New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSLSocket created from SSLContext.wrap_socket doesn't include cert/keyfile #60561
Comments
mcjeff@martian:~/cpython$ ./python -V When an SSLSocket is created via SSLContext.wrap_socket, it is passed a _context parameter directly. SSLSocket.__init__ sets self.context at this point, but it does not set self.keyfile or self.certfile. However, in SSLSocket.accept, both keyfile & certfile are passed when creating a new, wrapped SSLSocket, from socket.accept's newsock. The result is an attribute error.
>>> import ssl
>>> c = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
>>> c.load_cert_chain('Lib/test/keycert.pem')
>>> import socket
>>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
>>> s.bind(('127.0.0.1', 5050))
>>> s.listen(5)
>>> s.accept() # nc localhost 5050 in another term.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/google/home/mcjeff/cpython/Lib/ssl.py", line 557, in accept
keyfile=self.keyfile, certfile=self.certfile,
AttributeError: 'SSLSocket' object has no attribute 'keyfile'
>>> Attached one-liner addresses it by passing in the context rather than the keyfile & certfile. >>> s.accept()
(<socket.socket object, fd=4, family=2, type=1, proto=0>, ('127.0.0.1', 37306))
>>> |
I don't understand your code snippet: you don't seem to wrap the socket anywhere (paste error?). |
Ak! Yes, cut and paste error. Python 3.4.0a0 (default:57a33af85407, Oct 27 2012, 21:26:30)
[GCC 4.4.3] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> c = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
>>> c.load_cert_chain('Lib/test/keycert.pem')
>>> import socket
>>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
>>> s.bind(('127.0.0.1', 5050))
>>> s = c.wrap_socket(s)
>>> s.listen(5)
>>> s.accept()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/jeff/cpython/Lib/ssl.py", line 557, in accept
keyfile=self.keyfile, certfile=self.certfile,
AttributeError: 'SSLSocket' object has no attribute 'keyfile'
>>> I'll add a corresponding test, sure thing. |
Updated to pass in the parent context only actually, as it doesn't look like all of the attributes on SSLSocket will be set if a context was initially passed in. |
New changeset f475332df9b5 by Antoine Pitrou in branch '3.2': New changeset 9510a9641c80 by Antoine Pitrou in branch '3.3': New changeset 5fc30f0277a5 by Antoine Pitrou in branch 'default': |
I've reworked the patch a bit and committed it. Thank you for reporting this! |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: