Issue #8086: In :func:`ssl.DER_cert_to_PEM_cert()`, fix missing newline

before the certificate footer.  Patch by Kyle VanderBeek.

Lib/ssl.py

@@ -365,7 +365,7 @@ def DER_cert_to_PEM_cert(der_cert_bytes):
         # preferred because older API gets line-length wrong
         f = base64.standard_b64encode(der_cert_bytes)
         return (PEM_HEADER + '\n' +
-                textwrap.fill(f, 64) +
+                textwrap.fill(f, 64) + '\n' +
                 PEM_FOOTER + '\n')
     else:
         return (PEM_HEADER + '\n' +

Lib/test/test_ssl.py

@@ -113,6 +113,10 @@ class BasicTests(unittest.TestCase):
         p2 = ssl.DER_cert_to_PEM_cert(d1)
         d2 = ssl.PEM_cert_to_DER_cert(p2)
         self.assertEqual(d1, d2)
+        if not p2.startswith(ssl.PEM_HEADER + '\n'):
+            self.fail("DER-to-PEM didn't include correct header:\n%r\n" % p2)
+        if not p2.endswith('\n' + ssl.PEM_FOOTER + '\n'):
+            self.fail("DER-to-PEM didn't include correct footer:\n%r\n" % p2)
 
     def test_openssl_version(self):
         n = ssl.OPENSSL_VERSION_NUMBER

Misc/ACKS

@@ -780,6 +780,7 @@ Michael Urman
 Hector Urtubia
 Andi Vajda
 Case Van Horsen
+Kyle VanderBeek
 Atul Varma
 Dmitry Vasiliev
 Alexandre Vassalotti

Misc/NEWS

@@ -27,6 +27,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #8086: In :func:`ssl.DER_cert_to_PEM_cert()`, fix missing newline
+  before the certificate footer.  Patch by Kyle VanderBeek.
+
 - Issue #8546: Reject None given as the buffering argument to _pyio.open.
 
 - Issue #8549: Fix compiling the _ssl extension under AIX.  Patch by