def test_get_default_verify_paths(self): import _ssl paths = _ssl.get_default_verify_paths() assert paths[0] == 'SSL_CERT_FILE' assert paths[2] == 'SSL_CERT_DIR' assert paths[1].endswith('cert.pem') assert paths[3].endswith('certs')
def get_default_verify_paths(): """Return paths to default cafile and capath. """ parts = _ssl.get_default_verify_paths() # environment vars shadow paths cafile = os.environ.get(parts[0], parts[1]) capath = os.environ.get(parts[2], parts[3]) return DefaultVerifyPaths(cafile if os.path.isfile(cafile) else None, capath if os.path.isdir(capath) else None, *parts)
def collect_ssl(info_add): import os try: import ssl except ImportError: return try: import _ssl except ImportError: _ssl = None def format_attr(attr, value): if attr.startswith('OP_'): return '%#8x' % value else: return value attributes = ( 'OPENSSL_VERSION', 'OPENSSL_VERSION_INFO', 'HAS_SNI', 'OP_ALL', 'OP_NO_TLSv1_1', ) copy_attributes(info_add, ssl, 'ssl.%s', attributes, formatter=format_attr) for name, ctx in ( ('SSLContext', ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)), ('default_https_context', ssl._create_default_https_context()), ('stdlib_context', ssl._create_stdlib_context()), ): attributes = ( 'minimum_version', 'maximum_version', 'protocol', 'options', 'verify_mode', ) copy_attributes(info_add, ctx, f'ssl.{name}.%s', attributes) env_names = ["OPENSSL_CONF", "SSLKEYLOGFILE"] if _ssl is not None and hasattr(_ssl, 'get_default_verify_paths'): parts = _ssl.get_default_verify_paths() env_names.extend((parts[0], parts[2])) for name in env_names: try: value = os.environ[name] except KeyError: continue info_add('ssl.environ[%s]' % name, value)
def get_default_verify_paths(): """Return paths to default cafile and capath. """ parts = list(_ssl.get_default_verify_paths()) cafile, capath = _find_cafile_and_capath() # environment vars shadow paths cafile = os.environ.get(parts[0], cafile) capath = os.environ.get(parts[2], capath) # overwrite what we get from bundled openssl since it's useless parts[1] = None parts[3] = None return DefaultVerifyPaths(cafile if os.path.isfile(cafile or '') else None, capath if os.path.isdir(capath or '') else None, *parts)
def collect_ssl(info_add): import os try: import ssl except ImportError: return try: import _ssl except ImportError: _ssl = None def format_attr(attr, value): if attr.startswith('OP_'): return '%#8x' % value else: return value attributes = ( 'OPENSSL_VERSION', 'OPENSSL_VERSION_INFO', 'HAS_SNI', 'OP_ALL', 'OP_NO_TLSv1_1', ) copy_attributes(info_add, ssl, 'ssl.%s', attributes, formatter=format_attr) options_names = [] protocol_names = {} verify_modes = {} for name in dir(ssl): if name.startswith('OP_'): options_names.append((name, getattr(ssl, name))) elif name.startswith('PROTOCOL_'): protocol_names[getattr(ssl, name)] = name elif name.startswith('CERT_'): verify_modes[getattr(ssl, name)] = name options_names.sort(key=lambda item: item[1], reverse=True) def formatter(attr_name, value): if attr_name == 'options': options_text = [] for opt_name, opt_value in options_names: if value & opt_value: options_text.append(opt_name) value &= ~opt_value if value: options_text.append(str(value)) return '|' .join(options_text) elif attr_name == 'verify_mode': return verify_modes.get(value, value) elif attr_name == 'protocol': return protocol_names.get(value, value) else: return value for name, ctx in ( ('SSLContext(PROTOCOL_TLS)', ssl.SSLContext(ssl.PROTOCOL_TLS)), ('default_https_context', ssl._create_default_https_context()), ('stdlib_context', ssl._create_stdlib_context()), ): attributes = ( 'minimum_version', 'maximum_version', 'protocol', 'options', 'verify_mode', ) copy_attributes(info_add, ctx, 'ssl.%s.%%s' % name, attributes, formatter=formatter) env_names = ["OPENSSL_CONF", "SSLKEYLOGFILE"] if _ssl is not None and hasattr(_ssl, 'get_default_verify_paths'): parts = _ssl.get_default_verify_paths() env_names.extend((parts[0], parts[2])) for name in env_names: try: value = os.environ[name] except KeyError: continue info_add('ssl.environ[%s]' % name, value)