From: Benjamin Peterson <benjamin@python.org>
Date: Fri, 3 Oct 2014 21:27:05 +0000 (-0400)
Subject: also use openssl envvars to find certs on windows (closes #22449)
X-Git-Tag: v2.7.9rc1~169
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0b30a2bd27e4bb4de9606a873d69dc8063bca58c;p=thirdparty%2FPython%2Fcpython.git

also use openssl envvars to find certs on windows (closes #22449)

Patch by Christian Heimes and Alex Gaynor.
---

diff --git a/Lib/ssl.py b/Lib/ssl.py
index 5bc07a7d497b..dea893cf7737 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -376,8 +376,7 @@ class SSLContext(_SSLContext):
         if sys.platform == "win32":
             for storename in self._windows_cert_stores:
                 self._load_windows_store_certs(storename, purpose)
-        else:
-            self.set_default_verify_paths()
+        self.set_default_verify_paths()
 
 
 def create_default_context(purpose=Purpose.SERVER_AUTH, cafile=None,
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 75bb1e0f0800..1f0e0937162f 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1058,6 +1058,14 @@ class ContextTests(unittest.TestCase):
         self.assertRaises(TypeError, ctx.load_default_certs, None)
         self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH')
 
+    def test_load_default_certs_env(self):
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        with support.EnvironmentVarGuard() as env:
+            env["SSL_CERT_DIR"] = CAPATH
+            env["SSL_CERT_FILE"] = CERTFILE
+            ctx.load_default_certs()
+            self.assertEqual(ctx.cert_store_stats(), {"crl": 0, "x509": 1, "x509_ca": 0})
+
     def test_create_default_context(self):
         ctx = ssl.create_default_context()
         self.assertEqual(ctx.protocol, ssl.PROTOCOL_SSLv23)
diff --git a/Misc/NEWS b/Misc/NEWS
index c8d616962a42..17e3f8affa5c 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -31,6 +31,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #22449: In the ssl.SSLContext.load_default_certs, consult the
+  enviromental variables SSL_CERT_DIR and SSL_CERT_FILE on Windows.
+
 - Issue #8473: doctest.testfile now uses universal newline mode to read
   the test file.