Merge branch 'master' into flake8++
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index ef37fd2..a97fa65 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -135,13 +135,13 @@
SSL_CB_HANDSHAKE_START = _lib.SSL_CB_HANDSHAKE_START
SSL_CB_HANDSHAKE_DONE = _lib.SSL_CB_HANDSHAKE_DONE
+
class Error(Exception):
"""
An error occurred in an `OpenSSL.SSL` API.
"""
-
_raise_current_error = partial(_exception_from_error_queue, Error)
@@ -149,22 +149,18 @@
pass
-
class WantWriteError(Error):
pass
-
class WantX509LookupError(Error):
pass
-
class ZeroReturnError(Error):
pass
-
class SysCallError(Error):
pass
@@ -183,7 +179,6 @@
def __init__(self):
self._problems = []
-
def raise_if_problem(self):
"""
Raise an exception from the OpenSSL error queue or that was previously
@@ -389,7 +384,6 @@
return fd
-
def SSLeay_version(type):
"""
Return a string describing the version of OpenSSL in use.
@@ -414,7 +408,6 @@
return wrapper
-
def _requires_alpn(func):
"""
Wraps any function that requires ALPN support in OpenSSL, ensuring that
@@ -430,12 +423,10 @@
return wrapper
-
class Session(object):
pass
-
class Context(object):
"""
:py:obj:`OpenSSL.SSL.Context` instances define the parameters for setting up
@@ -454,7 +445,6 @@
for (identifier, name) in _methods.items()
if getattr(_lib, name, None) is not None)
-
def __init__(self, method):
"""
:param method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or
@@ -501,7 +491,6 @@
# SSL_MODE_AUTO_RETRY);
self.set_mode(_lib.SSL_MODE_ENABLE_PARTIAL_WRITE)
-
def load_verify_locations(self, cafile, capath=None):
"""
Let SSL know where we can find trusted certificates for the certificate
@@ -528,7 +517,6 @@
if not load_result:
_raise_current_error()
-
def _wrap_callback(self, callback):
@wraps(callback)
def wrapper(size, verify, userdata):
@@ -536,7 +524,6 @@
return _PassphraseHelper(
FILETYPE_PEM, wrapper, more_args=True, truncate=True)
-
def set_passwd_cb(self, callback, userdata=None):
"""
Set the passphrase callback
@@ -555,7 +542,6 @@
self._context, self._passphrase_callback)
self._passphrase_userdata = userdata
-
def set_default_verify_paths(self):
"""
Use the platform-specific CA certificate locations
@@ -567,7 +553,6 @@
# TODO: This is untested.
_raise_current_error()
-
def use_certificate_chain_file(self, certfile):
"""
Load a certificate chain from a file
@@ -583,7 +568,6 @@
if not result:
_raise_current_error()
-
def use_certificate_file(self, certfile, filetype=FILETYPE_PEM):
"""
Load a certificate from a file
@@ -602,7 +586,6 @@
if not use_result:
_raise_current_error()
-
def use_certificate(self, cert):
"""
Load a certificate from a X509 object
@@ -617,7 +600,6 @@
if not use_result:
_raise_current_error()
-
def add_extra_chain_cert(self, certobj):
"""
Add certificate to chain
@@ -635,7 +617,6 @@
_lib.X509_free(copy)
_raise_current_error()
-
def _raise_passphrase_exception(self):
if self._passphrase_helper is None:
_raise_current_error()
@@ -643,7 +624,6 @@
if exception is not None:
raise exception
-
def use_privatekey_file(self, keyfile, filetype=_UNSPECIFIED):
"""
Load a private key from a file
@@ -665,7 +645,6 @@
if not use_result:
self._raise_passphrase_exception()
-
def use_privatekey(self, pkey):
"""
Load a private key from a PKey object
@@ -680,7 +659,6 @@
if not use_result:
self._raise_passphrase_exception()
-
def check_privatekey(self):
"""
Check that the private key and certificate match up
@@ -690,7 +668,6 @@
if not _lib.SSL_CTX_check_private_key(self._context):
_raise_current_error()
-
def load_client_ca(self, cafile):
"""
Load the trusted certificates that will be sent to the client (basically
@@ -724,14 +701,12 @@
return _lib.SSL_CTX_set_session_cache_mode(self._context, mode)
-
def get_session_cache_mode(self):
"""
:returns: The currently used cache mode.
