mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-26 10:19:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Fix issue #9711: raise ValueError is SSLConnection constructor is invoked with keyfile and not certfile.

Browse source
This commit is contained in:
Giampaolo Rodolà 2010-08-30 18:28:05 +00:00
parent 40d9a4e854
commit 8b7da623ce
2 changed files with 14 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Lib/ssl.py
View file

@ -125,6 +125,8 @@ class SSLSocket(socket):
if server_side and not certfile: if server_side and not certfile:
raise ValueError("certfile must be specified for server-side " raise ValueError("certfile must be specified for server-side "
"operations") "operations")
if keyfile and not certfile:
raise ValueError("certfile must be specified")
if certfile and not keyfile: if certfile and not keyfile:
keyfile = certfile keyfile = certfile
self.context = SSLContext(ssl_version) self.context = SSLContext(ssl_version)

19
Lib/test/test_ssl.py
View file

@ -174,19 +174,24 @@ class BasicSocketTests(unittest.TestCase):
def test_errors(self): def test_errors(self):
sock = socket.socket() sock = socket.socket()
with self.assertRaisesRegexp(ValueError, "certfile must be specified"): self.assertRaisesRegexp(ValueError,
ssl.wrap_socket(sock, server_side=True) "certfile must be specified",
ssl.wrap_socket(sock, server_side=True, certfile="") ssl.wrap_socket, sock, keyfile=CERTFILE)
self.assertRaisesRegexp(ValueError,
"certfile must be specified for server-side operations",
ssl.wrap_socket, sock, server_side=True)
self.assertRaisesRegexp(ValueError,
"certfile must be specified for server-side operations",
ssl.wrap_socket, sock, server_side=True, certfile="")
s = ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE) s = ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE)
self.assertRaisesRegexp(ValueError, "can't connect in server-side mode", self.assertRaisesRegexp(ValueError, "can't connect in server-side mode",
s.connect, (HOST, 8080)) s.connect, (HOST, 8080))
with self.assertRaises(IOError) as cm: with self.assertRaises(IOError) as cm:
ssl.wrap_socket(socket.socket(), certfile=WRONGCERT) ssl.wrap_socket(socket.socket(), certfile=WRONGCERT)
self.assertEqual(cm.exception.errno, errno.ENOENT) self.assertEqual(cm.exception.errno, errno.ENOENT)
# XXX - temporarily disabled as per issue #9711 with self.assertRaises(IOError) as cm:
#with self.assertRaises(IOError) as cm: ssl.wrap_socket(socket.socket(), certfile=CERTFILE, keyfile=WRONGCERT)
# ssl.wrap_socket(socket.socket(), keyfile=WRONGCERT) self.assertEqual(cm.exception.errno, errno.ENOENT)
#self.assertEqual(cm.exception.errno, errno.ENOENT)
with self.assertRaises(IOError) as cm: with self.assertRaises(IOError) as cm:
ssl.wrap_socket(socket.socket(), certfile=WRONGCERT, keyfile=WRONGCERT) ssl.wrap_socket(socket.socket(), certfile=WRONGCERT, keyfile=WRONGCERT)
self.assertEqual(cm.exception.errno, errno.ENOENT) self.assertEqual(cm.exception.errno, errno.ENOENT)