Message115195
By taking a look at ssl.py it seems that keyfile argument is ignored if certfile argument is not specified as well.
Here's an extract of ssl.py code:
class SSLSocket:
def __init__(self, sock=None, keyfile=None, certfile=None,
server_side=False, cert_reqs=CERT_NONE,
ssl_version=PROTOCOL_SSLv23, ca_certs=None,
do_handshake_on_connect=True,
family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None,
suppress_ragged_eofs=True, ciphers=None,
_context=None):
[...]
if certfile and not keyfile:
keyfile = certfile
[...]
if certfile:
self.context.load_cert_chain(certfile, keyfile)
So at the current stage this:
>>> ssl.wrap_socket(socket.socket(), keyfile="XXX")
<ssl.SSLSocket object, fd=5, family=2, type=1, proto=0>
...would be equal to:
>>> ssl.wrap_socket(socket.socket())
<ssl.SSLSocket object, fd=5, family=2, type=1, proto=0>
To me this leads to one question: are there circumstances in which it makes sense to specify "keyfile" and *not* "certfile"?
As far as I know, on server-side it is always required to specify *at least* certfile argument, in which case this would represent a bug.
Not sure about client-side sockets. |
|
Date |
User |
Action |
Args |
2010-08-29 20:50:04 | giampaolo.rodola | set | recipients:
+ giampaolo.rodola, exarkun, janssen, pitrou |
2010-08-29 20:50:04 | giampaolo.rodola | set | messageid: <1283115004.18.0.127719277897.issue9711@psf.upfronthosting.co.za> |
2010-08-29 20:50:00 | giampaolo.rodola | link | issue9711 messages |
2010-08-29 20:50:00 | giampaolo.rodola | create | |
|