Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / 2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817^! / . / Modules / _ssl.c
commit2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817[log] [tgz]
authorAntoine Pitrou <solipsis@pitrou.net>Sat Apr 17 17:40:45 2010 +0000
committerAntoine Pitrou <solipsis@pitrou.net>Sat Apr 17 17:40:45 2010 +0000
treea34682efe1b686fe2dc9d04b7c8d71edb69ed4e9
parentec8dfeb27e46f826b0c7f03196f70520a33828d6 [diff] [blame]
Merged revisions 80151 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80151 | antoine.pitrou | 2010-04-17 19:10:38 +0200 (sam., 17 avril 2010) | 4 lines

  Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the
  available cipher list.  Helps fix test_ssl with OpenSSL 1.0.0.
........

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 5cb7e0a..8784972 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c

@@ -262,7 +262,7 @@
 	       enum py_ssl_server_or_client socket_type,
 	       enum py_ssl_cert_requirements certreq,
 	       enum py_ssl_version proto_version,
-	       char *cacerts_file)
+	       char *cacerts_file, char *ciphers)
 {
 	PySSLObject *self;
 	char *errstr = NULL;
@@ -310,6 +310,14 @@
 		goto fail;
 	}
 
+	if (ciphers != NULL) {
+		ret = SSL_CTX_set_cipher_list(self->ctx, ciphers);
+		if (ret == 0) {
+			errstr = ERRSTR("No cipher can be selected.");
+			goto fail;
+		}
+	}
+
 	if (certreq != PY_SSL_CERT_NONE) {
 		if (cacerts_file == NULL) {
 			errstr = ERRSTR("No root certificates specified for "
@@ -408,14 +416,15 @@
 	char *key_file = NULL;
 	char *cert_file = NULL;
 	char *cacerts_file = NULL;
+	char *ciphers = NULL;
 
-	if (!PyArg_ParseTuple(args, "O!i|zziiz:sslwrap",
+	if (!PyArg_ParseTuple(args, "O!i|zziizz:sslwrap",
 			      PySocketModule.Sock_Type,
 			      &Sock,
 			      &server_side,
 			      &key_file, &cert_file,
 			      &verification_mode, &protocol,
-			      &cacerts_file))
+			      &cacerts_file, &ciphers))
 		return NULL;
 
 	/*
@@ -428,12 +437,13 @@
 
 	return (PyObject *) newPySSLObject(Sock, key_file, cert_file,
 					   server_side, verification_mode,
-					   protocol, cacerts_file);
+					   protocol, cacerts_file,
+					   ciphers);
 }
 
 PyDoc_STRVAR(ssl_doc,
 "sslwrap(socket, server_side, [keyfile, certfile, certs_mode, protocol,\n"
-"                              cacertsfile]) -> sslobject");
+"                              cacertsfile, ciphers]) -> sslobject");
 
 /* SSL object methods */