Message115172
> SSLError: _ssl.c:296: Both the key & certificate files must be
> specified for server-side operation
>
> I would change this behavior in SSLSocket constructor and raise
> ValueError if server_side is True and certfile is None.
Good idea.
> Also, the message coming from the C code should be adjusted to state
> than keyfile argument is not mandatory.
The message is arguably technically correct: you need both a (private)
key and a certificate. It's simply that they can be put in the same
file.
> >>> s = ssl.wrap_socket(socket.socket(), server_side=1)
> >>> s.connect(('blogger.com', 443))
> >>>
>
> For consistency I would expect something like ValueError("can't
> connect in server-side mode") on connect().
Indeed.
> ssl.SSLError: [Errno 336445442] _ssl.c:1604: error:140DC002:SSL
> routines:SSL_CTX_use_certificate_chain_file:system lib
> >>>
>
> A simple "IOError No such file or directory 'xxx'" exception would be
> a lot more clear.
Agreed, but the OpenSSL error reporting system looks too convoluted (or
braindead) to easily allow such aliasing of errors. If you have an idea,
don't hesitate to share :)
> ssl.SSLError: [Errno 336445449] _ssl.c:1604: error:140DC009:SSL
> routines:SSL_CTX_use_certificate_chain_file:PEM lib
> >>>
>
> If possible, the error should be more clear about what happened.
> Something like "malformed certfile was provided" or something.
Same as above: the error message and numeric code come from OpenSSL, not
from us. |
|
Date |
User |
Action |
Args |
2010-08-28 21:01:51 | pitrou | set | recipients:
+ pitrou, exarkun, janssen, giampaolo.rodola |
2010-08-28 21:01:49 | pitrou | link | issue9706 messages |
2010-08-28 21:01:49 | pitrou | create | |
|