Index: Lib/ssl.py
===================================================================
--- Lib/ssl.py	(revisione 84351)
+++ Lib/ssl.py	(copia locale)
@@ -122,6 +122,9 @@
         if _context:
             self.context = _context
         else:
+            if server_side and certfile is None:
+                raise ValueError("certfile must be specified for server-side "
+                                 "operations")
             if certfile and not keyfile:
                 keyfile = certfile
             self.context = SSLContext(ssl_version)
@@ -138,7 +141,7 @@
             self.ssl_version = ssl_version
             self.ca_certs = ca_certs
             self.ciphers = ciphers
-
+            self.server_side = server_side
         self.do_handshake_on_connect = do_handshake_on_connect
         self.suppress_ragged_eofs = suppress_ragged_eofs
         connected = False
@@ -358,7 +361,8 @@
     def connect(self, addr):
         """Connects to remote ADDR, and then wraps the connection in
         an SSL channel."""
-
+        if self.server_side:
+            raise ValueError("can't connect in server-side mode")
         # Here we assume that the socket is client-side, and not
         # connected at the time of the call.  We connect it, then wrap it.
         if self._sslobj:
Index: Lib/test/test_ssl.py
===================================================================
--- Lib/test/test_ssl.py	(revisione 84350)
+++ Lib/test/test_ssl.py	(copia locale)
@@ -172,7 +172,19 @@
             ss = ssl.wrap_socket(s)
             self.assertEqual(timeout, ss.gettimeout())
 
+    def test_errors(self):
+        sock = socket.socket()
+        self.assertRaisesRegexp(ValueError, "certfile must be specified",
+                                ssl.wrap_socket, sock, server_side=True)
+        s = ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE)
+        self.assertRaisesRegexp(ValueError, "can't connect in server-side mode",
+                                s.connect, (HOST, 8080))
+        with self.assertRaisesRegexp(IOError, "No such file"):
+            ssl.wrap_socket(sock, certfile=WRONGCERT)
+            ssl.wrap_socket(sock, keyfile=WRONGCERT)
+            ssl.wrap_socket(sock, certfile=WRONGCERT, keyfile=WRONGCERT)
 
+
 class ContextTests(unittest.TestCase):
 
     @skip_if_broken_ubuntu_ssl
@@ -240,7 +252,7 @@
         ctx.load_cert_chain(CERTFILE)
         ctx.load_cert_chain(CERTFILE, keyfile=CERTFILE)
         self.assertRaises(TypeError, ctx.load_cert_chain, keyfile=CERTFILE)
-        with self.assertRaisesRegexp(ssl.SSLError, "system lib"):
+        with self.assertRaisesRegexp(IOError, "No such file"):
             ctx.load_cert_chain(WRONGCERT)
         with self.assertRaisesRegexp(ssl.SSLError, "PEM lib"):
             ctx.load_cert_chain(BADCERT)
@@ -270,7 +282,7 @@
         ctx.load_verify_locations(cafile=BYTES_CERTFILE, capath=None)
         self.assertRaises(TypeError, ctx.load_verify_locations)
         self.assertRaises(TypeError, ctx.load_verify_locations, None, None)
-        with self.assertRaisesRegexp(ssl.SSLError, "system lib"):
+        with self.assertRaisesRegexp(IOError, "No such file"):
             ctx.load_verify_locations(WRONGCERT)
         with self.assertRaisesRegexp(ssl.SSLError, "PEM lib"):
             ctx.load_verify_locations(BADCERT)
Index: Modules/_ssl.c
===================================================================
--- Modules/_ssl.c	(revisione 84350)
+++ Modules/_ssl.c	(copia locale)
@@ -1580,6 +1580,7 @@
     PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL;
     int r;
 
+    errno = 0;
     if (!PyArg_ParseTupleAndKeywords(args, kwds,
         "O|O:load_cert_chain", kwlist,
         &certfile, &keyfile))
@@ -1601,7 +1602,12 @@
         PyBytes_AS_STRING(certfile_bytes));
     PySSL_END_ALLOW_THREADS
     if (r != 1) {
-        _setSSLError(NULL, 0, __FILE__, __LINE__);
+        if (errno != 0) {
+            PyErr_SetFromErrno(PyExc_IOError);
+        }
+        else {
+            _setSSLError(NULL, 0, __FILE__, __LINE__);
+        }
         goto error;
     }
     PySSL_BEGIN_ALLOW_THREADS
@@ -1612,7 +1618,12 @@
     Py_XDECREF(keyfile_bytes);
     Py_XDECREF(certfile_bytes);
     if (r != 1) {
-        _setSSLError(NULL, 0, __FILE__, __LINE__);
+        if (errno != 0) {
+            PyErr_SetFromErrno(PyExc_IOError);
+        }
+        else {
+            _setSSLError(NULL, 0, __FILE__, __LINE__);
+        }
         return NULL;
     }
     PySSL_BEGIN_ALLOW_THREADS
@@ -1639,6 +1650,7 @@
     const char *cafile_buf = NULL, *capath_buf = NULL;
     int r;
 
+    errno = 0;
     if (!PyArg_ParseTupleAndKeywords(args, kwds,
         "|OO:load_verify_locations", kwlist,
         &cafile, &capath))
@@ -1673,7 +1685,12 @@
     Py_XDECREF(cafile_bytes);
     Py_XDECREF(capath_bytes);
     if (r != 1) {
-        _setSSLError(NULL, 0, __FILE__, __LINE__);
+        if (errno != 0) {
+            PyErr_SetFromErrno(PyExc_IOError);
+        }
+        else {
+            _setSSLError(NULL, 0, __FILE__, __LINE__);
+        }
         return NULL;
     }
     Py_RETURN_NONE;