bpo-25404: SSLContext.load_dh_params() non-ASCII path (GH-3459)

SSLContext.load_dh_params() now supports non-ASCII path. Signed-off-by: Christian Heimes <christian@python.org>
python · Feb 25, 2018 · 6e8f395 · 6e8f395
1 parent 8d4d173
commit 6e8f395
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
@@ -14,7 +14,7 @@
 import os
 import errno
 import pprint
-import tempfile
+import shutil
 import urllib2
 import traceback
 import weakref
@@ -1000,6 +1000,10 @@ def test_load_dh_params(self):
         self.assertEqual(cm.exception.errno, errno.ENOENT)
         with self.assertRaises(ssl.SSLError) as cm:
             ctx.load_dh_params(CERTFILE)
+        with support.temp_dir() as d:
+            fname = os.path.join(d, u'dhpäräm.pem')
+            shutil.copy(DHFILE, fname)
+            ctx.load_dh_params(fname)
 
     @skip_if_broken_ubuntu_ssl
     def test_session_stats(self):

diff --git a/Misc/NEWS.d/next/Library/2017-09-08-11-04-10.bpo-25404.pXetCl.rst b/Misc/NEWS.d/next/Library/2017-09-08-11-04-10.bpo-25404.pXetCl.rst
@@ -0,0 +1 @@
+SSLContext.load_dh_params() now supports non-ASCII path.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -2983,13 +2983,25 @@ load_dh_params(PySSLContext *self, PyObject *filepath)
 {
     BIO *bio;
     DH *dh;
-    char *path = PyBytes_AsString(filepath);
-    if (!path) {
-        return NULL;
+    PyObject *filepath_bytes = NULL;
+
+    if (PyString_Check(filepath)) {
+        Py_INCREF(filepath);
+        filepath_bytes = filepath;
+    } else {
+        PyObject *u = PyUnicode_FromObject(filepath);
+        if (!u)
+            return NULL;
+        filepath_bytes = PyUnicode_AsEncodedString(
+            u, Py_FileSystemDefaultEncoding, NULL);
+        Py_DECREF(u);
+        if (!filepath_bytes)
+            return NULL;
     }
 
-    bio = BIO_new_file(path, "r");
+    bio = BIO_new_file(PyBytes_AS_STRING(filepath_bytes), "r");
     if (bio == NULL) {
+        Py_DECREF(filepath_bytes);
         ERR_clear_error();
         PyErr_SetFromErrnoWithFilenameObject(PyExc_IOError, filepath);
         return NULL;
@@ -2998,6 +3010,7 @@ load_dh_params(PySSLContext *self, PyObject *filepath)
     PySSL_BEGIN_ALLOW_THREADS
     dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
     BIO_free(bio);
+    Py_DECREF(filepath_bytes);
     PySSL_END_ALLOW_THREADS
     if (dh == NULL) {
         if (errno != 0) {