Fix issue #9711: raise ValueError is SSLConnection constructor is invoked with keyfil...

author Giampaolo Rodolà <g.rodola@gmail.com>

Mon, 30 Aug 2010 18:28:05 +0000 (18:28 +0000)

committer Giampaolo Rodolà <g.rodola@gmail.com>

Mon, 30 Aug 2010 18:28:05 +0000 (18:28 +0000)
author Giampaolo Rodolà <g.rodola@gmail.com>
Mon, 30 Aug 2010 18:28:05 +0000 (18:28 +0000)
committer Giampaolo Rodolà <g.rodola@gmail.com>
Mon, 30 Aug 2010 18:28:05 +0000 (18:28 +0000)
diff --git a/Lib/ssl.py b/Lib/ssl.py

index a634442e13c82ec7dff40185237dba446ba192bb..e83d889cddd64187db130489b773eec251d3d251 100644 (file)
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -125,6 +125,8 @@ class SSLSocket(socket):
              if server_side and not certfile:
                  raise ValueError("certfile must be specified for server-side "
                                   "operations")
+            if keyfile and not certfile:
+                raise ValueError("certfile must be specified")
              if certfile and not keyfile:
                  keyfile = certfile
              self.context = SSLContext(ssl_version)
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py

index a3d1df1380852f0a1c55a91bf2cb04c4d91739d0..8e38ae04c134b68093b40d236ab14f37b13f01bd 100644 (file)
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -174,19 +174,24 @@ class BasicSocketTests(unittest.TestCase):
  
      def test_errors(self):
          sock = socket.socket()
-        with self.assertRaisesRegexp(ValueError, "certfile must be specified"):
-            ssl.wrap_socket(sock, server_side=True)
-            ssl.wrap_socket(sock, server_side=True, certfile="")
+        self.assertRaisesRegexp(ValueError,
+                        "certfile must be specified",
+                        ssl.wrap_socket, sock, keyfile=CERTFILE)
+        self.assertRaisesRegexp(ValueError,
+                        "certfile must be specified for server-side operations",
+                        ssl.wrap_socket, sock, server_side=True)
+        self.assertRaisesRegexp(ValueError,
+                        "certfile must be specified for server-side operations",
+                        ssl.wrap_socket, sock, server_side=True, certfile="")
          s = ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE)
          self.assertRaisesRegexp(ValueError, "can't connect in server-side mode",
                                  s.connect, (HOST, 8080))
          with self.assertRaises(IOError) as cm:
              ssl.wrap_socket(socket.socket(), certfile=WRONGCERT)
          self.assertEqual(cm.exception.errno, errno.ENOENT)
-        # XXX - temporarily disabled as per issue #9711
-        #with self.assertRaises(IOError) as cm:
-        #    ssl.wrap_socket(socket.socket(), keyfile=WRONGCERT)
-        #self.assertEqual(cm.exception.errno, errno.ENOENT)
+        with self.assertRaises(IOError) as cm:
+            ssl.wrap_socket(socket.socket(), certfile=CERTFILE, keyfile=WRONGCERT)
+        self.assertEqual(cm.exception.errno, errno.ENOENT)
          with self.assertRaises(IOError) as cm:
              ssl.wrap_socket(socket.socket(), certfile=WRONGCERT, keyfile=WRONGCERT)
          self.assertEqual(cm.exception.errno, errno.ENOENT)
author	Giampaolo Rodolà <g.rodola@gmail.com>
	Mon, 30 Aug 2010 18:28:05 +0000 (18:28 +0000)
committer	Giampaolo Rodolà <g.rodola@gmail.com>
	Mon, 30 Aug 2010 18:28:05 +0000 (18:28 +0000)
Lib/ssl.py		patch \| blob \| blame \| history
Lib/test/test_ssl.py		patch \| blob \| blame \| history