Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 679c426ff314e98d254cd4fd44534c85efe40f50^! / . / src / ssl / connection.c
commit679c426ff314e98d254cd4fd44534c85efe40f50[log] [tgz]
authorZiga Seilnacht <ziga.seilnacht@gmail.com>Tue Sep 01 01:32:29 2009 +0200
committerZiga Seilnacht <ziga.seilnacht@gmail.com>Tue Sep 01 01:32:29 2009 +0200
treef7653aa63150580db774db9bf0a10bdcf481d44b
parentd89723512ae291738e8cbe27248c91fb2259ab89 [diff] [blame]
Allow setting and inspecting the preferred client certificate signer list.

This exposes SSL_CTX_add_client_CA, SSL_CTX_set_client_CA_list
and SSL_get_client_CA_list functions to python.

The other *client_CA* functions don't look so useful, so I'll leave them
to someone else.
diff --git a/src/ssl/connection.c b/src/ssl/connection.c
index 5d6d008..bd39b66 100755
--- a/src/ssl/connection.c
+++ b/src/ssl/connection.c

@@ -840,6 +840,58 @@
     return lst;
 }
 
+static char ssl_Connection_get_client_CA_list_doc[] = "\n\
+Get CAs whose certificates are suggested for client authentication.\n\
+\n\
+@return: A list of X509Names representing the acceptable CAs as set by\n\
+         ssl.Context.{set, add}_client_CA* if this is a server connection\n\
+         or as sent by the server if this is a client connection.\n\
+";
+
+static PyObject *
+ssl_Connection_get_client_CA_list(ssl_ConnectionObj *self, PyObject *args)
+{
+    STACK_OF(X509_NAME) *CANames;
+    PyObject *CAList;
+    int i, n;
+
+    if (!PyArg_ParseTuple(args, ":get_client_CA_list")) {
+        return NULL;
+    }
+    CANames = SSL_get_client_CA_list(self->ssl);
+    if (CANames == NULL) {
+        return PyList_New(0);
+    }
+    n = sk_X509_NAME_num(CANames);
+    CAList = PyList_New(n);
+    if (CAList == NULL) {
+        return NULL;
+    }
+    for (i = 0; i < n; i++) {
+        X509_NAME *CAName;
+        PyObject *CA;
+
+        CAName = X509_NAME_dup(sk_X509_NAME_value(CANames, i));
+        if (CAName == NULL) {
+            Py_DECREF(CAList);
+            exception_from_error_queue(ssl_Error);
+            return NULL;
+        }
+        CA = (PyObject *)crypto_X509Name_New(CAName, 1);
+        if (CA == NULL) {
+            X509_NAME_free(CAName);
+            Py_DECREF(CAList);
+            return NULL;
+        }
+        if (PyList_SetItem(CAList, i, CA)) {
+            Py_DECREF(CA);
+            Py_DECREF(CAList);
+            return NULL;
+        }
+    }
+    return CAList;
+}
+
 static char ssl_Connection_makefile_doc[] = "\n\
 The makefile() method is not implemented, since there is no dup semantics\n\
 for SSL connections\n\
@@ -1098,6 +1150,7 @@
     ADD_METHOD(bio_shutdown),
     ADD_METHOD(shutdown),
     ADD_METHOD(get_cipher_list),
+    ADD_METHOD(get_client_CA_list),
     ADD_METHOD(makefile),
     ADD_METHOD(get_app_data),
     ADD_METHOD(set_app_data),