This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: SSL should accept cert content, instead of just cert file path
Type: enhancement Stage: resolved
Components: SSL Versions: Python 3.5
Status: closed Resolution: duplicate
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, j-rewerts, njs, rico-lin
Priority: normal Keywords:

Created on 2018-07-28 10:31 by rico-lin, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (3)
msg322539 - (view) Author: Rico Lin (rico-lin) Date: 2018-07-28 10:31
Currently, SSL module [1] only allows file path as input.
That led to a lot of libraries only accept file path to a local file.
This lead to issues when people who trigger this python code, didn't have any right to access a local file. Here are two examples:

1. In multi-cloud orchestration service design, you (as an operator) like to create resources in another cloud with orchestration service(like Heat in OpenStack), but you like to set up SSL for this connection. You should not allow accessing a local file from the first cloud (where the orchestration service is running). And you can't guarantee the first cloud provider allow you to inject a Cert file in their environment. In this case we need to allow operators to input their own cert information and parse it to ssl option for request.

2. Serverless. In serverless, we give a python code and cloud will provide an environment to run it. We can try to inject cert when we try to create environment for operators, but it will be more secure to directly pass it to python instead of store it around.

The first case is what we're looking for an answer. Didn't look into the design for the second case, but I guess that might face the same issue.

msg322609 - (view) Author: Nathaniel Smith (njs) * (Python committer) Date: 2018-07-29 04:27
This is a duplicate of bpo-16487, which has more discussion about how the API might work.
msg322610 - (view) Author: Jared (j-rewerts) * Date: 2018-07-29 04:54
Also [PEP 543]( is related to this. In addition, I think [PyOpenSSL]( provides support for what you want.
Date User Action Args
2022-04-11 14:59:03adminsetgithub: 78438
2018-07-29 04:54:21j-rewertssetnosy: + j-rewerts
messages: + msg322610
2018-07-29 04:27:57njssetstatus: open -> closed

nosy: + njs
messages: + msg322609

resolution: duplicate
stage: resolved
2018-07-28 10:32:09rico-linsetversions: + Python 3.5, - Python 3.6
2018-07-28 10:31:52rico-lincreate