initial source import
diff --git a/src/ssl/connection.c b/src/ssl/connection.c
new file mode 100755
index 0000000..96111aa
--- /dev/null
+++ b/src/ssl/connection.c
@@ -0,0 +1,1076 @@
+/*
+ * connection.c
+ *
+ * Copyright (C) AB Strakt 2001, All rights reserved
+ *
+ * SSL Connection objects and methods.
+ * See the file RATIONALE for a short explanation of why this module was written.
+ *
+ * Reviewed 2001-07-23
+ */
+#include <Python.h>
+#define SSL_MODULE
+#include <openssl/err.h>
+#include "ssl.h"
+
+#ifndef MS_WINDOWS
+# include <sys/socket.h>
+# include <netinet/in.h>
+# if !(defined(__BEOS__) || defined(__CYGWIN__))
+# include <netinet/tcp.h>
+# endif
+#else
+# include <winsock.h>
+#endif
+
+static char *CVSid = "@(#) $Id: connection.c,v 1.28 2004/08/06 10:21:56 martin Exp $";
+
+
+/**
+ * If we are on UNIX, fine, just use PyErr_SetFromErrno. If we are on Windows,
+ * apply some black winsock voodoo. This is basically just copied from Python's
+ * socketmodule.c
+ *
+ * Arguments: None
+ * Returns: None
+ */
+static void
+syscall_from_errno(void)
+{
+#ifdef MS_WINDOWS
+ int errnum = WSAGetLastError();
+ if (errnum)
+ {
+ static struct { int num; const char *msg; } *msgp, msgs[] = {
+ { WSAEINTR, "Interrupted system call" },
+ { WSAEBADF, "Bad file descriptor" },
+ { WSAEACCES, "Permission denied" },
+ { WSAEFAULT, "Bad address" },
+ { WSAEINVAL, "Invalid argument" },
+ { WSAEMFILE, "Too many open files" },
+ { WSAEWOULDBLOCK, "The socket operation could not complete "
+ "without blocking" },
+ { WSAEINPROGRESS, "Operation now in progress" },
+ { WSAEALREADY, "Operation already in progress" },
+ { WSAENOTSOCK, "Socket operation on non-socket" },
+ { WSAEDESTADDRREQ, "Destination address required" },
+ { WSAEMSGSIZE, "Message too long" },
+ { WSAEPROTOTYPE, "Protocol wrong type for socket" },
+ { WSAENOPROTOOPT, "Protocol not available" },
+ { WSAEPROTONOSUPPORT, "Protocol not supported" },
+ { WSAESOCKTNOSUPPORT, "Socket type not supported" },
+ { WSAEOPNOTSUPP, "Operation not supported" },
+ { WSAEPFNOSUPPORT, "Protocol family not supported" },
+ { WSAEAFNOSUPPORT, "Address family not supported" },
+ { WSAEADDRINUSE, "Address already in use" },
+ { WSAEADDRNOTAVAIL, "Can't assign requested address" },
+ { WSAENETDOWN, "Network is down" },
+ { WSAENETUNREACH, "Network is unreachable" },
+ { WSAENETRESET, "Network dropped connection on reset" },
+ { WSAECONNABORTED, "Software caused connection abort" },
+ { WSAECONNRESET, "Connection reset by peer" },
+ { WSAENOBUFS, "No buffer space available" },
+ { WSAEISCONN, "Socket is already connected" },
+ { WSAENOTCONN, "Socket is not connected" },
+ { WSAESHUTDOWN, "Can't send after socket shutdown" },
+ { WSAETOOMANYREFS, "Too many references: can't splice" },
+ { WSAETIMEDOUT, "Operation timed out" },
+ { WSAECONNREFUSED, "Connection refused" },
+ { WSAELOOP, "Too many levels of symbolic links" },
+ { WSAENAMETOOLONG, "File name too long" },
+ { WSAEHOSTDOWN, "Host is down" },
+ { WSAEHOSTUNREACH, "No route to host" },
+ { WSAENOTEMPTY, "Directory not empty" },
+ { WSAEPROCLIM, "Too many processes" },
+ { WSAEUSERS, "Too many users" },
+ { WSAEDQUOT, "Disc quota exceeded" },
+ { WSAESTALE, "Stale NFS file handle" },
+ { WSAEREMOTE, "Too many levels of remote in path" },
+ { WSASYSNOTREADY, "Network subsystem is unvailable" },
+ { WSAVERNOTSUPPORTED, "WinSock version is not supported" },
+ { WSANOTINITIALISED, "Successful WSAStartup() not yet performed" },
+ { WSAEDISCON, "Graceful shutdown in progress" },
+ /* Resolver errors */
+ { WSAHOST_NOT_FOUND, "No such host is known" },
+ { WSATRY_AGAIN, "Host not found, or server failed" },
+ { WSANO_RECOVERY, "Unexpected server error encountered" },
+ { WSANO_DATA, "Valid name without requested data" },
+ { WSANO_ADDRESS, "No address, look for MX record" },
+ { 0, NULL }
+ };
+ PyObject *v;
+ const char *msg = "winsock error";
+
+ for (msgp = msgs; msgp->msg; msgp++)
+ {
+ if (errnum == msgp->num)
+ {
+ msg = msgp->msg;
+ break;
+ }
+ }
+
+ v = Py_BuildValue("(is)", errnum, msg);
+ if (v != NULL)
+ {
+ PyErr_SetObject(ssl_SysCallError, v);
+ Py_DECREF(v);
+ }
+ return;
+ }
+#else
+ PyErr_SetFromErrno(ssl_SysCallError);
+#endif
+}
+
+/*
+ * Handle errors raised by SSL I/O functions. NOTE: Not SSL_shutdown ;)
+ *
+ * Arguments: ssl - The SSL object
+ * err - The return code from SSL_get_error
+ * ret - The return code from the SSL I/O function
+ * Returns: None, the calling function should return NULL
+ */
+static void
+handle_ssl_errors(SSL *ssl, int err, int ret)
+{
+ switch (err)
+ {
+ /*
+ * Strange as it may seem, ZeroReturn is not an error per se. It means
+ * that the SSL Connection has been closed correctly (note, not the
+ * transport layer!), i.e. closure alerts have been exchanged. This is
+ * an exception since
+ * + There's an SSL "error" code for it
+ * + You have to deal with it in any case, close the transport layer
+ * etc
+ */
+ case SSL_ERROR_ZERO_RETURN:
+ PyErr_SetNone(ssl_ZeroReturnError);
+ break;
+
+ /*
+ * The WantXYZ exceptions don't mean that there's an error, just that
+ * nothing could be read/written just now, maybe because the transport
+ * layer would block on the operation, or that there's not enough data
+ * available to fill an entire SSL record.
+ */
+ case SSL_ERROR_WANT_READ:
+ PyErr_SetNone(ssl_WantReadError);
+ break;
+
+ case SSL_ERROR_WANT_WRITE:
+ PyErr_SetNone(ssl_WantWriteError);
+ break;
+
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ PyErr_SetNone(ssl_WantX509LookupError);
+ break;
+
+ case SSL_ERROR_SYSCALL:
+ if (ERR_peek_error() == 0)
+ {
+ if (ret < 0)
+ {
+ syscall_from_errno();
+ }
+ else
+ {
+ PyObject *v;
+
+ v = Py_BuildValue("(is)", -1, "Unexpected EOF");
+ if (v != NULL)
+ {
+ PyErr_SetObject(ssl_SysCallError, v);
+ Py_DECREF(v);
+ }
+ }
+ break;
+ }
+
+ /* NOTE: Fall-through here, we don't want to duplicate code, right? */
+
+ case SSL_ERROR_SSL:
+ ;
+ default:
+ exception_from_error_queue();
+ break;
+ }
+}
+
+/*
+ * Here be member methods of the Connection "class"
+ */
+
+static char ssl_Connection_get_context_doc[] = "\n\
+Get session context\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: A Context object\n\
+";
+static PyObject *
+ssl_Connection_get_context(ssl_ConnectionObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":get_context"))
+ return NULL;
+
+ Py_INCREF(self->context);
+ return (PyObject *)self->context;
+}
+
+static char ssl_Connection_pending_doc[] = "\n\
+Get the number of bytes that can be safely read from the connection\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: \n\
+";
+static PyObject *
+ssl_Connection_pending(ssl_ConnectionObj *self, PyObject *args)
+{
+ int ret;
+
+ if (!PyArg_ParseTuple(args, ":pending"))
+ return NULL;
+
+ ret = SSL_pending(self->ssl);
+ return PyInt_FromLong((long)ret);
+}
+
+static char ssl_Connection_send_doc[] = "\n\
+Send data on the connection. NOTE: If you get one of the WantRead,\n\
+WantWrite or WantX509Lookup exceptions on this, you have to call the\n\
+method again with the SAME buffer.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be:\n\
+ buf - The string to send\n\
+ flags - (optional) Included for compatability with the socket\n\
+ API, the value is ignored\n\
+Returns: The number of bytes written\n\
+";
+static PyObject *
+ssl_Connection_send(ssl_ConnectionObj *self, PyObject *args)
+{
+ char *buf;
+ int len, ret, err, flags;
+
+ if (!PyArg_ParseTuple(args, "s#|i:send", &buf, &len, &flags))
+ return NULL;
+
+ MY_BEGIN_ALLOW_THREADS(self->tstate)
+ ret = SSL_write(self->ssl, buf, len);
+ MY_END_ALLOW_THREADS(self->tstate)
+
+ if (PyErr_Occurred())
+ {
+ flush_error_queue();
+ return NULL;
+ }
+
+ err = SSL_get_error(self->ssl, ret);
+ if (err == SSL_ERROR_NONE)
+ {
+ return PyInt_FromLong((long)ret);
+ }
+ else
+ {
+ handle_ssl_errors(self->ssl, err, ret);
+ return NULL;
+ }
+}
+
+static char ssl_Connection_sendall_doc[] = "\n\
+Send \"all\" data on the connection. This calls send() repeatedly until\n\
+all data is sent. If an error occurs, it's impossible to tell how much data\n\
+has been sent.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be:\n\
+ buf - The string to send\n\
+ flags - (optional) Included for compatability with the socket\n\
+ API, the value is ignored\n\
+Returns: The number of bytes written\n\
+";
+static PyObject *
+ssl_Connection_sendall(ssl_ConnectionObj *self, PyObject *args)
+{
+ char *buf;
+ int len, ret, err, flags;
+ PyObject *pyret = Py_None;
+
+ if (!PyArg_ParseTuple(args, "s#|i:sendall", &buf, &len, &flags))
+ return NULL;
+
+ do {
+ MY_BEGIN_ALLOW_THREADS(self->tstate)
+ ret = SSL_write(self->ssl, buf, len);
+ MY_END_ALLOW_THREADS(self->tstate)
+ if (PyErr_Occurred())
+ {
+ flush_error_queue();
+ pyret = NULL;
+ break;
+ }
+ err = SSL_get_error(self->ssl, ret);
+ if (err == SSL_ERROR_NONE)
+ {
+ buf += ret;
+ len -= ret;
+ }
+ else if (err == SSL_ERROR_SSL || err == SSL_ERROR_SYSCALL ||
+ err == SSL_ERROR_ZERO_RETURN)
+ {
+ handle_ssl_errors(self->ssl, err, ret);
+ pyret = NULL;
+ break;
+ }
+ } while (len > 0);
+
+ Py_XINCREF(pyret);
+ return pyret;
+}
+
+static char ssl_Connection_recv_doc[] = "\n\
+Receive data on the connection. NOTE: If you get one of the WantRead,\n\
+WantWrite or WantX509Lookup exceptions on this, you have to call the\n\
+method again with the SAME buffer.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be:\n\
+ bufsiz - The maximum number of bytes to read\n\
+ flags - (optional) Included for compatability with the socket\n\
+ API, the value is ignored\n\
+Returns: The number of bytes read\n\
+";
+static PyObject *
+ssl_Connection_recv(ssl_ConnectionObj *self, PyObject *args)
+{
+ int bufsiz, ret, err, flags;
+ PyObject *buf;
+
+ if (!PyArg_ParseTuple(args, "i|i:recv", &bufsiz, &flags))
+ return NULL;
+
+ buf = PyString_FromStringAndSize(NULL, bufsiz);
+ if (buf == NULL)
+ return NULL;
+
+ MY_BEGIN_ALLOW_THREADS(self->tstate)
+ ret = SSL_read(self->ssl, PyString_AsString(buf), bufsiz);
+ MY_END_ALLOW_THREADS(self->tstate)
+
+ if (PyErr_Occurred())
+ {
+ Py_DECREF(buf);
