This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: SSLSocket created from SSLContext.wrap_socket doesn't include cert/keyfile
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 3.2, Python 3.3, Python 3.4
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: jcea, mcjeff, pitrou, python-dev
Priority: normal Keywords: patch

Created on 2012-10-29 15:53 by mcjeff, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
ssl_context.patch mcjeff, 2012-10-29 15:53 review
ssl_context.patch mcjeff, 2012-10-29 22:22 review
Messages (6)
msg174121 - (view) Author: Jeff McNeil (mcjeff) * Date: 2012-10-29 15:53 
mcjeff@martian:~/cpython$ ./python -V
Python 3.4.0a0

When an SSLSocket is created via SSLContext.wrap_socket, it is passed a _context parameter directly.  SSLSocket.__init__ sets self.context at this point, but it does not set self.keyfile or self.certfile.

However, in SSLSocket.accept, both keyfile & certfile are passed when creating a new, wrapped SSLSocket, from socket.accept's newsock.

The result is an attribute error.
>>> import ssl
>>> c = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
>>> c.load_cert_chain('Lib/test/keycert.pem')        
>>> import socket
>>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
>>> s.bind(('127.0.0.1', 5050))
>>> s.listen(5)
>>> s.accept()  # nc localhost 5050 in another term.
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/google/home/mcjeff/cpython/Lib/ssl.py", line 557, in accept
    keyfile=self.keyfile, certfile=self.certfile,
AttributeError: 'SSLSocket' object has no attribute 'keyfile'
>>> 

Attached one-liner addresses it by passing in the context rather than the keyfile & certfile.

>>> s.accept()
(<socket.socket object, fd=4, family=2, type=1, proto=0>, ('127.0.0.1', 37306))
>>>
msg174151 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2012-10-29 20:43 
I don't understand your code snippet: you don't seem to wrap the socket anywhere (paste error?).
As for the patch, it would be nice to add a corresponding test in Lib/test/test_ssl.py.
msg174155 - (view) Author: Jeff McNeil (mcjeff) * Date: 2012-10-29 21:23 
Ak! Yes, cut and paste error.

Python 3.4.0a0 (default:57a33af85407, Oct 27 2012, 21:26:30) 
[GCC 4.4.3] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl          
>>> c = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
>>> c.load_cert_chain('Lib/test/keycert.pem')        
>>> import socket
>>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
>>> s.bind(('127.0.0.1', 5050))
>>> s = c.wrap_socket(s)
>>> s.listen(5)
>>> s.accept()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/jeff/cpython/Lib/ssl.py", line 557, in accept
    keyfile=self.keyfile, certfile=self.certfile,
AttributeError: 'SSLSocket' object has no attribute 'keyfile'
>>> 

I'll add a corresponding test, sure thing.
msg174156 - (view) Author: Jeff McNeil (mcjeff) * Date: 2012-10-29 22:22 
Updated to pass in the parent context only actually, as it doesn't look like all of the attributes on SSLSocket will be set if a context was initially passed in.
msg175306 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2012-11-11 00:29 
New changeset f475332df9b5 by Antoine Pitrou in branch '3.2':
Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
http://hg.python.org/cpython/rev/f475332df9b5

New changeset 9510a9641c80 by Antoine Pitrou in branch '3.3':
Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
http://hg.python.org/cpython/rev/9510a9641c80

New changeset 5fc30f0277a5 by Antoine Pitrou in branch 'default':
Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
http://hg.python.org/cpython/rev/5fc30f0277a5
msg175307 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2012-11-11 00:30 
I've reworked the patch a bit and committed it. Thank you for reporting this!
History
Date User Action Args
2022-04-11 14:57:37adminsetgithub: 60561
2012-12-14 01:20:46jceasetnosy: + jcea
2012-11-11 00:30:12pitrousetstatus: open -> closed
resolution: fixed
messages: + msg175307

stage: patch review -> resolved
2012-11-11 00:29:13python-devsetnosy: + python-dev
messages: + msg175306
2012-10-29 22:22:20mcjeffsetfiles: + ssl_context.patch

messages: + msg174156
2012-10-29 21:23:47mcjeffsetmessages: + msg174155
2012-10-29 20:43:50pitrousetversions: + Python 3.2, Python 3.3
nosy: + pitrou

messages: + msg174151

type: behavior
stage: patch review
2012-10-29 15:53:59mcjeffcreate