diff options
| author | Anas Nashif <anas.nashif@intel.com> | 2012-11-07 07:29:36 -0800 |
|---|---|---|
| committer | Chanho Park <chanho61.park@samsung.com> | 2014-08-19 19:40:54 +0900 |
| commit | 2aa5cedf82f6c779d72c60ffc49e57b68ea6e4f5 (patch) | |
| tree | 04c69630c0e31eef187b3b6492e7fb1633eaec56 | |
| parent | 49849615b4a13a55bbed7f151f1019966f01563f (diff) | |
| download | python-2aa5cedf82f6c779d72c60ffc49e57b68ea6e4f5.tar.gz python-2aa5cedf82f6c779d72c60ffc49e57b68ea6e4f5.tar.bz2 python-2aa5cedf82f6c779d72c60ffc49e57b68ea6e4f5.zip | |
python-2.7.3-ssl_ca_path
===================================================================
| -rw-r--r-- | Modules/_ssl.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 752b033..c94309e 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -274,6 +274,7 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file, int ret; int verification_mode; long options; + struct stat stat_buf; self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */ if (self == NULL) @@ -335,11 +336,23 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file, "verification of other-side certificates."); goto fail; } else { - PySSL_BEGIN_ALLOW_THREADS - ret = SSL_CTX_load_verify_locations(self->ctx, - cacerts_file, - NULL); - PySSL_END_ALLOW_THREADS + /* If cacerts_file is a directory-based cert store, pass it as the + third parameter, CApath, instead + */ + if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) { + PySSL_BEGIN_ALLOW_THREADS + ret = SSL_CTX_load_verify_locations(self->ctx, + NULL, + cacerts_file); + PySSL_END_ALLOW_THREADS + } else { + PySSL_BEGIN_ALLOW_THREADS + ret = SSL_CTX_load_verify_locations(self->ctx, + cacerts_file, + NULL); + PySSL_END_ALLOW_THREADS + } + if (ret != 1) { _setSSLError(NULL, 0, __FILE__, __LINE__); goto fail; |