+ flush_error_queue();
+ return NULL;
+ }
+
+ err = SSL_get_error(self->ssl, ret);
+ if (err == SSL_ERROR_NONE)
+ {
+ if (ret != bufsiz && _PyString_Resize(&buf, ret) < 0)
+ return NULL;
+ return buf;
+ }
+ else
+ {
+ handle_ssl_errors(self->ssl, err, ret);
+ Py_DECREF(buf);
+ return NULL;
+ }
+}
+
+static char ssl_Connection_renegotiate_doc[] = "\n\
+Renegotiate the session\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: True if the renegotiation can be started, false otherwise\n\
+";
+static PyObject *
+ssl_Connection_renegotiate(ssl_ConnectionObj *self, PyObject *args)
+{
+ int ret;
+
+ if (!PyArg_ParseTuple(args, ":renegotiate"))
+ return NULL;
+
+ MY_BEGIN_ALLOW_THREADS(self->tstate);
+ ret = SSL_renegotiate(self->ssl);
+ MY_END_ALLOW_THREADS(self->tstate);
+
+ if (PyErr_Occurred())
+ {
+ flush_error_queue();
+ return NULL;
+ }
+
+ return PyInt_FromLong((long)ret);
+}
+
+static char ssl_Connection_do_handshake_doc[] = "\n\
+Perform an SSL handshake (usually called after renegotiate() or one of\n\
+set_*_state()). This can raise the same exceptions as send and recv.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: None.\n\
+";
+static PyObject *
+ssl_Connection_do_handshake(ssl_ConnectionObj *self, PyObject *args)
+{
+ int ret, err;
+
+ if (!PyArg_ParseTuple(args, ":do_handshake"))
+ return NULL;
+
+ MY_BEGIN_ALLOW_THREADS(self->tstate);
+ ret = SSL_do_handshake(self->ssl);
+ MY_END_ALLOW_THREADS(self->tstate);
+
+ if (PyErr_Occurred())
+ {
+ flush_error_queue();
+ return NULL;
+ }
+
+ err = SSL_get_error(self->ssl, ret);
+ if (err == SSL_ERROR_NONE)
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+ else
+ {
+ handle_ssl_errors(self->ssl, err, ret);
+ return NULL;
+ }
+}
+
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00907000L
+static char ssl_Connection_renegotiate_pending_doc[] = "\n\
+Check if there's a renegotiation in progress, it will return false once\n\
+a renegotiation is finished.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: Whether there's a renegotiation in progress\n\
+";
+static PyObject *
+ssl_Connection_renegotiate_pending(ssl_ConnectionObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":renegotiate_pending"))
+ return NULL;
+
+ return PyInt_FromLong((long)SSL_renegotiate_pending(self->ssl));
+}
+#endif
+
+static char ssl_Connection_total_renegotiations_doc[] = "\n\
+Find out the total number of renegotiations.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: The number of renegotiations.\n\
+";
+static PyObject *
+ssl_Connection_total_renegotiations(ssl_ConnectionObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":total_renegotiations"))
+ return NULL;
+
+ return PyInt_FromLong(SSL_total_renegotiations(self->ssl));
+}
+
+static char ssl_Connection_set_accept_state_doc[] = "\n\
+Set the connection to work in server mode. The handshake will be handled\n\
+automatically by read/write.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Connection_set_accept_state(ssl_ConnectionObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":set_accept_state"))
+ return NULL;
+
+ SSL_set_accept_state(self->ssl);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Connection_set_connect_state_doc[] = "\n\
+Set the connection to work in client mode. The handshake will be handled\n\
+automatically by read/write.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Connection_set_connect_state(ssl_ConnectionObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":set_connect_state"))
+ return NULL;
+
+ SSL_set_connect_state(self->ssl);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Connection_connect_doc[] = "\n\
+Connect to remote host and set up client-side SSL\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be:\n\
+ addr - A remote address\n\
+Returns: What the socket's connect method returns\n\
+";
+static PyObject *
+ssl_Connection_connect(ssl_ConnectionObj *self, PyObject *args)
+{
+ PyObject *meth, *ret;
+
+ if ((meth = PyObject_GetAttrString(self->socket, "connect")) == NULL)
+ return NULL;
+
+ SSL_set_connect_state(self->ssl);
+
+ ret = PyEval_CallObject(meth, args);
+ Py_DECREF(meth);
+ if (ret == NULL)
+ return NULL;
+
+ return ret;
+}
+
+static char ssl_Connection_connect_ex_doc[] = "\n\
+Connect to remote host and set up client-side SSL. Note that if the socket's\n\
+connect_ex method doesn't return 0, SSL won't be initialized.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be:\n\
+ addr - A remove address\n\
+Returns: What the socket's connect_ex method returns\n\
+";
+static PyObject *
+ssl_Connection_connect_ex(ssl_ConnectionObj *self, PyObject *args)
+{
+ PyObject *meth, *ret;
+
+ if ((meth = PyObject_GetAttrString(self->socket, "connect_ex")) == NULL)
+ return NULL;
+
+ SSL_set_connect_state(self->ssl);
+
+ ret = PyEval_CallObject(meth, args);
