[issue18143] ssl.get_default_verify_paths()

Changes by Christian Heimes : -- resolution: -> fixed stage: patch review -> committed/rejected status: open -> closed ___ Python tracker ___ ___

[issue18143] ssl.get_default_verify_paths()

Roundup Robot added the comment: New changeset a4d31e56075d by Christian Heimes in branch 'default': Issue #18143: Implement ssl.get_default_verify_paths() in order to debug http://hg.python.org/cpython/rev/a4d31e56075d -- nosy: +python-dev ___ Python

[issue18143] ssl.get_default_verify_paths()

Antoine Pitrou added the comment: > How about a single return value: > > DefaultVerifyPaths = collections.namedtuple("DefaultVerifyPaths", > "cafile capath openssl_cafile_env openssl_cafile openssl_capath_env > openssl_capath") Sounds good. --

[issue18143] ssl.get_default_verify_paths()

Christian Heimes added the comment: How about a single return value: DefaultVerifyPaths = collections.namedtuple("DefaultVerifyPaths", "cafile capath openssl_cafile_env openssl_cafile openssl_capath_env openssl_capath") -- ___ Python tracker

[issue18143] ssl.get_default_verify_paths()

Antoine Pitrou added the comment: Your "raw" parameter is one too many IMO. You should find a way to present all relevant information in a single API call. -- ___ Python tracker ___

[issue18143] ssl.get_default_verify_paths()

Changes by Christian Heimes : Removed file: http://bugs.python.org/file30473/sslverifypath.patch ___ Python tracker ___ ___ Python-bugs-list m

[issue18143] ssl.get_default_verify_paths()

Christian Heimes added the comment: New patch with tests and documentation. -- Added file: http://bugs.python.org/file30476/sslverifypath2.patch ___ Python tracker ___ __

[issue18143] ssl.get_default_verify_paths()

Brett Cannon added the comment: That's better. As long as you use result[1::2] then the tuple is reasonable to use for the order need and still make sense as an iterable. -- ___ Python tracker

[issue18143] ssl.get_default_verify_paths()

Christian Heimes added the comment: How about that output, Brett? cafile is None because /usr/lib/ssl/cert.pem doesn't exist on my system. >>> import ssl >>> ssl.get_default_verify_paths() DefaultVerifyPaths(cafile=None, capath='/usr/lib/ssl/certs') >>> ssl.get_default_verify_paths(raw=True) Ra

[issue18143] ssl.get_default_verify_paths()

Christian Heimes added the comment: I forgot that a SimpleNamespace is an unorder collection. However the order is significant. OpenSSL uses the cafile first and ignores capath if a cert in cafile matches. The path to cafile or capath is ignored when the environment key exists -- even when it

[issue18143] ssl.get_default_verify_paths()

Christian Heimes added the comment: Sure! I can add SimpleNamespace. The C function returns four elements: * environment var that is used to look up the path to a CA cert file * path to a CA cert file * environment var that is used to look up the path to a CA cert directory * path to a CA c

[issue18143] ssl.get_default_verify_paths()

Brett Cannon added the comment: I have no clue what is being returned by this function. Any chance of using types.SimpleNamespace to give meaningful names to the returned values instead of a tuple? -- nosy: +brett.cannon ___ Python tracker

[issue18143] ssl.get_default_verify_paths()

New submission from Christian Heimes: The patch implements a get_default_verify_paths() function for the ssl module. It returns the env vars and paths that are used by openssl's set_default_verify_paths() to load CA certs from default locations. I think it makes a useful addition for debugging