86253c9ef6
Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122
42 lines
1.7 KiB
Diff
42 lines
1.7 KiB
Diff
Index: Modules/_ssl.c
|
|
===================================================================
|
|
--- Modules/_ssl.c.orig
|
|
+++ Modules/_ssl.c
|
|
@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
|
|
char *errstr = NULL;
|
|
int ret;
|
|
int verification_mode;
|
|
+ struct stat stat_buf;
|
|
|
|
self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
|
|
if (self == NULL)
|
|
@@ -331,11 +332,23 @@ newPySSLObject(PySocketSockObject *Sock,
|
|
"verification of other-side certificates.");
|
|
goto fail;
|
|
} else {
|
|
- PySSL_BEGIN_ALLOW_THREADS
|
|
- ret = SSL_CTX_load_verify_locations(self->ctx,
|
|
- cacerts_file,
|
|
- NULL);
|
|
- PySSL_END_ALLOW_THREADS
|
|
+ /* If cacerts_file is a directory-based cert store, pass it as the
|
|
+ third parameter, CApath, instead
|
|
+ */
|
|
+ if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
|
|
+ PySSL_BEGIN_ALLOW_THREADS
|
|
+ ret = SSL_CTX_load_verify_locations(self->ctx,
|
|
+ NULL,
|
|
+ cacerts_file);
|
|
+ PySSL_END_ALLOW_THREADS
|
|
+ } else {
|
|
+ PySSL_BEGIN_ALLOW_THREADS
|
|
+ ret = SSL_CTX_load_verify_locations(self->ctx,
|
|
+ cacerts_file,
|
|
+ NULL);
|
|
+ PySSL_END_ALLOW_THREADS
|
|
+ }
|
|
+
|
|
if (ret != 1) {
|
|
_setSSLError(NULL, 0, __FILE__, __LINE__);
|
|
goto fail;
|