+ Py_DECREF(meth);
+ if (ret == NULL)
+ return NULL;
+ if (PyInt_Check(ret) && PyInt_AsLong(ret) != 0)
+ return ret;
+
+ return ret;
+}
+
+static char ssl_Connection_accept_doc[] = "\n\
+Accept incoming connection and set up SSL on it\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: A (conn,addr) pair where conn is a Connection and addr is an\n\
+ address\n\
+";
+static PyObject *
+ssl_Connection_accept(ssl_ConnectionObj *self, PyObject *args)
+{
+ PyObject *tuple, *socket, *address, *meth;
+ ssl_ConnectionObj *conn;
+
+ if ((meth = PyObject_GetAttrString(self->socket, "accept")) == NULL)
+ return NULL;
+ tuple = PyEval_CallObject(meth, args);
+ Py_DECREF(meth);
+ if (tuple == NULL)
+ return NULL;
+
+ socket = PyTuple_GetItem(tuple, 0);
+ Py_INCREF(socket);
+ address = PyTuple_GetItem(tuple, 1);
+ Py_INCREF(address);
+ Py_DECREF(tuple);
+
+ conn = ssl_Connection_New(self->context, socket);
+ Py_DECREF(socket);
+ if (conn == NULL)
+ {
+ Py_DECREF(address);
+ return NULL;
+ }
+
+ SSL_set_accept_state(conn->ssl);
+
+ tuple = Py_BuildValue("(OO)", conn, address);
+
+ Py_DECREF(conn);
+ Py_DECREF(address);
+
+ return tuple;
+}
+
+static char ssl_Connection_shutdown_doc[] = "\n\
+Send closure alert\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: True if the shutdown completed successfully (i.e. both sides\n\
+ have sent closure alerts), false otherwise (i.e. you have to\n\
+ wait for a ZeroReturnError on a recv() method call\n\
+";
+static PyObject *
+ssl_Connection_shutdown(ssl_ConnectionObj *self, PyObject *args)
+{
+ int ret;
+
+ if (!PyArg_ParseTuple(args, ":shutdown"))
+ return NULL;
+
+ MY_BEGIN_ALLOW_THREADS(self->tstate)
+ ret = SSL_shutdown(self->ssl);
+ MY_END_ALLOW_THREADS(self->tstate)
+
+ if (PyErr_Occurred())
+ {
+ flush_error_queue();
+ return NULL;
+ }
+
+ if (ret < 0)
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else if (ret > 0)
+ {
+ Py_INCREF(Py_True);
+ return Py_True;
+ }
+ else
+ {
+ Py_INCREF(Py_False);
+ return Py_False;
+ }
+}
+
+static char ssl_Connection_get_cipher_list_doc[] = "\n\
+Get the session cipher list\n\
+WARNING: API change! This used to take an optional argument, and return a\n\
+string.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: A list of cipher strings\n\
+";
+static PyObject *
+ssl_Connection_get_cipher_list(ssl_ConnectionObj *self, PyObject *args)
+{
+ int idx = 0;
+ const char *ret;
+ PyObject *lst, *item;
+
+ if (!PyArg_ParseTuple(args, ":get_cipher_list"))
+ return NULL;
+
+ lst = PyList_New(0);
+ while ((ret = SSL_get_cipher_list(self->ssl, idx)) != NULL)
+ {
+ item = PyString_FromString(ret);
+ PyList_Append(lst, item);
+ Py_DECREF(item);
+ idx++;
+ }
+ return lst;
+}
+
+static char ssl_Connection_makefile_doc[] = "\n\
+The makefile() method is not implemented, since there is no dup semantics\n\
+for SSL connections\n\
+XXX: Return self instead?\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: NULL\n\
+";
+static PyObject *
+ssl_Connection_makefile(ssl_ConnectionObj *self, PyObject *args)
+{
+ PyErr_SetString(PyExc_NotImplementedError, "Cannot make file object of SSL.Connection");
+ return NULL;
+}
+
+static char ssl_Connection_get_app_data_doc[] = "\n\
+Get application data\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: The application data\n\
+";
+static PyObject *
+ssl_Connection_get_app_data(ssl_ConnectionObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":get_app_data"))
+ return NULL;
+
+ Py_INCREF(self->app_data);
+ return self->app_data;
+}
+
+static char ssl_Connection_set_app_data_doc[] = "\n\
+Set application data\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be\n\
+ data - The application data\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Connection_set_app_data(ssl_ConnectionObj *self, PyObject *args)
+{
+ PyObject *data;
+
+ if (!PyArg_ParseTuple(args, "O:set_app_data", &data))
+ return NULL;
+
+ Py_DECREF(self->app_data);
+ Py_INCREF(data);
+ self->app_data = data;
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Connection_state_string_doc[] = "\n\
+Get a verbose state description\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: A string representing the state\n\
+";
+static PyObject *
+ssl_Connection_state_string(ssl_ConnectionObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":state_string"))
+ return NULL;
+
+ return PyString_FromString(SSL_state_string_long(self->ssl));
+}
+
+static char ssl_Connection_sock_shutdown_doc[] = "\n\
+See shutdown(2)\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be whatever the\n\
+ socket's shutdown() method expects\n\
+Returns: What the socket's shutdown() method returns\n\
+";
+static PyObject *
+ssl_Connection_sock_shutdown(ssl_ConnectionObj *self, PyObject *args)
+{
+ PyObject *meth, *ret;
+
+ if ((meth = PyObject_GetAttrString(self->socket, "shutdown")) == NULL)
