Issue #8484: Load all ciphers and digest algorithms when initializing

the _ssl extension, such that verification of some SSL certificates doesn't fail because of an "unknown algorithm".
2025-07-24 11:44:31 +00:00 · 2010-04-21 19:28:03 +00:00 · 2010-04-21 19:28:03 +00:00 · c715a9ed08
commit c715a9ed08
parent 62e17ad234
3 changed files with 26 additions and 1 deletions
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -232,6 +232,26 @@ class NetworkedTests(unittest.TestCase):
        if test_support.verbose:
            sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)

+    def test_algorithms(self):
+        # Issue #8484: all algorithms should be available when verifying a
+        # certificate.
+        # NOTE: https://sha256.tbs-internet.com is another possible test host
+        remote = ("sha2.hboeck.de", 443)
+        sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem")
+        s = ssl.wrap_socket(socket.socket(socket.AF_INET),
+                            cert_reqs=ssl.CERT_REQUIRED,
+                            ca_certs=sha256_cert,)
+        with test_support.transient_internet():
+            try:
+                s.connect(remote)
+                if test_support.verbose:
+                    sys.stdout.write("\nCipher with %r is %r\n" %
+                                     (remote, s.cipher()))
+                    sys.stdout.write("Certificate is:\n%s\n" %
+                                     pprint.pformat(s.getpeercert()))
+            finally:
+                s.close()
+

 try:
    import threading