New submission from Kristján Valur Jónsson:

The _ssl module (and indeed the openssl lib) relies heaviliy on actual 
filesystem locations to load certificates.  A client or a server may not want 
to rely on physical filesystem locations to load certificates for 
authentication or verification.  Physical disc files are cumbersome and present 
a management burden in the presence of multiple processes.

This patch adds extensions to the _ssl.c file which allows certificates, keys 
and certification chains to be provided by file contents, rather than file 

The ctx.load_cert_chain and ctx.load_verify_locations take additional arguments 
to specify the data on this form.

the ssl.wrap_socket does not add arguments, rather the function is polymorphic 
in that the conents of the certfil/keyfile are examined and treated as 
file-data if beginning with -----BEGIN.  the ca_certs is similarly treated as a 
list of file contents, if it is a list, (rather than a string)

This patch is the result of work at CCP for deploying ssl clients and servers 
in an isolated environment without having to resort to temporary disk files.

components: Extension Modules
files: sslpatch1.patch
keywords: patch
messages: 175691
nosy: kristjan.jonsson
priority: normal
severity: normal
status: open
title: Allow ssl certificates to be speficfied from memory rather than files.
type: enhancement
versions: Python 3.4
Added file:

Python tracker <>
Python-bugs-list mailing list

Reply via email to