"""
return _lib.SSL_CTX_get_session_cache_mode(self._context)
-
def set_verify(self, mode, callback):
"""
Set the verify mode and verify callback
@@ -753,7 +728,6 @@
self._verify_callback = self._verify_helper.callback
_lib.SSL_CTX_set_verify(self._context, mode, self._verify_callback)
-
def set_verify_depth(self, depth):
"""
Set the verify depth
@@ -766,7 +740,6 @@
_lib.SSL_CTX_set_verify_depth(self._context, depth)
-
def get_verify_mode(self):
"""
Get the verify mode
@@ -775,7 +748,6 @@
"""
return _lib.SSL_CTX_get_verify_mode(self._context)
-
def get_verify_depth(self):
"""
Get the verify depth
@@ -784,7 +756,6 @@
"""
return _lib.SSL_CTX_get_verify_depth(self._context)
-
def load_tmp_dh(self, dhfile):
"""
Load parameters for Ephemeral Diffie-Hellman
@@ -805,7 +776,6 @@
dh = _ffi.gc(dh, _lib.DH_free)
_lib.SSL_CTX_set_tmp_dh(self._context, dh)
-
def set_tmp_ecdh(self, curve):
"""
Select a curve to use for ECDHE key exchange.
@@ -818,7 +788,6 @@
"""
_lib.SSL_CTX_set_tmp_ecdh(self._context, curve._to_EC_KEY())
-
def set_cipher_list(self, cipher_list):
"""
Change the cipher list
@@ -836,7 +805,6 @@
if not result:
_raise_current_error()
-
def set_client_ca_list(self, certificate_authorities):
"""
Set the list of preferred client certificate signers for this server context.
@@ -872,7 +840,6 @@
_lib.SSL_CTX_set_client_CA_list(self._context, name_stack)
-
def add_client_ca(self, certificate_authority):
"""
Add the CA certificate to the list of preferred signers for this context.
@@ -892,7 +859,6 @@
# TODO: This is untested.
_raise_current_error()
-
def set_timeout(self, timeout):
"""
Set session timeout
@@ -905,7 +871,6 @@
return _lib.SSL_CTX_set_timeout(self._context, timeout)
-
def get_timeout(self):
"""
Get the session timeout
@@ -914,7 +879,6 @@
"""
return _lib.SSL_CTX_get_timeout(self._context)
-
def set_info_callback(self, callback):
"""
Set the info callback
@@ -929,7 +893,6 @@
"void (*)(const SSL *, int, int)", wrapper)
_lib.SSL_CTX_set_info_callback(self._context, self._info_callback)
-
def get_app_data(self):
"""
Get the application data (supplied via set_app_data())
@@ -938,7 +901,6 @@
"""
return self._app_data
-
def set_app_data(self, data):
"""
Set the application data (will be returned from get_app_data())
@@ -948,7 +910,6 @@
"""
self._app_data = data
-
def get_cert_store(self):
"""
Get the certificate store for the context.
@@ -964,7 +925,6 @@
pystore._store = store
return pystore
-
def set_options(self, options):
"""
Add options. Options set before are not cleared!
@@ -977,7 +937,6 @@
return _lib.SSL_CTX_set_options(self._context, options)
-
def set_mode(self, mode):
"""
Add modes via bitmask. Modes set before are not cleared!
@@ -990,7 +949,6 @@
return _lib.SSL_CTX_set_mode(self._context, mode)
-
def set_tlsext_servername_callback(self, callback):
"""
Specify a callback function to be called when clients specify a server name.
@@ -1008,7 +966,6 @@
_lib.SSL_CTX_set_tlsext_servername_callback(
self._context, self._tlsext_servername_callback)
-
@_requires_npn
def set_npn_advertise_callback(self, callback):
"""
@@ -1026,7 +983,6 @@
_lib.SSL_CTX_set_next_protos_advertised_cb(
self._context, self._npn_advertise_callback, _ffi.NULL)
-
@_requires_npn
def set_npn_select_callback(self, callback):
"""
@@ -1084,7 +1040,6 @@
ContextType = Context
-
class Connection(object):
"""
"""
@@ -1140,7 +1095,6 @@
# TODO: This is untested.
_raise_current_error()
-
def __getattr__(self, name):
"""
Look up attributes on the wrapped socket object if they are not found on
@@ -1151,7 +1105,6 @@
else:
return getattr(self._socket, name)
-
def _raise_ssl_error(self, ssl, result):
if self._context._verify_helper is not None:
self._context._verify_helper.raise_if_problem()
@@ -1190,14 +1143,12 @@
else:
_raise_current_error()
-
def get_context(self):
"""
Get session context
"""
return self._context
-
def set_context(self, context):
"""
Switch this connection to a new session context
@@ -1211,7 +1162,6 @@
_lib.SSL_set_SSL_CTX(self._ssl, context._context)
self._context = context
-
def get_servername(self):
"""
Retrieve the servername extension value if provided in the client hello
@@ -1225,7 +1175,6 @@
return _ffi.string(name)
-
def set_tlsext_host_name(self, name):
"""
Set the value of the servername extension to send in the client hello.
