Ticket #6258: use-chain-file-api.patch

File use-chain-file-api.patch, 4.8 KB (added by Hynek Schlawack, 7 years ago)
  • twisted/internet/ssl.py

    # Bazaar merge directive format 2 (Bazaar 0.90)
    # revision_id: hs@ox.cx-20130116093528-fwo6ppjngpv810z9
    # target_branch: file:///Users/hynek/Projects/Twisted/trunk/
    # testament_sha1: 323151317d12e2f30d7034e948ddc54f4d21b372
    # timestamp: 2013-01-16 10:38:03 +0100
    # base_revision_id: svn-v4:bbbe8e31-12d6-0310-92fd-\
    #   ac37d47ddeeb:trunk:36805
    # 
    # Begin patch
    === modified file 'twisted/internet/ssl.py'
     
    5656                 sslmethod=SSL.SSLv23_METHOD, _contextFactory=SSL.Context):
    5757        """
    5858        @param privateKeyFileName: Name of a file containing a private key
    59         @param certificateFileName: Name of a file containing a certificate
     59        @param certificateFileName: Name of a file containing a certificate. It
     60            is possible to supply chain certificates by concatenating them to
     61            the file.
    6062        @param sslmethod: The SSL method to use
    6163        """
    6264        self.privateKeyFileName = privateKeyFileName
     
    7678            # Disallow SSLv2!  It's insecure!  SSLv3 has been around since
    7779            # 1996.  It's time to move on.
    7880            ctx.set_options(SSL.OP_NO_SSLv2)
    79             ctx.use_certificate_file(self.certificateFileName)
     81            try:
     82                ctx.use_certificate_chain_file(self.certificateFileName)
     83            except SSL.Error:
     84                ctx.use_certificate_file(self.certificateFileName)
    8085            ctx.use_privatekey_file(self.privateKeyFileName)
    8186            self._context = ctx
    8287
  • twisted/test/test_ssl.py

    === modified file 'twisted/test/test_ssl.py'
     
    639639    def use_certificate_file(self, fileName):
    640640        pass
    641641
     642    def use_certificate_chain_file(self, fileName):
     643        pass
    642644
    643645    def use_privatekey_file(self, fileName):
    644646        pass
     
    694696            SSL.Error,
    695697            ssl.DefaultOpenSSLContextFactory, self.mktemp(), certPath)
    696698
     699    def test_certificateIsNotPEMEncoded(self):
     700        """
     701        Nowadays it's preferable to use
     702        L{SSL.Context.use_certificate_chain_file} over
     703        L{SSL.Context.use_certificate_file}.  However, the former accepts only
     704        PEM encoded certificates while the latter is more general.  Therefore
     705        if C{use_certificate_chain_file} fails, it's possible a non-PEM
     706        certificate has been supplied and we have to re-try using
     707        C{use_certificate_file}.
     708        """
     709        class FakeContextRaising(FakeContext):
     710            def use_certificate_chain_file(self, fileName):
     711                raise SSL.Error()
     712
     713        ssl.DefaultOpenSSLContextFactory(certPath, certPath,
     714                                         _contextFactory=FakeContextRaising)
    697715
    698716
    699717class ClientContextFactoryTests(unittest.TestCase):