+ return NULL;
+ ret = PyEval_CallObject(meth, args);
+ Py_DECREF(meth);
+ return ret;
+}
+
+static char ssl_Connection_get_peer_certificate_doc[] = "\n\
+Retrieve the other side's certificate (if any)\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: The peer's certificate\n\
+";
+static PyObject *
+ssl_Connection_get_peer_certificate(ssl_ConnectionObj *self, PyObject *args)
+{
+ X509 *cert;
+
+ if (!PyArg_ParseTuple(args, ":get_peer_certificate"))
+ return NULL;
+
+ cert = SSL_get_peer_certificate(self->ssl);
+ if (cert != NULL)
+ {
+ return (PyObject *)crypto_X509_New(cert, 1);
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+static char ssl_Connection_want_read_doc[] = "\n\
+Checks if more data has to be read from the transport layer to complete an\n\
+operation.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: True iff more data has to be read\n\
+";
+static PyObject *
+ssl_Connection_want_read(ssl_ConnectionObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":want_read"))
+ return NULL;
+
+ return PyInt_FromLong((long)SSL_want_read(self->ssl));
+}
+
+static char ssl_Connection_want_write_doc[] = "\n\
+Checks if there is data to write to the transport layer to complete an\n\
+operation.\n\
+\n\
+Arguments: self - The Connection object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: True iff there is data to write\n\
+";
+static PyObject *
+ssl_Connection_want_write(ssl_ConnectionObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":want_write"))
+ return NULL;
+
+ return PyInt_FromLong((long)SSL_want_write(self->ssl));
+}
+
+/*
+ * Member methods in the Connection object
+ * ADD_METHOD(name) expands to a correct PyMethodDef declaration
+ * { 'name', (PyCFunction)ssl_Connection_name, METH_VARARGS }
+ * for convenience
+ * ADD_ALIAS(name,real) creates an "alias" of the ssl_Connection_real
+ * function with the name 'name'
+ */
+#define ADD_METHOD(name) \
+ { #name, (PyCFunction)ssl_Connection_##name, METH_VARARGS, ssl_Connection_##name##_doc }
+#define ADD_ALIAS(name,real) \
+ { #name, (PyCFunction)ssl_Connection_##real, METH_VARARGS, ssl_Connection_##real##_doc }
+static PyMethodDef ssl_Connection_methods[] =
+{
+ ADD_METHOD(get_context),
+ ADD_METHOD(pending),
+ ADD_METHOD(send),
+ ADD_ALIAS (write, send),
+ ADD_METHOD(sendall),
+ ADD_METHOD(recv),
+ ADD_ALIAS (read, recv),
+ ADD_METHOD(renegotiate),
+ ADD_METHOD(do_handshake),
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00907000L
+ ADD_METHOD(renegotiate_pending),
+#endif
+ ADD_METHOD(total_renegotiations),
+ ADD_METHOD(connect),
+ ADD_METHOD(connect_ex),
+ ADD_METHOD(accept),
+ ADD_METHOD(shutdown),
+ ADD_METHOD(get_cipher_list),
+ ADD_METHOD(makefile),
+ ADD_METHOD(get_app_data),
+ ADD_METHOD(set_app_data),
+ ADD_METHOD(state_string),
+ ADD_METHOD(sock_shutdown),
+ ADD_METHOD(get_peer_certificate),
+ ADD_METHOD(want_read),
+ ADD_METHOD(want_write),
+ ADD_METHOD(set_accept_state),
+ ADD_METHOD(set_connect_state),
+ { NULL, NULL }
+};
+#undef ADD_ALIAS
+#undef ADD_METHOD
+
+
+/*
+ * Constructor for Connection objects
+ *
+ * Arguments: ctx - An SSL Context to use for this connection
+ * sock - The socket to use for transport layer
+ * Returns: The newly created Connection object
+ */
+ssl_ConnectionObj *
+ssl_Connection_New(ssl_ContextObj *ctx, PyObject *sock)
+{
+ ssl_ConnectionObj *self;
+ int fd;
+
+ self = PyObject_GC_New(ssl_ConnectionObj, &ssl_Connection_Type);
+ if (self == NULL)
+ return NULL;
+
+ Py_INCREF(ctx);
+ self->context = ctx;
+
+ Py_INCREF(sock);
+ self->socket = sock;
+
+ self->ssl = NULL;
+
+ Py_INCREF(Py_None);
+ self->app_data = Py_None;
+
+ self->tstate = NULL;
+
+ fd = PyObject_AsFileDescriptor(self->socket);
+ if (fd < 0)
+ {
+ Py_DECREF(self);
+ return NULL;
+ }
+
+ self->ssl = SSL_new(self->context->ctx);
+ SSL_set_app_data(self->ssl, self);
+ SSL_set_fd(self->ssl, (SOCKET_T)fd);
+
+ PyObject_GC_Track(self);
+
+ return self;
+}
+
+/*
+ * Find attribute
+ *
+ * Arguments: self - The Connection object
+ * name - The attribute name
+ * Returns: A Python object for the attribute, or NULL if something went
+ * wrong
+ */
+static PyObject *
+ssl_Connection_getattr(ssl_ConnectionObj *self, char *name)
+{
+ PyObject *meth;
+
+ meth = Py_FindMethod(ssl_Connection_methods, (PyObject *)self, name);
+
+ if (PyErr_Occurred() && PyErr_ExceptionMatches(PyExc_AttributeError))
+ {
+ PyErr_Clear();
+ /* Try looking it up in the "socket" instead. */
+ meth = PyObject_GetAttrString(self->socket, name);
+ }
+
+ return meth;
+}
+
+/*
+ * Call the visitproc on all contained objects.
+ *
+ * Arguments: self - The Connection object
+ * visit - Function to call
+ * arg - Extra argument to visit
+ * Returns: 0 if all goes well, otherwise the return code from the first
+ * call that gave non-zero result.
