File python-2.7.3-ssl_ca_path.patch of Package python
Index: Modules/_ssl.c
===================================================================
--- Modules/_ssl.c.orig
+++ Modules/_ssl.c
@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
char *errstr = NULL;
int ret;
int verification_mode;
+ struct stat stat_buf;
self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
if (self == NULL)
@@ -331,11 +332,23 @@ newPySSLObject(PySocketSockObject *Sock,
"verification of other-side certificates.");
goto fail;
} else {
- PySSL_BEGIN_ALLOW_THREADS
- ret = SSL_CTX_load_verify_locations(self->ctx,
- cacerts_file,
- NULL);
- PySSL_END_ALLOW_THREADS
+ /* If cacerts_file is a directory-based cert store, pass it as the
+ third parameter, CApath, instead
+ */
+ if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
+ PySSL_BEGIN_ALLOW_THREADS
+ ret = SSL_CTX_load_verify_locations(self->ctx,
+ NULL,
+ cacerts_file);
+ PySSL_END_ALLOW_THREADS
+ } else {
+ PySSL_BEGIN_ALLOW_THREADS
+ ret = SSL_CTX_load_verify_locations(self->ctx,
+ cacerts_file,
+ NULL);
+ PySSL_END_ALLOW_THREADS
+ }
+
if (ret != 1) {
_setSSLError(NULL, 0, __FILE__, __LINE__);
goto fail;
