0dc225b086e4111bc5 /Modules
parent7794b5b52f8c5c4bf465a44a53025e9b6fa49592 (diff)
downloadcpython-0a6373c1a928e80c8c3fa9b88d925b3dccc5afc4.zip
cpython-0a6373c1a928e80c8c3fa9b88d925b3dccc5afc4.tar.gz
cpython-0a6373c1a928e80c8c3fa9b88d925b3dccc5afc4.tar.bz2
Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the
available cipher list. Helps fix test_ssl with OpenSSL 1.0.0.
Diffstat (limited to 'Modules')
-rw-r--r--Modules/_ssl.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 986ec46..6dad6a6 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -259,7 +259,7 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
enum py_ssl_server_or_client socket_type,
enum py_ssl_cert_requirements certreq,
enum py_ssl_version proto_version,
- char *cacerts_file)
+ char *cacerts_file, char *ciphers)
{
PySSLObject *self;
char *errstr = NULL;
@@ -309,6 +309,14 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
goto fail;
}
+ if (ciphers != NULL) {
+ ret = SSL_CTX_set_cipher_list(self->ctx, ciphers);
+ if (ret == 0) {
+ errstr = ERRSTR("No cipher can be selected.");
+ goto fail;
+ }
+ }
+
if (certreq != PY_SSL_CERT_NONE) {
if (cacerts_file == NULL) {
errstr = ERRSTR("No root certificates specified for "
@@ -408,14 +416,15 @@ PySSL_sslwrap(PyObject *self, PyObject *args)
char *key_file = NULL;
char *cert_file = NULL;
char *cacerts_file = NULL;
+ char *ciphers = NULL;
- if (!PyArg_ParseTuple(args, "O!i|zziiz:sslwrap",
+ if (!PyArg_ParseTuple(args, "O!i|zziizz:sslwrap",
PySocketModule.Sock_Type,
&Sock,
&server_side,
&key_file, &cert_file,
&verification_mode, &protocol,
- &cacerts_file))
+ &cacerts_file, &ciphers))
return NULL;
/*
@@ -428,12 +437,13 @@ PySSL_sslwrap(PyObject *self, PyObject *args)
return (PyObject *) newPySSLObject(Sock, key_file, cert_file,
server_side, verification_mode,
- protocol, cacerts_file);
+ protocol, cacerts_file,
+ ciphers);
}
PyDoc_STRVAR(ssl_doc,
"sslwrap(socket, server_side, [keyfile, certfile, certs_mode, protocol,\n"
-" cacertsfile]) -> sslobject");
+" cacertsfile, ciphers]) -> sslobject");
/* SSL object methods */