mirrors
/
cpython
mirror of https://github.com/python/cpython.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #8484: Load all ciphers and digest algorithms when initializing 

the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
This commit is contained in:
Antoine Pitrou 2010-04-21 19:28:03 +00:00
parent 62e17ad234
commit c715a9ed08
3 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Lib/test/test_ssl.py
View File

@ -232,6 +232,26 @@ def testFetchServerCert(self):
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem) sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
def test_algorithms(self):
# Issue #8484: all algorithms should be available when verifying a
# certificate.
# NOTE: https://sha256.tbs-internet.com is another possible test host
remote = ("sha2.hboeck.de", 443)
sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem")
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=sha256_cert,)
with test_support.transient_internet():
try:
s.connect(remote)
if test_support.verbose:
sys.stdout.write("\nCipher with %r is %r\n" %
(remote, s.cipher()))
sys.stdout.write("Certificate is:\n%s\n" %
pprint.pformat(s.getpeercert()))
finally:
s.close()
try: try:
import threading import threading

4
Misc/NEWS
View File

@ -20,6 +20,10 @@ Core and Builtins
Library Library
------- -------
- Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
- Issue #8437: Fix test_gdb failures, patch written by Dave Malcolm - Issue #8437: Fix test_gdb failures, patch written by Dave Malcolm
- Issue #4814: timeout parameter is now applied also for connections resulting - Issue #4814: timeout parameter is now applied also for connections resulting

3
Modules/_ssl.c
View File

@ -1603,13 +1603,14 @@ init_ssl(void)
/* Init OpenSSL */ /* Init OpenSSL */
SSL_load_error_strings(); SSL_load_error_strings();
SSL_library_init();
#ifdef WITH_THREAD #ifdef WITH_THREAD
/* note that this will start threading if not already started */ /* note that this will start threading if not already started */
if (!_setup_ssl_threads()) { if (!_setup_ssl_threads()) {
return; return;
} }
#endif #endif
SSLeay_add_ssl_algorithms(); OpenSSL_add_all_algorithms();
/* Add symbols to module dict */ /* Add symbols to module dict */
PySSLErrorObject = PyErr_NewException("ssl.SSLError", PySSLErrorObject = PyErr_NewException("ssl.SSLError",