+ */
+static int
+ssl_Connection_traverse(ssl_ConnectionObj *self, visitproc visit, void *arg)
+{
+ int ret = 0;
+
+ if (ret == 0 && self->context != NULL)
+ ret = visit((PyObject *)self->context, arg);
+ if (ret == 0 && self->socket != NULL)
+ ret = visit(self->socket, arg);
+ if (ret == 0 && self->app_data != NULL)
+ ret = visit(self->app_data, arg);
+ return ret;
+}
+
+/*
+ * Decref all contained objects and zero the pointers.
+ *
+ * Arguments: self - The Connection object
+ * Returns: Always 0.
+ */
+static int
+ssl_Connection_clear(ssl_ConnectionObj *self)
+{
+ Py_XDECREF(self->context);
+ self->context = NULL;
+ Py_XDECREF(self->socket);
+ self->socket = NULL;
+ Py_XDECREF(self->app_data);
+ self->app_data = NULL;
+ return 0;
+}
+
+/*
+ * Deallocate the memory used by the Connection object
+ *
+ * Arguments: self - The Connection object
+ * Returns: None
+ */
+static void
+ssl_Connection_dealloc(ssl_ConnectionObj *self)
+{
+ PyObject_GC_UnTrack(self);
+ if (self->ssl != NULL)
+ SSL_free(self->ssl);
+ ssl_Connection_clear(self);
+ PyObject_GC_Del(self);
+}
+
+PyTypeObject ssl_Connection_Type = {
+ PyObject_HEAD_INIT(NULL)
+ 0,
+ "Connection",
+ sizeof(ssl_ConnectionObj),
+ 0,
+ (destructor)ssl_Connection_dealloc,
+ NULL, /* print */
+ (getattrfunc)ssl_Connection_getattr,
+ NULL, /* setattr */
+ NULL, /* compare */
+ NULL, /* repr */
+ NULL, /* as_number */
+ NULL, /* as_sequence */
+ NULL, /* as_mapping */
+ NULL, /* hash */
+ NULL, /* call */
+ NULL, /* str */
+ NULL, /* getattro */
+ NULL, /* setattro */
+ NULL, /* as_buffer */
+ Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC,
+ NULL, /* doc */
+ (traverseproc)ssl_Connection_traverse,
+ (inquiry)ssl_Connection_clear,
+};
+
+
+/*
+ * Initiailze the Connection part of the SSL sub module
+ *
+ * Arguments: dict - Dictionary of the OpenSSL.SSL module
+ * Returns: 1 for success, 0 otherwise
+ */
+int
+init_ssl_connection(PyObject *dict)
+{
+ ssl_Connection_Type.ob_type = &PyType_Type;
+ Py_INCREF(&ssl_Connection_Type);
+ if (PyDict_SetItemString(dict, "ConnectionType", (PyObject *)&ssl_Connection_Type) != 0)
+ return 0;
+
+ return 1;
+}
+
diff --git a/src/ssl/connection.h b/src/ssl/connection.h
new file mode 100644
index 0000000..dedb73e
--- /dev/null
+++ b/src/ssl/connection.h
@@ -0,0 +1,52 @@
+/*
+ * connection.h
+ *
+ * Copyright (C) AB Strakt 2001, All rights reserved
+ *
+ * Export SSL Connection data structures and functions.
+ * See the file RATIONALE for a short explanation of why this module was written.
+ *
+ * Reviewed 2001-07-23
+ *
+ * @(#) $Id: connection.h,v 1.11 2002/09/04 22:24:59 iko Exp $
+ */
+#ifndef PyOpenSSL_SSL_CONNECTION_H_
+#define PyOpenSSL_SSL_CONNECTION_H_
+
+#include <Python.h>
+#include <openssl/ssl.h>
+
+/* shamelessly stolen from socketmodule.c */
+#ifdef MS_WINDOWS
+# include <winsock.h>
+typedef SOCKET SOCKET_T;
+# ifdef MS_WIN64
+# define SIZEOF_SOCKET_T 8
+# else
+# define SIZEOF_SOCKET_T 4
+# endif
+#else
+typedef int SOCKET_T;
+# define SIZEOF_SOCKET_T SIZEOF_INT
+#endif
+
+
+extern int init_ssl_connection (PyObject *);
+
+extern PyTypeObject ssl_Connection_Type;
+
+#define ssl_Connection_Check(v) ((v)->ob_type == &ssl_Connection_Type)
+
+typedef struct {
+ PyObject_HEAD
+ SSL *ssl;
+ ssl_ContextObj *context;
+ PyObject *socket;
+ PyThreadState *tstate;
+ PyObject *app_data;
+} ssl_ConnectionObj;
+
+
+
+#endif
+
diff --git a/src/ssl/context.c b/src/ssl/context.c
new file mode 100644
index 0000000..93f1c83
--- /dev/null
+++ b/src/ssl/context.c
@@ -0,0 +1,1074 @@
+/*
+ * context.c
+ *
+ * Copyright (C) AB Strakt 2001, All rights reserved
+ *
+ * SSL Context objects and their methods.
+ * See the file RATIONALE for a short explanation of why this module was written.
+ *
+ * Reviewed 2001-07-23
+ */
+#include <Python.h>
+#define SSL_MODULE
+#include "ssl.h"
+
+static char *CVSid = "@(#) $Id: context.c,v 1.17 2004/08/06 10:21:56 martin Exp $";
+
+/*
+ * CALLBACKS
+ *
+ * Callbacks work like this: We provide a "global" callback in C which
+ * transforms the arguments into a Python argument tuple and calls the
+ * corresponding Python callback, and then parsing the return value back into
+ * things the C function can return.
+ *
+ * Three caveats:
+ * + How do we find the Context object where the Python callbacks are stored?
+ * + What about multithreading and execution frames?
+ * + What about Python callbacks that raise exceptions?
