following an `OpenSSL specific layout
<http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>`_.
+.. method:: SSLContext.set_default_verify_paths()
+
+ Load a set of default "certification authority" (CA) certificates from
+ a filesystem path defined when building the OpenSSL library. Unfortunately,
+ there's no easy way to know whether this method succeeds: no error is
+ returned if no certificates are to be found. When the OpenSSL library is
+ provided as part of the operating system, though, it is likely to be
+ configured properly.
+
.. method:: SSLContext.set_ciphers(ciphers)
Set the available ciphers for sockets created with this context.
'cache_full': 0,
})
+ def test_set_default_verify_paths(self):
+ # There's not much we can do to test that it acts as expected,
+ # so just check it doesn't crash or raise an exception.
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ ctx.set_default_verify_paths()
+
class NetworkedTests(unittest.TestCase):
Library
-------
+- Issue #10443: Add the SSLContext.set_default_verify_paths() method.
+
- Issue #10440: Support RUSAGE_THREAD as a constant in the resource module.
Patch by Robert Collins.
return NULL;
}
+static PyObject *
+set_default_verify_paths(PySSLContext *self, PyObject *unused)
+{
+ if (!SSL_CTX_set_default_verify_paths(self->ctx)) {
+ _setSSLError(NULL, 0, __FILE__, __LINE__);
+ return NULL;
+ }
+ Py_RETURN_NONE;
+}
+
static PyGetSetDef context_getsetlist[] = {
{"options", (getter) get_options,
(setter) set_options, NULL},
METH_VARARGS | METH_KEYWORDS, NULL},
{"session_stats", (PyCFunction) session_stats,
METH_NOARGS, NULL},
+ {"set_default_verify_paths", (PyCFunction) set_default_verify_paths,
+ METH_NOARGS, NULL},
{NULL, NULL} /* sentinel */
};
projects / python / commitdiff