Author kristjan.jonsson
Recipients kristjan.jonsson
Date 2012-11-16.15:10:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The _ssl module (and indeed the openssl lib) relies heaviliy on actual filesystem locations to load certificates.  A client or a server may not want to rely on physical filesystem locations to load certificates for authentication or verification.  Physical disc files are cumbersome and present a management burden in the presence of multiple processes.

This patch adds extensions to the _ssl.c file which allows certificates, keys and certification chains to be provided by file contents, rather than file name.  

The ctx.load_cert_chain and ctx.load_verify_locations take additional arguments to specify the data on this form.

the ssl.wrap_socket does not add arguments, rather the function is polymorphic in that the conents of the certfil/keyfile are examined and treated as file-data if beginning with -----BEGIN.  the ca_certs is similarly treated as a list of file contents, if it is a list, (rather than a string)

This patch is the result of work at CCP for deploying ssl clients and servers in an isolated environment without having to resort to temporary disk files.
Date User Action Args
2012-11-16 15:10:16kristjan.jonssonsetrecipients: + kristjan.jonsson
2012-11-16 15:10:15kristjan.jonssonsetmessageid: <>
2012-11-16 15:10:15kristjan.jonssonlinkissue16487 messages
2012-11-16 15:10:15kristjan.jonssoncreate