bpo-18233: Rename SSLSocket.get_peer_cert_chain to SSLSocket.get_unverified_chain

chrisburr · chrisburr · commit 1f8dfd646121 · 2020-12-09T15:10:20.000+01:00
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
@@ -1259,7 +1259,7 @@ SSL sockets also have the following additional methods and attributes:
    .. versionchanged:: 3.9
       IPv6 address strings no longer have a trailing new line.
 
-.. method:: SSLSocket.get_peer_cert_chain(binary_form=False)
+.. method:: SSLSocket.get_unverified_chain(binary_form=False)
 
    Returns an **unverified** certificate chain for the peer. If no chain is
    provided, returns :const:`None`. Otherwise returns a tuple of dicts
diff --git a/Lib/ssl.py b/Lib/ssl.py
@@ -905,12 +905,12 @@ def getpeercert(self, binary_form=False):
         """
         return self._sslobj.getpeercert(binary_form)
 
-    def get_peer_cert_chain(self, binary_form=False):
+    def get_unverified_chain(self, binary_form=False):
         """"Returns the certificate chain of the SSL connection as a tuple of
         dicts. It is *not* a verified chain.
 
         Return ``None`` if no chain is provided."""
-        return self._sslobj.get_peer_cert_chain(binary_form)
+        return self._sslobj.get_unverified_chain(binary_form)
 
     if hasattr(_ssl._SSLSocket, 'get_verified_chain'):
         def get_verified_chain(self, binary_form=False):
@@ -1139,10 +1139,10 @@ def getpeercert(self, binary_form=False):
         return self._sslobj.getpeercert(binary_form)
 
     @_sslcopydoc
-    def get_peer_cert_chain(self, binary_form=False):
+    def get_unverified_chain(self, binary_form=False):
         self._checkClosed()
         self._check_connected()
-        return self._sslobj.get_peer_cert_chain(binary_form)
+        return self._sslobj.get_unverified_chain(binary_form)
 
     if hasattr(_ssl._SSLSocket, 'get_verified_chain'):
         @_sslcopydoc
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
@@ -2160,7 +2160,7 @@ def test_get_ca_certs_capath(self):
             self.assertTrue(cert)
         self.assertEqual(len(ctx.get_ca_certs()), 1)
 
-    def test_get_peer_cert_chain(self):
+    def test_get_unverified_chain(self):
         ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
         ctx.verify_mode = ssl.CERT_REQUIRED
         ctx.load_verify_locations(capath=CAPATH)
@@ -2169,8 +2169,8 @@ def test_get_peer_cert_chain(self):
             try:
                 peer_cert = s.getpeercert()
                 peer_cert_bin = s.getpeercert(True)
-                chain_no_validate = s.get_peer_cert_chain()
-                chain_bin_no_validate = s.get_peer_cert_chain(True)
+                chain_no_validate = s.get_unverified_chain()
+                chain_bin_no_validate = s.get_unverified_chain(True)
             finally:
                 self.assertTrue(peer_cert)
                 self.assertTrue(peer_cert_bin)
diff --git a/Misc/NEWS.d/next/Library/2020-01-10-16-06-13.bpo-18233.EsqH1K.rst b/Misc/NEWS.d/next/Library/2020-01-10-16-06-13.bpo-18233.EsqH1K.rst
@@ -1 +1 @@
-Add :meth:`ssl.SSLSocket.get_peer_cert_chain` and :meth:`ssl.SSLSocket.get_verified_chain` for accessing the certificate chain of SSL connections.
+Add :meth:`ssl.SSLSocket.get_unverified_chain` and :meth:`ssl.SSLSocket.get_verified_chain` for accessing the certificate chain of SSL connections.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -2130,13 +2130,13 @@ chain_to_pyobject(STACK_OF(X509) *peer_chain, int binary_mode)
 }
 
 /*[clinic input]
-_ssl._SSLSocket.get_peer_cert_chain
+_ssl._SSLSocket.get_unverified_chain
     der as binary_mode: bool = False
 [clinic start generated code]*/
 
 static PyObject *
-_ssl__SSLSocket_get_peer_cert_chain_impl(PySSLSocket *self, int binary_mode)
-/*[clinic end generated code: output=2fc1e5dce85798ba input=3dd8f43730febaa9]*/
+_ssl__SSLSocket_get_unverified_chain_impl(PySSLSocket *self, int binary_mode)
+/*[clinic end generated code: output=a84c4e7bb50f3477 input=842931a7d60f135e]*/
 {
     STACK_OF(X509) *peer_chain; /* reference */
 
@@ -3089,7 +3089,7 @@ static PyMethodDef PySSLMethods[] = {
     _SSL__SSLSOCKET_GET_CHANNEL_BINDING_METHODDEF
     _SSL__SSLSOCKET_CIPHER_METHODDEF
     _SSL__SSLSOCKET_SHARED_CIPHERS_METHODDEF
-    _SSL__SSLSOCKET_GET_PEER_CERT_CHAIN_METHODDEF
+    _SSL__SSLSOCKET_GET_UNVERIFIED_CHAIN_METHODDEF
 #ifdef OPENSSL_VERSION_1_1
     _SSL__SSLSOCKET_GET_VERIFIED_CHAIN_METHODDEF
 #endif
diff --git a/Modules/clinic/_ssl.c.h b/Modules/clinic/_ssl.c.h

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-Add :meth:`ssl.SSLSocket.get_peer_cert_chain` and :meth:`ssl.SSLSocket.get_verified_chain` for accessing the certificate chain of SSL connections.
	`1`	+Add :meth:`ssl.SSLSocket.get_unverified_chain` and :meth:`ssl.SSLSocket.get_verified_chain` for accessing the certificate chain of SSL connections.