Message175691
The _ssl module (and indeed the openssl lib) relies heaviliy on actual filesystem locations to load certificates. A client or a server may not want to rely on physical filesystem locations to load certificates for authentication or verification. Physical disc files are cumbersome and present a management burden in the presence of multiple processes.
This patch adds extensions to the _ssl.c file which allows certificates, keys and certification chains to be provided by file contents, rather than file name.
The ctx.load_cert_chain and ctx.load_verify_locations take additional arguments to specify the data on this form.
the ssl.wrap_socket does not add arguments, rather the function is polymorphic in that the conents of the certfil/keyfile are examined and treated as file-data if beginning with -----BEGIN. the ca_certs is similarly treated as a list of file contents, if it is a list, (rather than a string)
This patch is the result of work at CCP for deploying ssl clients and servers in an isolated environment without having to resort to temporary disk files. |
|
Date |
User |
Action |
Args |
2012-11-16 15:10:16 | kristjan.jonsson | set | recipients:
+ kristjan.jonsson |
2012-11-16 15:10:15 | kristjan.jonsson | set | messageid: <1353078615.85.0.973290481578.issue16487@psf.upfronthosting.co.za> |
2012-11-16 15:10:15 | kristjan.jonsson | link | issue16487 messages |
2012-11-16 15:10:15 | kristjan.jonsson | create | |
|