changeset:   92735:1a36d4e8cf4e
branch:      2.7
parent:      92732:222e0faa5fa9
user:        Benjamin Peterson <benjamin@python.org>
date:        Wed Oct 01 23:53:01 2014 -0400
files:       Lib/ssl.py Lib/test/test_ssl.py Modules/_ssl.c
description:
fix sslwrap_simple (closes #22523)

Thanks Alex Gaynor.


diff -r 222e0faa5fa9 -r 1a36d4e8cf4e Lib/ssl.py
--- a/Lib/ssl.py	Thu Oct 02 02:10:06 2014 +0200
+++ b/Lib/ssl.py	Wed Oct 01 23:53:01 2014 -0400
@@ -969,16 +969,16 @@
 # a replacement for the old socket.ssl function
 
 def sslwrap_simple(sock, keyfile=None, certfile=None):
-
     """A replacement for the old socket.ssl function.  Designed
     for compability with Python 2.5 and earlier.  Will disappear in
     Python 3.0."""
-
     if hasattr(sock, "_sock"):
         sock = sock._sock
 
-    ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE,
-                            PROTOCOL_SSLv23, None)
+    ctx = SSLContext(PROTOCOL_SSLv23)
+    if keyfile or certfile:
+        ctx.load_cert_chain(certfile, keyfile)
+    ssl_sock = ctx._wrap_socket(sock, server_side=False)
     try:
         sock.getpeername()
     except socket_error:
diff -r 222e0faa5fa9 -r 1a36d4e8cf4e Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py	Thu Oct 02 02:10:06 2014 +0200
+++ b/Lib/test/test_ssl.py	Wed Oct 01 23:53:01 2014 -0400
@@ -94,6 +94,8 @@
                 pass
             else:
                 raise
+
+
 def can_clear_options():
     # 0.9.8m or higher
     return ssl._OPENSSL_API_VERSION >= (0, 9, 8, 13, 15)
@@ -2944,7 +2946,7 @@
         if not os.path.exists(filename):
             raise support.TestFailed("Can't read certificate file %r" % filename)
 
-    tests = [ContextTests, BasicSocketTests, SSLErrorTests]
+    tests = [ContextTests, BasicTests, BasicSocketTests, SSLErrorTests]
 
     if support.is_resource_enabled('network'):
         tests.append(NetworkedTests)
diff -r 222e0faa5fa9 -r 1a36d4e8cf4e Modules/_ssl.c
--- a/Modules/_ssl.c	Thu Oct 02 02:10:06 2014 +0200
+++ b/Modules/_ssl.c	Wed Oct 01 23:53:01 2014 -0400
@@ -517,10 +517,12 @@
     self->socket_type = socket_type;
     self->Socket = sock;
     Py_INCREF(self->Socket);
-    self->ssl_sock = PyWeakref_NewRef(ssl_sock, NULL);
-    if (self->ssl_sock == NULL) {
-        Py_DECREF(self);
-        return NULL;
+    if (ssl_sock != Py_None) {
+        self->ssl_sock = PyWeakref_NewRef(ssl_sock, NULL);
+        if (self->ssl_sock == NULL) {
+            Py_DECREF(self);
+            return NULL;
+        }
     }
     return self;
 }
@@ -2931,8 +2933,12 @@
 
     ssl = SSL_get_app_data(s);
     assert(PySSLSocket_Check(ssl));
-    ssl_socket = PyWeakref_GetObject(ssl->ssl_sock);
-    Py_INCREF(ssl_socket);
+    if (ssl->ssl_sock == NULL) {
+        ssl_socket = Py_None;
+    } else {
+        ssl_socket = PyWeakref_GetObject(ssl->ssl_sock);
+        Py_INCREF(ssl_socket);
+    }
     if (ssl_socket == Py_None) {
         goto error;
     }