[issue9706] ssl errors checking

Giampaolo Rodola' Sat, 28 Aug 2010 12:19:15 -0700

New submission from Giampaolo Rodola' <g.rod...@gmail.com>:

There are various errors I think ssl module should check.
In the examples below I'll always refer to ssl.wrap_socket() function but I 
expect that ssl.SSLContext suffers the exact same issues.


=== server side mode ===

When server_side option is set to True it is always required that at least a 
certfile argument is specified. This condition is not verified if the socket is 
still not connected:

>>> ssl.wrap_socket(socket.socket(), server_side=1)
<ssl.SSLSocket object, fd=3, family=2, type=1, proto=0>

...later on, when the socket will be connected, we'll get this message:

SSLError: _ssl.c:296: Both the key & certificate files must be specified for 
server-side operation

I would change this behavior in SSLSocket constructor and raise ValueError if 
server_side is True and certfile is None.
Also, the message coming from the C code should be adjusted to state than 
keyfile argument is not mandatory.


=== server side on connect ===

>>> s = ssl.wrap_socket(socket.socket(), server_side=1)
>>> s.connect(('blogger.com', 443))
>>> 

For consistency I would expect something like ValueError("can't connect in 
server-side mode") on connect().


=== no such certfile ===

>>> os.path.exists('xxx')
False
>>> ssl.wrap_socket(socket.socket(), certfile='xxx')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 404, in wrap_socket
    ciphers=ciphers)
  File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 132, in __init__
    self.context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [Errno 336445442] _ssl.c:1604: error:140DC002:SSL 
routines:SSL_CTX_use_certificate_chain_file:system lib
>>> 

A simple "IOError No such file or directory 'xxx'" exception would be a lot 
more clear.


=== invalid certfile ===

>>> open('foo', 'w').write('blabla')
6
>>> ssl.wrap_socket(socket.socket(), certfile="foo")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 404, in wrap_socket
    ciphers=ciphers)
  File "/home/giampaolo/svn/python-3.2/Lib/ssl.py", line 132, in __init__
    self.context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [Errno 336445449] _ssl.c:1604: error:140DC009:SSL 
routines:SSL_CTX_use_certificate_chain_file:PEM lib
>>> 

If possible, the error should be more clear about what happened. Something like 
"malformed certfile was provided" or something.

----------
messages: 115166
nosy: giampaolo.rodola, janssen, pitrou
priority: normal
severity: normal
status: open
title: ssl errors checking
versions: Python 3.2

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue9706>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9706] ssl errors checking

Reply via email to