Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add support for Context.set_cert_store #1210

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

reaperhulk
Copy link
Member

No description provided.

# The store is now owned by the context, so we need to
# remove the gc free in the object. We do this after the
# set since set may not exist.
_ffi.gc(store._store, None)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like the very wrong way to do this. We should be bumping the refcount here, not getting rid of the GC. Doing it this way means it's totally wrong if you put the same store on 2x ssl contexts

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't have that binding 😂 Good catch on the multiple adds though. We can't support this without adding the upref binding then.

# remove the gc free in the object. We do this after the
# set since set may not exist.
_ffi.gc(store._store, None)
except AttributeError:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also catches attribute errors if store is the wrong type. Bad.

tox.ini Outdated
@@ -19,6 +19,8 @@ extras =
deps =
coverage>=4.2
cryptographyMinimum: cryptography==38.0.0
# special version to test paths for bindings we temporarily removed
cryptography40: cryptography==40.0.1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just bump the minimum, this is too complicated

@reaperhulk
Copy link
Member Author

This is blocked on a release that contains pyca/cryptography#8737 now.

ankit-gautam23
ankit-gautam23 previously approved these changes Apr 21, 2023
Copy link

@ankit-gautam23 ankit-gautam23 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@@ -1507,6 +1507,16 @@ def get_cert_store(self):
pystore._store = store
return pystore

def set_cert_store(self, store):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we added type annotations? Seems like we should start adding them as we go.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for type annotations :)

Comment on lines +1719 to +1723
def test_set_cert_store(self):
context = Context(SSLv23_METHOD)
store = X509Store()
context.set_cert_store(store)
assert store._store == context.get_cert_store()._store
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make this test actually verify what we want?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants