def test_get_default_verify_paths(self):
import _ssl
paths = _ssl.get_default_verify_paths()
assert paths[0] == 'SSL_CERT_FILE'
assert paths[2] == 'SSL_CERT_DIR'
assert paths[1].endswith('cert.pem')
assert paths[3].endswith('certs')
def get_default_verify_paths():
"""Return paths to default cafile and capath.
"""
parts = _ssl.get_default_verify_paths()
# environment vars shadow paths
cafile = os.environ.get(parts[0], parts[1])
capath = os.environ.get(parts[2], parts[3])
return DefaultVerifyPaths(cafile if os.path.isfile(cafile) else None,
capath if os.path.isdir(capath) else None,
*parts)
def get_default_verify_paths():
"""Return paths to default cafile and capath.
"""
parts = _ssl.get_default_verify_paths()
# environment vars shadow paths
cafile = os.environ.get(parts[0], parts[1])
capath = os.environ.get(parts[2], parts[3])
return DefaultVerifyPaths(cafile if os.path.isfile(cafile) else None,
capath if os.path.isdir(capath) else None,
*parts)
def collect_ssl(info_add):
import os
try:
import ssl
except ImportError:
return
try:
import _ssl
except ImportError:
_ssl = None
def format_attr(attr, value):
if attr.startswith('OP_'):
return '%#8x' % value
else:
return value
attributes = (
'OPENSSL_VERSION',
'OPENSSL_VERSION_INFO',
'HAS_SNI',
'OP_ALL',
'OP_NO_TLSv1_1',
)
copy_attributes(info_add, ssl, 'ssl.%s', attributes, formatter=format_attr)
for name, ctx in (
('SSLContext', ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)),
('default_https_context', ssl._create_default_https_context()),
('stdlib_context', ssl._create_stdlib_context()),
):
attributes = (
'minimum_version',
'maximum_version',
'protocol',
'options',
'verify_mode',
)
copy_attributes(info_add, ctx, f'ssl.{name}.%s', attributes)
env_names = ["OPENSSL_CONF", "SSLKEYLOGFILE"]
if _ssl is not None and hasattr(_ssl, 'get_default_verify_paths'):
parts = _ssl.get_default_verify_paths()
env_names.extend((parts[0], parts[2]))
for name in env_names:
try:
value = os.environ[name]
except KeyError:
continue
info_add('ssl.environ[%s]' % name, value)
def get_default_verify_paths():
"""Return paths to default cafile and capath.
"""
parts = list(_ssl.get_default_verify_paths())
cafile, capath = _find_cafile_and_capath()
# environment vars shadow paths
cafile = os.environ.get(parts[0], cafile)
capath = os.environ.get(parts[2], capath)
# overwrite what we get from bundled openssl since it's useless
parts[1] = None
parts[3] = None
return DefaultVerifyPaths(cafile if os.path.isfile(cafile or '') else None,
capath if os.path.isdir(capath or '') else None,
*parts)
def collect_ssl(info_add):
import os
try:
import ssl
except ImportError:
return
try:
import _ssl
except ImportError:
_ssl = None
def format_attr(attr, value):
if attr.startswith('OP_'):
return '%#8x' % value
else:
return value
attributes = (
'OPENSSL_VERSION',
'OPENSSL_VERSION_INFO',
'HAS_SNI',
'OP_ALL',
'OP_NO_TLSv1_1',
)
copy_attributes(info_add, ssl, 'ssl.%s', attributes, formatter=format_attr)
options_names = []
protocol_names = {}
verify_modes = {}
for name in dir(ssl):
if name.startswith('OP_'):
options_names.append((name, getattr(ssl, name)))
elif name.startswith('PROTOCOL_'):
protocol_names[getattr(ssl, name)] = name
elif name.startswith('CERT_'):
verify_modes[getattr(ssl, name)] = name
options_names.sort(key=lambda item: item[1], reverse=True)
def formatter(attr_name, value):
if attr_name == 'options':
options_text = []
for opt_name, opt_value in options_names:
if value & opt_value:
options_text.append(opt_name)
value &= ~opt_value
if value:
options_text.append(str(value))
return '|' .join(options_text)
elif attr_name == 'verify_mode':
return verify_modes.get(value, value)
elif attr_name == 'protocol':
return protocol_names.get(value, value)
else:
return value
for name, ctx in (
('SSLContext(PROTOCOL_TLS)', ssl.SSLContext(ssl.PROTOCOL_TLS)),
('default_https_context', ssl._create_default_https_context()),
('stdlib_context', ssl._create_stdlib_context()),
):
attributes = (
'minimum_version',
'maximum_version',
'protocol',
'options',
'verify_mode',
)
copy_attributes(info_add, ctx, 'ssl.%s.%%s' % name, attributes, formatter=formatter)
env_names = ["OPENSSL_CONF", "SSLKEYLOGFILE"]
if _ssl is not None and hasattr(_ssl, 'get_default_verify_paths'):
parts = _ssl.get_default_verify_paths()
env_names.extend((parts[0], parts[2]))
for name in env_names:
try:
value = os.environ[name]
except KeyError:
continue
info_add('ssl.environ[%s]' % name, value)