@@ -1240,7 +1189,6 @@
# XXX I guess this can fail sometimes?
_lib.SSL_set_tlsext_host_name(self._ssl, name)
-
def pending(self):
"""
Get the number of bytes that can be safely read from the connection
@@ -1249,7 +1197,6 @@
"""
return _lib.SSL_pending(self._ssl)
-
def send(self, buf, flags=0):
"""
Send data on the connection. NOTE: If you get one of the WantRead,
@@ -1276,7 +1223,6 @@
return result
write = send
-
def sendall(self, buf, flags=0):
"""
Send "all" data on the connection. This calls send() repeatedly until
@@ -1307,7 +1253,6 @@
total_sent += result
left_to_send -= result
-
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection. NOTE: If you get one of the WantRead,
@@ -1328,7 +1273,6 @@
return _ffi.buffer(buf, result)[:]
read = recv
-
def recv_into(self, buffer, nbytes=None, flags=None):
"""
Receive data on the connection and store the data into a buffer rather
@@ -1370,7 +1314,6 @@
return result
-
def _handle_bio_errors(self, bio, result):
if _lib.BIO_should_retry(bio):
if _lib.BIO_should_read(bio):
@@ -1389,7 +1332,6 @@
# TODO: This is untested.
_raise_current_error()
-
def bio_read(self, bufsiz):
"""
When using non-socket connections this function reads the "dirty" data
@@ -1411,7 +1353,6 @@
return _ffi.buffer(buf, result)[:]
-
def bio_write(self, buf):
"""
When using non-socket connections this function sends "dirty" data that
@@ -1430,7 +1371,6 @@
self._handle_bio_errors(self._into_ssl, result)
return result
-
def renegotiate(self):
"""
Renegotiate the session
@@ -1448,7 +1388,6 @@
result = _lib.SSL_do_handshake(self._ssl)
self._raise_ssl_error(self._ssl, result)
-
def renegotiate_pending(self):
"""
Check if there's a renegotiation in progress, it will return false once
@@ -1465,7 +1404,6 @@
"""
return _lib.SSL_total_renegotiations(self._ssl)
-
def connect(self, addr):
"""
Connect to remote host and set up client-side SSL
@@ -1476,7 +1414,6 @@
_lib.SSL_set_connect_state(self._ssl)
return self._socket.connect(addr)
-
def connect_ex(self, addr):
"""
Connect to remote host and set up client-side SSL. Note that if the socket's
@@ -1489,7 +1426,6 @@
self.set_connect_state()
return connect_ex(addr)
-
def accept(self):
"""
Accept incoming connection and set up SSL on it
@@ -1502,7 +1438,6 @@
conn.set_accept_state()
return (conn, addr)
-
def bio_shutdown(self):
"""
When using non-socket connections this function signals end of
@@ -1515,7 +1450,6 @@
_lib.BIO_set_mem_eof_return(self._into_ssl, 0)
-
def shutdown(self):
"""
Send closure alert
@@ -1532,7 +1466,6 @@
else:
return False
-
def get_cipher_list(self):
"""
Get the session cipher list
@@ -1547,7 +1480,6 @@
ciphers.append(_native(_ffi.string(result)))
return ciphers
-
def get_client_ca_list(self):
"""
Get CAs whose certificates are suggested for client authentication.
@@ -1576,7 +1508,6 @@
result.append(pyname)
return result
-
def makefile(self):
"""
The makefile() method is not implemented, since there is no dup semantics
@@ -1584,8 +1515,8 @@
:raise: NotImplementedError
"""
- raise NotImplementedError("Cannot make file object of OpenSSL.SSL.Connection")
-
+ raise NotImplementedError(
+ "Cannot make file object of OpenSSL.SSL.Connection")
def get_app_data(self):
"""
@@ -1595,7 +1526,6 @@
"""
return self._app_data
-
def set_app_data(self, data):
"""
Set application data
@@ -1605,7 +1535,6 @@
"""
self._app_data = data
-
def get_shutdown(self):
"""
Get shutdown state
@@ -1614,7 +1543,6 @@
"""
return _lib.SSL_get_shutdown(self._ssl)
-
def set_shutdown(self, state):
"""
Set shutdown state
@@ -1627,7 +1555,6 @@
_lib.SSL_set_shutdown(self._ssl, state)
-
def state_string(self):
"""
Get a verbose state description
@@ -1647,7 +1574,6 @@
self._ssl.s3.server_random,
_lib.SSL3_RANDOM_SIZE)[:]
-
def client_random(self):
"""
Get a copy of the client hello nonce.
