Cleaner support PKCS#12 without passphrase. The upgrade from 0.13 -> 0.14 had a small backwards incompatible API change that, in 0.14, requires `load_pkcs12` to pass in a passphrase. This change makes the API backwards compatible by setting a default value for the passphrase argument. Add test cases and change log entry for changes.

commit: 3848262a8143d98f1b93458389078d40587d9eda [log] [tgz]
author: Stephen Holsapple <sholsapp@gmail.com> Sat Apr 05 20:29:34 2014 -0700
committer: Stephen Holsapple <sholsapp@gmail.com> Tue Apr 22 15:14:42 2014 -0700
tree: 8e3732ddc53537c6b0112b25cd593766e940ac3a
parent: add6c581b170d2404300c7ea38ec1348dab69f99 [diff] [blame]
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index 65e28d7..4d0867e 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py

@@ -2215,7 +2215,7 @@
 
 
 
-def load_pkcs12(buffer, passphrase):
+def load_pkcs12(buffer, passphrase=None):
     """
     Load a PKCS12 object from a buffer
 
@@ -2228,6 +2228,13 @@
 
     bio = _new_mem_buf(buffer)
 
+    # Use null passphrase if passphrase is None or empty string. With PKCS#12
+    # password based encryption no password and a zero length password are two
+    # different things, but OpenSSL implementation will try both to figure out
+    # which one works.
+    if not passphrase:
+        passphrase = _ffi.NULL
+
     p12 = _lib.d2i_PKCS12_bio(bio, _ffi.NULL)
     if p12 == _ffi.NULL:
         _raise_current_error()
commit	3848262a8143d98f1b93458389078d40587d9eda	[log] [tgz]
author	Stephen Holsapple <sholsapp@gmail.com>	Sat Apr 05 20:29:34 2014 -0700
committer	Stephen Holsapple <sholsapp@gmail.com>	Tue Apr 22 15:14:42 2014 -0700
tree	8e3732ddc53537c6b0112b25cd593766e940ac3a
parent	add6c581b170d2404300c7ea38ec1348dab69f99 [diff] [blame]