]> granicus.if.org Git - python/commitdiff
Fix issue #8806: add SSL contexts support to ftplib
authorGiampaolo Rodolà <g.rodola@gmail.com>
Wed, 26 May 2010 18:06:04 +0000 (18:06 +0000)
committerGiampaolo Rodolà <g.rodola@gmail.com>
Wed, 26 May 2010 18:06:04 +0000 (18:06 +0000)
Doc/library/ftplib.rst
Lib/ftplib.py
Lib/test/test_ftplib.py
Misc/NEWS

index 35e9ce2e406ed244585a71776a1401a1b93a12f8..e3e546c65dad36b46c8c60708920a67f79a2ae3f 100644 (file)
@@ -65,7 +65,7 @@ The module defines the following items:
       Support for the :keyword:`with` statement was added.
 
 
-.. class:: FTP_TLS(host='', user='', passwd='', acct='', [keyfile[, certfile[, timeout]]])
+.. class:: FTP_TLS(host='', user='', passwd='', acct='', [keyfile[, certfile[, context[, timeout]]]])
 
    A :class:`FTP` subclass which adds TLS support to FTP as described in
    :rfc:`4217`.
@@ -74,6 +74,9 @@ The module defines the following items:
    explicitly ask for it by calling the :meth:`prot_p` method.
    *keyfile* and *certfile* are optional -- they can contain a PEM formatted
    private key and certificate chain file name for the SSL connection.
+   *context* parameter is a :class:`ssl.SSLContext` object which allows
+   bundling SSL configuration options, certificates and private keys into a
+   single (potentially long-lived) structure.
 
    .. versionadded:: 3.2
 
index c25ae2afbb10159200c5a4b0277028bf2ea3d85b..b593fa1e76c1a7cc82bc6329184d5376433df25d 100644 (file)
@@ -638,9 +638,17 @@ else:
         ssl_version = ssl.PROTOCOL_TLSv1
 
         def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
-                     certfile=None, timeout=_GLOBAL_DEFAULT_TIMEOUT):
+                     certfile=None, context=None,
+                     timeout=_GLOBAL_DEFAULT_TIMEOUT):
+            if context is not None and keyfile is not None:
+                raise ValueError("context and keyfile arguments are mutually "
+                                 "exclusive")
+            if context is not None and certfile is not None:
+                raise ValueError("context and certfile arguments are mutually "
+                                 "exclusive")
             self.keyfile = keyfile
             self.certfile = certfile
+            self.context = context
             self._prot_p = False
             FTP.__init__(self, host, user, passwd, acct, timeout)
 
@@ -657,8 +665,12 @@ else:
                 resp = self.voidcmd('AUTH TLS')
             else:
                 resp = self.voidcmd('AUTH SSL')
-            self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
-                                        ssl_version=self.ssl_version)
+            if self.context is not None:
+                self.sock = self.context.wrap_socket(self.sock)
+            else:
+                self.sock = ssl.wrap_socket(self.sock, self.keyfile,
+                                            self.certfile,
+                                            ssl_version=self.ssl_version)
             self.file = self.sock.makefile(mode='r', encoding=self.encoding)
             return resp
 
@@ -689,8 +701,11 @@ else:
         def ntransfercmd(self, cmd, rest=None):
             conn, size = FTP.ntransfercmd(self, cmd, rest)
             if self._prot_p:
-                conn = ssl.wrap_socket(conn, self.keyfile, self.certfile,
-                                       ssl_version=self.ssl_version)
+                if self.context is not None:
+                    conn = self.context.wrap_socket(conn)
+                else:
+                    conn = ssl.wrap_socket(conn, self.keyfile, self.certfile,
+                                           ssl_version=self.ssl_version)
             return conn, size
 
         def retrbinary(self, cmd, callback, blocksize=8192, rest=None):
index eb33526b35503fc0679632e51d3660d5e48e4fe5..9dc06cd7451952b094fa4fafdb4cdab69896705f 100644 (file)
@@ -719,6 +719,29 @@ class TestTLS_FTPClass(TestCase):
         finally:
             self.client.ssl_version = ssl.PROTOCOL_TLSv1
 
+    def test_context(self):
+        self.client.quit()
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        self.assertRaises(ValueError, ftplib.FTP_TLS, keyfile=CERTFILE,
+                          context=ctx)
+        self.assertRaises(ValueError, ftplib.FTP_TLS, certfile=CERTFILE,
+                          context=ctx)
+        self.assertRaises(ValueError, ftplib.FTP_TLS, certfile=CERTFILE,
+                          keyfile=CERTFILE, context=ctx)
+
+        self.client = ftplib.FTP_TLS(context=ctx, timeout=2)
+        self.client.connect(self.server.host, self.server.port)
+        self.assertNotIsInstance(self.client.sock, ssl.SSLSocket)
+        self.client.auth()
+        self.assertIs(self.client.sock.context, ctx)
+        self.assertIsInstance(self.client.sock, ssl.SSLSocket)
+
+        self.client.prot_p()
+        sock = self.client.transfercmd('list')
+        self.assertIs(self.client.sock.context, ctx)
+        self.assertIsInstance(sock, ssl.SSLSocket)
+        sock.close()
+
 
 class TestTimeouts(TestCase):
 
index 22e8dc80a6141864154ab4798fed49f78406dd1c..6899442224ef2488a654af67cd5a4560e847f22b 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -392,6 +392,8 @@ C-API
 Library
 -------
 
+- Issue #8806: add SSL contexts support to ftplib.
+
 - Issue #4769: Fix main() function of the base64 module, use sys.stdin.buffer
   and sys.stdout.buffer (instead of sys.stdin and sys.stdout) to use the bytes
   API