+ *
+ * The solution to the first issue is trivial if the callback provides
+ * "userdata" functionality. Since the only callbacks that don't provide
+ * userdata do provide a pointer to an SSL structure, we can associate an SSL
+ * object and a Connection one-to-one via the SSL_set/get_app_data()
+ * functions.
+ *
+ * The solution to the other issue is to rewrite the Py_BEGIN_ALLOW_THREADS
+ * macro allowing it (or rather a new macro) to specify where to save the
+ * thread state (in our case, as a member of the Connection/Context object) so
+ * we can retrieve it again before calling the Python callback.
+ */
+
+/*
+ * Globally defined passphrase callback.
+ *
+ * Arguments: buf - Buffer to store the returned passphrase in
+ * maxlen - Maximum length of the passphrase
+ * verify - If true, the passphrase callback should ask for a
+ * password twice and verify they're equal. If false, only
+ * ask once.
+ * arg - User data, always a Context object
+ * Returns: The length of the password if successful, 0 otherwise
+ */
+static int
+global_passphrase_callback(char *buf, int maxlen, int verify, void *arg)
+{
+ int len;
+ char *str;
+ PyObject *argv, *ret = NULL;
+ ssl_ContextObj *ctx = (ssl_ContextObj *)arg;
+
+ /* The Python callback is called with a (maxlen,verify,userdata) tuple */
+ argv = Py_BuildValue("(iiO)", maxlen, verify, ctx->passphrase_userdata);
+ if (ctx->tstate != NULL)
+ {
+ /* We need to get back our thread state before calling the callback */
+ MY_END_ALLOW_THREADS(ctx->tstate);
+ ret = PyEval_CallObject(ctx->passphrase_callback, argv);
+ MY_BEGIN_ALLOW_THREADS(ctx->tstate);
+ }
+ else
+ {
+ ret = PyEval_CallObject(ctx->passphrase_callback, argv);
+ }
+ Py_DECREF(argv);
+
+ if (ret == NULL)
+ return 0;
+
+ if (!PyObject_IsTrue(ret))
+ {
+ Py_DECREF(ret);
+ return 0;
+ }
+
+ if (!PyString_Check(ret))
+ {
+ Py_DECREF(ret);
+ return 0;
+ }
+
+ len = PyString_Size(ret);
+ if (len > maxlen)
+ len = maxlen;
+
+ str = PyString_AsString(ret);
+ strncpy(buf, str, len);
+ Py_XDECREF(ret);
+
+ return len;
+}
+
+/*
+ * Globally defined verify callback
+ *
+ * Arguments: ok - True everything is OK "so far", false otherwise
+ * x509_ctx - Contains the certificate being checked, the current
+ * error number and depth, and the Connection we're
+ * dealing with
+ * Returns: True if everything is okay, false otherwise
+ */
+static int
+global_verify_callback(int ok, X509_STORE_CTX *x509_ctx)
+{
+ PyObject *argv, *ret;
+ SSL *ssl;
+ ssl_ConnectionObj *conn;
+ crypto_X509Obj *cert;
+ int errnum, errdepth, c_ret;
+
+ cert = crypto_X509_New(X509_STORE_CTX_get_current_cert(x509_ctx), 0);
+ errnum = X509_STORE_CTX_get_error(x509_ctx);
+ errdepth = X509_STORE_CTX_get_error_depth(x509_ctx);
+ ssl = (SSL *)X509_STORE_CTX_get_app_data(x509_ctx);
+ conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
+
+ argv = Py_BuildValue("(OOiii)", (PyObject *)conn, (PyObject *)cert,
+ errnum, errdepth, ok);
+ Py_DECREF(cert);
+ if (conn->tstate != NULL)
+ {
+ /* We need to get back our thread state before calling the callback */
+ MY_END_ALLOW_THREADS(conn->tstate);
+ ret = PyEval_CallObject(conn->context->verify_callback, argv);
+ MY_BEGIN_ALLOW_THREADS(conn->tstate);
+ }
+ else
+ {
+ ret = PyEval_CallObject(conn->context->verify_callback, argv);
+ }
+ Py_DECREF(argv);
+
+ if (ret == NULL)
+ return 0;
+
+ if (PyObject_IsTrue(ret))
+ {
+ X509_STORE_CTX_set_error(x509_ctx, X509_V_OK);
+ c_ret = 1;
+ }
+ else
+ c_ret = 0;
+
+ Py_DECREF(ret);
+
+ return c_ret;
+}
+
+/*
+ * Globally defined info callback
+ *
+ * Arguments: ssl - The Connection
+ * where - The part of the SSL code that called us
+ * _ret - The return code of the SSL function that called us
+ * Returns: None
+ */
+static void
+global_info_callback(SSL *ssl, int where, int _ret)
+{
+ ssl_ConnectionObj *conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
+ PyObject *argv, *ret;
+
+ argv = Py_BuildValue("(Oii)", (PyObject *)conn, where, _ret);
+ if (conn->tstate != NULL)
+ {
+ /* We need to get back our thread state before calling the callback */
+ MY_END_ALLOW_THREADS(conn->tstate);
+ ret = PyEval_CallObject(conn->context->info_callback, argv);
+ if (ret == NULL)
+ PyErr_Clear();
+ else
+ Py_DECREF(ret);
+ MY_BEGIN_ALLOW_THREADS(conn->tstate);
+ }
+ else
+ {
+ ret = PyEval_CallObject(conn->context->info_callback, argv);
+ if (ret == NULL)
+ PyErr_Clear();
+ else
+ Py_DECREF(ret);
+ }
+ Py_DECREF(argv);
+
+ return;
+}
+
+
+
+
+static char ssl_Context_load_verify_locations_doc[] = "\n\
+Let SSL know where we can find trusted certificates for the certificate\n\
+chain\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ cafile - Which file we can find the certificates\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_load_verify_locations(ssl_ContextObj *self, PyObject *args)
+{
+ char *cafile;
+
+ if (!PyArg_ParseTuple(args, "s:load_verify_locations", &cafile))
+ return NULL;
+
+ if (!SSL_CTX_load_verify_locations(self->ctx, cafile, NULL))
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+static char ssl_Context_set_passwd_cb_doc[] = "\n\
+Set the passphrase callback\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ callback - The Python callback to use\n\
