Changes by Christian Heimes li...@cheimes.de:
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18143
___
Roundup Robot added the comment:
New changeset a4d31e56075d by Christian Heimes in branch 'default':
Issue #18143: Implement ssl.get_default_verify_paths() in order to debug
http://hg.python.org/cpython/rev/a4d31e56075d
--
nosy: +python-dev
___
Antoine Pitrou added the comment:
Your raw parameter is one too many IMO. You should find a way to present all
relevant information in a single API call.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18143
Christian Heimes added the comment:
How about a single return value:
DefaultVerifyPaths = collections.namedtuple(DefaultVerifyPaths,
cafile capath openssl_cafile_env openssl_cafile openssl_capath_env
openssl_capath)
--
___
Python tracker
Antoine Pitrou added the comment:
How about a single return value:
DefaultVerifyPaths = collections.namedtuple(DefaultVerifyPaths,
cafile capath openssl_cafile_env openssl_cafile openssl_capath_env
openssl_capath)
Sounds good.
--
___
New submission from Christian Heimes:
The patch implements a get_default_verify_paths() function for the ssl module.
It returns the env vars and paths that are used by openssl's
set_default_verify_paths() to load CA certs from default locations. I think it
makes a useful addition for
Brett Cannon added the comment:
I have no clue what is being returned by this function. Any chance of using
types.SimpleNamespace to give meaningful names to the returned values instead
of a tuple?
--
nosy: +brett.cannon
___
Python tracker
Christian Heimes added the comment:
Sure! I can add SimpleNamespace.
The C function returns four elements:
* environment var that is used to look up the path to a CA cert file
* path to a CA cert file
* environment var that is used to look up the path to a CA cert directory
* path to a CA
Christian Heimes added the comment:
I forgot that a SimpleNamespace is an unorder collection. However the order is
significant. OpenSSL uses the cafile first and ignores capath if a cert in
cafile matches. The path to cafile or capath is ignored when the environment
key exists -- even when it
Christian Heimes added the comment:
How about that output, Brett? cafile is None because /usr/lib/ssl/cert.pem
doesn't exist on my system.
import ssl
ssl.get_default_verify_paths()
DefaultVerifyPaths(cafile=None, capath='/usr/lib/ssl/certs')
ssl.get_default_verify_paths(raw=True)
Brett Cannon added the comment:
That's better. As long as you use result[1::2] then the tuple is reasonable to
use for the order need and still make sense as an iterable.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18143
Christian Heimes added the comment:
New patch with tests and documentation.
--
Added file: http://bugs.python.org/file30476/sslverifypath2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18143
Changes by Christian Heimes li...@cheimes.de:
Removed file: http://bugs.python.org/file30473/sslverifypath.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18143
___
13 matches
Mail list logo