diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-21 19:28:03 +0000 |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-21 19:28:03 +0000 |
| commit | c715a9ed08f5b4ed05effd10adf25cc79551eb02 (patch) | |
| tree | 129483b0867595fef6ed0b4c9e40c1dcb85e7a1c | |
| parent | 62e17ad2340f2c46aed45cf38ead786f5d5124d2 (diff) | |
| download | cpython-git-c715a9ed08f5b4ed05effd10adf25cc79551eb02.tar.gz | |
Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
| -rw-r--r-- | Lib/test/test_ssl.py | 20 | ||||
| -rw-r--r-- | Misc/NEWS | 4 | ||||
| -rw-r--r-- | Modules/_ssl.c | 3 |
3 files changed, 26 insertions, 1 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 619968585d..bab14529f8 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -232,6 +232,26 @@ class NetworkedTests(unittest.TestCase): if test_support.verbose: sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem) + def test_algorithms(self): + # Issue #8484: all algorithms should be available when verifying a + # certificate. + # NOTE: https://sha256.tbs-internet.com is another possible test host + remote = ("sha2.hboeck.de", 443) + sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem") + s = ssl.wrap_socket(socket.socket(socket.AF_INET), + cert_reqs=ssl.CERT_REQUIRED, + ca_certs=sha256_cert,) + with test_support.transient_internet(): + try: + s.connect(remote) + if test_support.verbose: + sys.stdout.write("\nCipher with %r is %r\n" % + (remote, s.cipher())) + sys.stdout.write("Certificate is:\n%s\n" % + pprint.pformat(s.getpeercert())) + finally: + s.close() + try: import threading @@ -20,6 +20,10 @@ Core and Builtins Library ------- +- Issue #8484: Load all ciphers and digest algorithms when initializing + the _ssl extension, such that verification of some SSL certificates + doesn't fail because of an "unknown algorithm". + - Issue #8437: Fix test_gdb failures, patch written by Dave Malcolm - Issue #4814: timeout parameter is now applied also for connections resulting diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 6dad6a6ff1..4702ecbfe1 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1603,13 +1603,14 @@ init_ssl(void) /* Init OpenSSL */ SSL_load_error_strings(); + SSL_library_init(); #ifdef WITH_THREAD /* note that this will start threading if not already started */ if (!_setup_ssl_threads()) { return; } #endif - SSLeay_add_ssl_algorithms(); + OpenSSL_add_all_algorithms(); /* Add symbols to module dict */ PySSLErrorObject = PyErr_NewException("ssl.SSLError", |