bpo-18233: Add internal methods to access peer chain (GH-25467)
The internal `_ssl._SSLSocket` object now provides methods to retrieve
the peer cert chain and verified cert chain as a list of Certificate
objects. Certificate objects have methods to convert the cert to a dict,
PEM, or DER (ASN.1).
These are private APIs for now. There is a slim chance to stabilize the
approach and provide a public API for 3.10. Otherwise I'll provide a
stable API in 3.11.
Signed-off-by: Christian Heimes <christian@python.org>
diff --git a/Modules/_ssl/misc.c b/Modules/_ssl/misc.c
new file mode 100644
index 0000000..4de091d
--- /dev/null
+++ b/Modules/_ssl/misc.c
@@ -0,0 +1,34 @@
+#include "Python.h"
+#include "../_ssl.h"
+
+#include "openssl/bio.h"
+
+/* BIO_s_mem() to PyBytes
+ */
+static PyObject *
+_PySSL_BytesFromBIO(_sslmodulestate *state, BIO *bio)
+{
+ long size;
+ char *data = NULL;
+ size = BIO_get_mem_data(bio, &data);
+ if (data == NULL || size < 0) {
+ PyErr_SetString(PyExc_ValueError, "Not a memory BIO");
+ return NULL;
+ }
+ return PyBytes_FromStringAndSize(data, size);
+}
+
+/* BIO_s_mem() to PyUnicode
+ */
+static PyObject *
+_PySSL_UnicodeFromBIO(_sslmodulestate *state, BIO *bio, const char *error)
+{
+ long size;
+ char *data = NULL;
+ size = BIO_get_mem_data(bio, &data);
+ if (data == NULL || size < 0) {
+ PyErr_SetString(PyExc_ValueError, "Not a memory BIO");
+ return NULL;
+ }
+ return PyUnicode_DecodeUTF8(data, size, error);
+}