@@ -1660,7 +1586,6 @@
self._ssl.s3.client_random,
_lib.SSL3_RANDOM_SIZE)[:]
-
def master_key(self):
"""
Get a copy of the master key.
@@ -1673,7 +1598,6 @@
self._ssl.session.master_key,
self._ssl.session.master_key_length)[:]
-
def sock_shutdown(self, *args, **kwargs):
"""
See shutdown(2)
@@ -1682,7 +1606,6 @@
"""
return self._socket.shutdown(*args, **kwargs)
-
def get_peer_certificate(self):
"""
Retrieve the other side's certificate (if any)
@@ -1696,7 +1619,6 @@
return pycert
return None
-
def get_peer_cert_chain(self):
"""
Retrieve the other side's certificate (if any)
@@ -1717,7 +1639,6 @@
result.append(pycert)
return result
-
def want_read(self):
"""
Checks if more data has to be read from the transport layer to complete an
@@ -1727,7 +1648,6 @@
"""
return _lib.SSL_want_read(self._ssl)
-
def want_write(self):
"""
Checks if there is data to write to the transport layer to complete an
@@ -1737,7 +1657,6 @@
"""
return _lib.SSL_want_write(self._ssl)
-
def set_accept_state(self):
"""
Set the connection to work in server mode. The handshake will be handled
@@ -1747,7 +1666,6 @@
"""
_lib.SSL_set_accept_state(self._ssl)
-
def set_connect_state(self):
"""
Set the connection to work in client mode. The handshake will be handled
@@ -1757,7 +1675,6 @@
"""
_lib.SSL_set_connect_state(self._ssl)
-
def get_session(self):
"""
Returns the Session currently used.
@@ -1773,7 +1690,6 @@
pysession._session = _ffi.gc(session, _lib.SSL_SESSION_free)
return pysession
-
def set_session(self, session):
"""
Set the session to be used when the TLS/SSL connection is established.
@@ -1788,7 +1704,6 @@
if not result:
_raise_current_error()
-
def _get_finished_message(self, function):
"""
Helper to implement :py:meth:`get_finished` and
@@ -1823,7 +1738,6 @@
function(self._ssl, buf, size)
return _ffi.buffer(buf, size)[:]
-
def get_finished(self):
"""
Obtain the latest `handshake finished` message sent to the peer.
@@ -1834,7 +1748,6 @@
"""
return self._get_finished_message(_lib.SSL_get_finished)
-
def get_peer_finished(self):
"""
Obtain the latest `handshake finished` message received from the peer.
@@ -1845,7 +1758,6 @@
"""
return self._get_finished_message(_lib.SSL_get_peer_finished)
-
def get_cipher_name(self):
"""
Obtain the name of the currently used cipher.
@@ -1861,7 +1773,6 @@
name = _ffi.string(_lib.SSL_CIPHER_get_name(cipher))
return name.decode("utf-8")
-
def get_cipher_bits(self):
"""
Obtain the number of secret bits of the currently used cipher.
@@ -1876,7 +1787,6 @@
else:
return _lib.SSL_CIPHER_get_bits(cipher, _ffi.NULL)
-
def get_cipher_version(self):
"""
Obtain the protocol version of the currently used cipher.
@@ -1892,7 +1802,6 @@
version = _ffi.string(_lib.SSL_CIPHER_get_version(cipher))
return version.decode("utf-8")
-
def get_protocol_version_name(self):
"""
Obtain the protocol version of the current connection.
@@ -1905,7 +1814,6 @@
version = _ffi.string(_lib.SSL_get_version(self._ssl))
return version.decode("utf-8")
-
def get_protocol_version(self):
"""
Obtain the protocol version of the current connection.
@@ -1917,7 +1825,6 @@
version = _lib.SSL_version(self._ssl)
return version
-
@_requires_npn
def get_next_proto_negotiated(self):
"""
@@ -1930,7 +1837,6 @@
return _ffi.buffer(data[0], data_len[0])[:]
-
@_requires_alpn
def set_alpn_protos(self, protos):
"""
@@ -1954,7 +1860,6 @@
input_str_len = _ffi.cast("unsigned", len(protostr))
_lib.SSL_set_alpn_protos(self._ssl, input_str, input_str_len)
-
@_requires_alpn
def get_alpn_proto_negotiated(self):
"""
@@ -1971,7 +1876,6 @@
return _ffi.buffer(data[0], data_len[0])[:]
-
ConnectionType = Connection
# This is similar to the initialization calls at the end of OpenSSL/crypto.py