New submission from Giampaolo Rodola' <g.rod...@gmail.com>: There are various errors I think ssl module should check. In the examples below I'll always refer to ssl.wrap_socket() function but I expect that ssl.SSLContext suffers the exact same issues.
=== server side mode === When server_side option is set to True it is always required that at least a certfile argument is specified. This condition is not verified if the socket is still not connected: >>> ssl.wrap_socket(socket.socket(), server_side=1) <ssl.SSLSocket object, fd=3, family=2, type=1, proto=0> ...later on, when the socket will be connected, we'll get this message: SSLError: _ssl.c:296: Both the key & certificate files must be specified for server-side operation I would change this behavior in SSLSocket constructor and raise ValueError if server_side is True and certfile is None. Also, the message coming from the C code should be adjusted to state than keyfile argument is not mandatory. === server side on connect === >>> s = ssl.wrap_socket(socket.socket(), server_side=1) >>> s.connect(('blogger.com', 443)) >>> For consistency I would expect something like ValueError("can't connect in server-side mode") on connect(). === no such certfile === >>> os.path.exists('xxx') False >>> ssl.wrap_socket(socket.socket(), certfile='xxx') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 404, in wrap_socket ciphers=ciphers) File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 132, in __init__ self.context.load_cert_chain(certfile, keyfile) ssl.SSLError: [Errno 336445442] _ssl.c:1604: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib >>> A simple "IOError No such file or directory 'xxx'" exception would be a lot more clear. === invalid certfile === >>> open('foo', 'w').write('blabla') 6 >>> ssl.wrap_socket(socket.socket(), certfile="foo") Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 404, in wrap_socket ciphers=ciphers) File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 132, in __init__ self.context.load_cert_chain(certfile, keyfile) ssl.SSLError: [Errno 336445449] _ssl.c:1604: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib >>> If possible, the error should be more clear about what happened. Something like "malformed certfile was provided" or something. ---------- messages: 115166 nosy: giampaolo.rodola, janssen, pitrou priority: normal severity: normal status: open title: ssl errors checking versions: Python 3.2 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9706> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com