New submission from Kristján Valur Jónsson: The _ssl module (and indeed the openssl lib) relies heaviliy on actual filesystem locations to load certificates. A client or a server may not want to rely on physical filesystem locations to load certificates for authentication or verification. Physical disc files are cumbersome and present a management burden in the presence of multiple processes.
This patch adds extensions to the _ssl.c file which allows certificates, keys and certification chains to be provided by file contents, rather than file name. The ctx.load_cert_chain and ctx.load_verify_locations take additional arguments to specify the data on this form. the ssl.wrap_socket does not add arguments, rather the function is polymorphic in that the conents of the certfil/keyfile are examined and treated as file-data if beginning with -----BEGIN. the ca_certs is similarly treated as a list of file contents, if it is a list, (rather than a string) This patch is the result of work at CCP for deploying ssl clients and servers in an isolated environment without having to resort to temporary disk files. ---------- components: Extension Modules files: sslpatch1.patch keywords: patch messages: 175691 nosy: kristjan.jonsson priority: normal severity: normal status: open title: Allow ssl certificates to be speficfied from memory rather than files. type: enhancement versions: Python 3.4 Added file: http://bugs.python.org/file28002/sslpatch1.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue16487> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com