bpo-18369: Add certificate and private key types

Signed-off-by: Christian Heimes <christian@python.org>

Author: tiran

Lib/ssl.py

@@ -100,7 +100,7 @@
 import _ssl # if we can't import it, let the error propagate
 
 from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
-from _ssl import _SSLContext, MemoryBIO, SSLSession
+from _ssl import _SSLContext, MemoryBIO, SSLSession, Certificate, PrivateKey
 from _ssl import (
  SSLError, SSLZeroReturnError, SSLWantReadError, SSLWantWriteError,
  SSLSyscallError, SSLEOFError, SSLCertVerificationError

Lib/test/test_ssl.py

@@ -1092,6 +1092,24 @@ def getpass(self):
  # Make sure the password function isn't called if it isn't needed
  ctx.load_cert_chain(CERTFILE, password=getpass_exception)
 
+ def test_load_cert_privkey(self):
+ chain = ssl.Certificate.chain_from_file(ONLYCERT)
+ self.assertEqual(len(chain), 1)
+ cas = ssl.Certificate.bundle_from_file(SIGNING_CA)
+ self.assertEqual(len(cas), 1)
+ pkey = ssl.PrivateKey.from_file(ONLYKEY)
+
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+ ctx.load_cert_chain(chain, pkey)
+ ctx.load_verify_locations(cadata=cas)
+ self.assertEqual(len(ctx.get_ca_certs()), 1)
+
+ pkey = ssl.PrivateKey.from_file(
+ ONLYKEY_PROTECTED, password=KEY_PASSWORD
+ )
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+ ctx.load_cert_chain(chain, pkey)
+
  def test_load_verify_locations(self):
  ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
  ctx.load_verify_locations(CERTFILE)

Misc/NEWS.d/next/Library/2018-01-12-09-52-24.bpo-18369.qzvYH2.rst

@@ -0,0 +1,2 @@
+Certificate and PrivateKey classes were added to the ssl module.
+Certificates and keys can now be loaded from memory buffer, too.