diff options
| author |   Victor Stinner <vstinner@redhat.com> | 2019-10-02 18:36:32 +0200 |
|---|---|---|
| committer |   GitHub <noreply@github.com> | 2019-10-02 18:36:32 +0200 |
| commit | 403ca7ea70232e520af18511fbfb89b58ef2a046 (patch) | |
| tree | e5813b1fabf03bc7259a3ef22ecaab4bedf65758 | |
| parent | [2.7] bpo-38243: Escape the server title of DocXMLRPCServer (GH-16447) (diff) | |
| download | cpython-403ca7ea70232e520af18511fbfb89b58ef2a046.tar.gz cpython-403ca7ea70232e520af18511fbfb89b58ef2a046.tar.bz2 cpython-403ca7ea70232e520af18511fbfb89b58ef2a046.zip | |
[2.7] bpo-38338, test.pythoninfo: add more ssl infos (GH-16543)
test.pythoninfo now logs environment variables used by OpenSSL and
Python ssl modules, and logs attributes of 3 SSL contexts
(SSLContext, default HTTPS context, stdlib context).
(cherry picked from commit 1df1c2f8df53d005ff47af81aa02c58752b84e20)
| -rw-r--r-- | Lib/test/pythoninfo.py | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/Lib/test/pythoninfo.py b/Lib/test/pythoninfo.py index a6983ba021c..12de99b09d5 100644 --- a/Lib/test/pythoninfo.py +++ b/Lib/test/pythoninfo.py @@ -439,10 +439,15 @@ def collect_sysconfig(info_add): def collect_ssl(info_add): + import os try: import ssl except ImportError: return + try: + import _ssl + except ImportError: + _ssl = None def format_attr(attr, value): if attr.startswith('OP_'): @@ -459,6 +464,61 @@ def collect_ssl(info_add): ) copy_attributes(info_add, ssl, 'ssl.%s', attributes, formatter=format_attr) + options_names = [] + protocol_names = {} + verify_modes = {} + for name in dir(ssl): + if name.startswith('OP_'): + options_names.append((name, getattr(ssl, name))) + elif name.startswith('PROTOCOL_'): + protocol_names[getattr(ssl, name)] = name + elif name.startswith('CERT_'): + verify_modes[getattr(ssl, name)] = name + options_names.sort(key=lambda item: item[1], reverse=True) + + def formatter(attr_name, value): + if attr_name == 'options': + options_text = [] + for opt_name, opt_value in options_names: + if value & opt_value: + options_text.append(opt_name) + value &= ~opt_value + if value: + options_text.append(str(value)) + return '|' .join(options_text) + elif attr_name == 'verify_mode': + return verify_modes.get(value, value) + elif attr_name == 'protocol': + return protocol_names.get(value, value) + else: + return value + + for name, ctx in ( + ('SSLContext(PROTOCOL_TLS)', ssl.SSLContext(ssl.PROTOCOL_TLS)), + ('default_https_context', ssl._create_default_https_context()), + ('stdlib_context', ssl._create_stdlib_context()), + ): + attributes = ( + 'minimum_version', + 'maximum_version', + 'protocol', + 'options', + 'verify_mode', + ) + copy_attributes(info_add, ctx, 'ssl.%s.%%s' % name, attributes, formatter=formatter) + + env_names = ["OPENSSL_CONF", "SSLKEYLOGFILE"] + if _ssl is not None and hasattr(_ssl, 'get_default_verify_paths'): + parts = _ssl.get_default_verify_paths() + env_names.extend((parts[0], parts[2])) + + for name in env_names: + try: + value = os.environ[name] + except KeyError: + continue + info_add('ssl.environ[%s]' % name, value) + def collect_socket(info_add): import socket |