diff options
| author | Samuel Freilich <sfreilich@google.com> | 2022-06-10 19:15:54 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-10 17:15:54 -0600 |
| commit | e7638eebcd0384c2d2cbb49340bc06ac03044c77 (patch) | |
| tree | 058c84619cd1e8648e4802d1ffc97a81fa4e88c8 /src | |
| parent | fd90d24faed6f5214408afce948094ccf9ce26c2 (diff) | |
| download | urllib3-e7638eebcd0384c2d2cbb49340bc06ac03044c77.tar.gz | |
Consistently wrap errors in load_cert_chain
This wraps OpenSSL.SSL.Error with ssl.SSLError in
PyOpenSSLContext.load_cert_chain, similar to the error handling in
other methods of PyOpenSSLContext.
Diffstat (limited to 'src')
| -rw-r--r-- | src/urllib3/contrib/pyopenssl.py | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/urllib3/contrib/pyopenssl.py b/src/urllib3/contrib/pyopenssl.py index 848fa235..79eb5052 100644 --- a/src/urllib3/contrib/pyopenssl.py +++ b/src/urllib3/contrib/pyopenssl.py @@ -486,12 +486,15 @@ class PyOpenSSLContext: keyfile: Optional[str] = None, password: Optional[str] = None, ) -> None: - self._ctx.use_certificate_chain_file(certfile) - if password is not None: - if not isinstance(password, bytes): - password = password.encode("utf-8") # type: ignore[assignment] - self._ctx.set_passwd_cb(lambda *_: password) - self._ctx.use_privatekey_file(keyfile or certfile) + try: + self._ctx.use_certificate_chain_file(certfile) + if password is not None: + if not isinstance(password, bytes): + password = password.encode("utf-8") # type: ignore[assignment] + self._ctx.set_passwd_cb(lambda *_: password) + self._ctx.use_privatekey_file(keyfile or certfile) + except OpenSSL.SSL.Error as e: + raise ssl.SSLError(f"Unable to load certificate chain: {e!r}") from e def set_alpn_protocols(self, protocols: List[Union[bytes, str]]) -> None: protocols = [util.util.to_bytes(p, "ascii") for p in protocols] |