From 2aa5cedf82f6c779d72c60ffc49e57b68ea6e4f5 Mon Sep 17 00:00:00 2001 From: Anas Nashif Date: Wed, 7 Nov 2012 07:29:36 -0800 Subject: [PATCH] python-2.7.3-ssl_ca_path =================================================================== --- Modules/_ssl.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 752b033..c94309e 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -274,6 +274,7 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file, int ret; int verification_mode; long options; + struct stat stat_buf; self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */ if (self == NULL) @@ -335,11 +336,23 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file, "verification of other-side certificates."); goto fail; } else { - PySSL_BEGIN_ALLOW_THREADS - ret = SSL_CTX_load_verify_locations(self->ctx, - cacerts_file, - NULL); - PySSL_END_ALLOW_THREADS + /* If cacerts_file is a directory-based cert store, pass it as the + third parameter, CApath, instead + */ + if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) { + PySSL_BEGIN_ALLOW_THREADS + ret = SSL_CTX_load_verify_locations(self->ctx, + NULL, + cacerts_file); + PySSL_END_ALLOW_THREADS + } else { + PySSL_BEGIN_ALLOW_THREADS + ret = SSL_CTX_load_verify_locations(self->ctx, + cacerts_file, + NULL); + PySSL_END_ALLOW_THREADS + } + if (ret != 1) { _setSSLError(NULL, 0, __FILE__, __LINE__); goto fail; -- 2.34.1