[issue34257] SSL should accept cert content, instead of just cert file path

2018-07-28 Thread Jared 


Jared  added the comment:

Also [PEP 543](https://www.python.org/dev/peps/pep-0543/) is related to this. 
In addition, I think [PyOpenSSL](https://pyopenssl.org/en/stable/index.html) 
provides support for what you want.

--
nosy: +j-rewerts

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34257] SSL should accept cert content, instead of just cert file path

2018-07-28 Thread Nathaniel Smith 


Nathaniel Smith  added the comment:

This is a duplicate of bpo-16487, which has more discussion about how the API 
might work.

--
nosy: +njs
resolution:  -> duplicate
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34257] SSL should accept cert content, instead of just cert file path

2018-07-28 Thread Rico Lin 


Change by Rico Lin :


--
versions: +Python 3.5 -Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34257] SSL should accept cert content, instead of just cert file path

2018-07-28 Thread Rico Lin 


New submission from Rico Lin :

Currently, SSL module [1] only allows file path as input.
That led to a lot of libraries only accept file path to a local file.
This lead to issues when people who trigger this python code, didn't have any 
right to access a local file. Here are two examples:

1. In multi-cloud orchestration service design, you (as an operator) like to 
create resources in another cloud with orchestration service(like Heat in 
OpenStack), but you like to set up SSL for this connection. You should not 
allow accessing a local file from the first cloud (where the orchestration 
service is running). And you can't guarantee the first cloud provider allow you 
to inject a Cert file in their environment. In this case we need to allow 
operators to input their own cert information and parse it to ssl option for 
request.

2. Serverless. In serverless, we give a python code and cloud will provide an 
environment to run it. We can try to inject cert when we try to create 
environment for operators, but it will be more secure to directly pass it to 
python instead of store it around.

The first case is what we're looking for an answer. Didn't look into the design 
for the second case, but I guess that might face the same issue.


[1] https://github.com/python/cpython/blob/master/Modules/_ssl.c#L3683

--
assignee: christian.heimes
components: SSL
messages: 322539
nosy: christian.heimes, rico-lin
priority: normal
severity: normal
status: open
title: SSL should accept cert content, instead of just cert file path
type: enhancement
versions: Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com