Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 61d7d393fb8ef50deed4424db94e3ea72f95c4c2^! / . / OpenSSL / SSL.py
commit61d7d393fb8ef50deed4424db94e3ea72f95c4c2[log] [tgz]
authorAndy Lutomirski <luto@amacapital.net>Fri Apr 04 12:16:56 2014 -0700
committerAndy Lutomirski <luto@amacapital.net>Fri Apr 04 12:28:25 2014 -0700
tree4ad40fdfdd39522549e2c4a4d209de531b0dadd7
parent5fb416adb91d46945f82cd9b053a8daf7a5ac030 [diff] [blame]
ecdh: Use different exception types for different errors

This sneakily fixes some test cases typos, too.

diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index 5b748ee..a3a525e 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py

@@ -230,6 +230,37 @@
 
 
 
+class ECNotAvailable(ValueError):
+    """
+    Raised if a request for an elliptic curve fails because OpenSSL
+    is compiled without elliptic curve support.
+    """
+    def __init__(self):
+        ValueError.__init__(self, "OpenSSL is compiled without EC support")
+
+
+
+class UnknownObject(ValueError):
+    """
+    Raised if OpenSSL does not recognize the requested object.
+    """
+    def __init__(self, sn):
+        ValueError.__init__(self, "OpenSSL does not recognize %r" % sn)
+        self.sn = sn
+
+
+
+class UnsupportedEllipticCurve(ValueError):
+    """
+    Raised if OpenSSL does not support the requested elliptic curve.
+    """
+    def __init__(self, sn):
+        ValueError.__init__(
+            self, "OpenSSL does not support the elliptic curve %r" % sn)
+        self.sn = sn
+
+
+
 def SSLeay_version(type):
     """
     Return a string describing the version of OpenSSL in use.
@@ -618,8 +649,10 @@
         The valid values of *curve_name* are the keys in
         :py:data:OpenSSL.SSL.ELLIPTIC_CURVE_DESCRIPTIONS.
 
-        Raises a ``ValueError`` if the linked OpenSSL was not compiled with
-        elliptical curve support, or the specified curve is not available.
+        Raises a subclass of ``ValueError`` if the linked OpenSSL was
+        not compiled with elliptical curve support or the specified
+        curve is not available.  You can check the specific subclass,
+        but, in general, you should just handle ``ValueError``.
 
         :param curve_name: The 'short name' of a curve, e.g. 'prime256v1'
         :type curve_name: str
@@ -628,16 +661,14 @@
         if _lib.Cryptography_HAS_EC:
             nid = _lib.OBJ_sn2nid(curve_name.encode('ascii'))
             if nid == _lib.NID_undef:
-                raise ValueError("No such OpenSSL object '%s'" % curve_name)
+                raise UnknownObject(curve_name)
             ecdh = _lib.EC_KEY_new_by_curve_name(nid)
             if ecdh == _ffi.NULL:
-                raise ValueError(
-                    "OpenSSL could not load the requested elliptic curve"
-                )
+                raise UnsupportedEllipticCurve(sn)
             _lib.SSL_CTX_set_tmp_ecdh(self._context, ecdh)
             _lib.EC_KEY_free(ecdh)
         else:
-            raise ValueError("OpenSSL is compiled without ECDH support")
+            raise ECNotAvailable()
 
 
     def set_cipher_list(self, cipher_list):