Issue #10989: Fix a crash on SSLContext.load_verify_locations(None, True).
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 0e47595..4ea1a63 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -394,6 +394,9 @@
ctx.load_verify_locations(CERTFILE, CAPATH)
ctx.load_verify_locations(CERTFILE, capath=BYTES_CAPATH)
+ # Issue #10989: crash if the second argument type is invalid
+ self.assertRaises(TypeError, ctx.load_verify_locations, None, True)
+
@skip_if_broken_ubuntu_ssl
def test_session_stats(self):
for proto in PROTOCOLS:
diff --git a/Misc/NEWS b/Misc/NEWS
index b05b93c..51f5ac1 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -16,6 +16,8 @@
Library
-------
+- Issue #10989: Fix a crash on SSLContext.load_verify_locations(None, True).
+
- Issue #11020: Command-line pyclbr was broken because of missing 2-to-3
conversion.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 1e4b38a..141b1ae 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1683,7 +1683,7 @@
return NULL;
}
if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) {
- Py_DECREF(cafile_bytes);
+ Py_XDECREF(cafile_bytes);
PyErr_SetString(PyExc_TypeError,
"capath should be a valid filesystem path");
return NULL;