New submission from Giampaolo Rodola' <g.rod...@gmail.com>:
By taking a look at ssl.py it seems that keyfile argument is ignored if
certfile argument is not specified as well.
Here's an extract of ssl.py code:
class SSLSocket:
def __init__(self, sock=None, keyfile=None, certfile=None,
server_side=False, cert_reqs=CERT_NONE,
ssl_version=PROTOCOL_SSLv23, ca_certs=None,
do_handshake_on_connect=True,
family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None,
suppress_ragged_eofs=True, ciphers=None,
_context=None):
[...]
if certfile and not keyfile:
keyfile = certfile
[...]
if certfile:
self.context.load_cert_chain(certfile, keyfile)
So at the current stage this:
>>> ssl.wrap_socket(socket.socket(), keyfile="XXX")
<ssl.SSLSocket object, fd=5, family=2, type=1, proto=0>
...would be equal to:
>>> ssl.wrap_socket(socket.socket())
<ssl.SSLSocket object, fd=5, family=2, type=1, proto=0>
To me this leads to one question: are there circumstances in which it makes
sense to specify "keyfile" and *not* "certfile"?
As far as I know, on server-side it is always required to specify *at least*
certfile argument, in which case this would represent a bug.
Not sure about client-side sockets.
----------
messages: 115195
nosy: exarkun, giampaolo.rodola, janssen, pitrou
priority: normal
severity: normal
status: open
title: ssl.SSLSocket's keyfile argument seems to be ignored if specified
without certfile
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue9711>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