+ userdata - (optional) A Python object which will be given as\n\
+ argument to the callback\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_set_passwd_cb(ssl_ContextObj *self, PyObject *args)
+{
+ PyObject *callback = NULL, *userdata = Py_None;
+
+ if (!PyArg_ParseTuple(args, "O|O:set_passwd_cb", &callback, &userdata))
+ return NULL;
+
+ if (!PyCallable_Check(callback))
+ {
+ PyErr_SetString(PyExc_TypeError, "expected PyCallable");
+ return NULL;
+ }
+
+ Py_DECREF(self->passphrase_callback);
+ Py_INCREF(callback);
+ self->passphrase_callback = callback;
+ SSL_CTX_set_default_passwd_cb(self->ctx, global_passphrase_callback);
+
+ Py_DECREF(self->passphrase_userdata);
+ Py_INCREF(userdata);
+ self->passphrase_userdata = userdata;
+ SSL_CTX_set_default_passwd_cb_userdata(self->ctx, (void *)self);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Context_use_certificate_chain_file_doc[] = "\n\
+Load a certificate chain from a file\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ certfile - The name of the certificate chain file\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_use_certificate_chain_file(ssl_ContextObj *self, PyObject *args)
+{
+ char *certfile;
+
+ if (!PyArg_ParseTuple(args, "s:use_certificate_chain_file", &certfile))
+ return NULL;
+
+ if (!SSL_CTX_use_certificate_chain_file(self->ctx, certfile))
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+
+static char ssl_Context_use_certificate_file_doc[] = "\n\
+Load a certificate from a file\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ certfile - The name of the certificate file\n\
+ filetype - (optional) The encoding of the file, default is PEM\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_use_certificate_file(ssl_ContextObj *self, PyObject *args)
+{
+ char *certfile;
+ int filetype = SSL_FILETYPE_PEM;
+
+ if (!PyArg_ParseTuple(args, "s|i:use_certificate_file", &certfile, &filetype))
+ return NULL;
+
+ if (!SSL_CTX_use_certificate_file(self->ctx, certfile, filetype))
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+static char ssl_Context_use_certificate_doc[] = "\n\
+Load a certificate from a X509 object\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ cert - The X509 object\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_use_certificate(ssl_ContextObj *self, PyObject *args)
+{
+ static PyTypeObject *crypto_X509_type = NULL;
+ crypto_X509Obj *cert;
+
+ /* We need to check that cert really is an X509 object before
+ we deal with it. The problem is we can't just quickly verify
+ the type (since that comes from another module). This should
+ do the trick (reasonably well at least): Once we have one
+ verified object, we use it's type object for future
+ comparisons. */
+
+ if (!crypto_X509_type)
+ {
+ if (!PyArg_ParseTuple(args, "O:use_certificate", &cert))
+ return NULL;
+
+ if (strcmp(cert->ob_type->tp_name, "X509") != 0 ||
+ cert->ob_type->tp_basicsize != sizeof(crypto_X509Obj))
+ {
+ PyErr_SetString(PyExc_TypeError, "Expected an X509 object");
+ return NULL;
+ }
+
+ crypto_X509_type = cert->ob_type;
+ }
+ else
+ if (!PyArg_ParseTuple(args, "O!:use_certificate", crypto_X509_type,
+ &cert))
+ return NULL;
+
+ if (!SSL_CTX_use_certificate(self->ctx, cert->x509))
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+static char ssl_Context_use_privatekey_file_doc[] = "\n\
+Load a private key from a file\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ keyfile - The name of the key file\n\
+ filetype - (optional) The encoding of the file, default is PEM\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_use_privatekey_file(ssl_ContextObj *self, PyObject *args)
+{
+ char *keyfile;
+ int filetype = SSL_FILETYPE_PEM, ret;
+
+ if (!PyArg_ParseTuple(args, "s|i:use_privatekey_file", &keyfile, &filetype))
+ return NULL;
+
+ MY_BEGIN_ALLOW_THREADS(self->tstate);
+ ret = SSL_CTX_use_PrivateKey_file(self->ctx, keyfile, filetype);
+ MY_END_ALLOW_THREADS(self->tstate);
+
+ if (PyErr_Occurred())
+ {
+ flush_error_queue();
+ return NULL;
+ }
+
+ if (!ret)
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+static char ssl_Context_use_privatekey_doc[] = "\n\
+Load a private key from a PKey object\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ pkey - The PKey object\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_use_privatekey(ssl_ContextObj *self, PyObject *args)
+{
+ static PyTypeObject *crypto_PKey_type = NULL;
+ crypto_PKeyObj *pkey;
+
+ /* We need to check that cert really is a PKey object before
+ we deal with it. The problem is we can't just quickly verify
+ the type (since that comes from another module). This should
+ do the trick (reasonably well at least): Once we have one
+ verified object, we use it's type object for future
+ comparisons. */
+
+ if (!crypto_PKey_type)
+ {
+ if (!PyArg_ParseTuple(args, "O:use_privatekey", &pkey))
+ return NULL;
+
+ if (strcmp(pkey->ob_type->tp_name, "PKey") != 0 ||
+ pkey->ob_type->tp_basicsize != sizeof(crypto_PKeyObj))
+ {
+ PyErr_SetString(PyExc_TypeError, "Expected a PKey object");
+ return NULL;
+ }
+
+ crypto_PKey_type = pkey->ob_type;
+ }
+ else
+ if (!PyArg_ParseTuple(args, "O!:use_privatekey", crypto_PKey_type, &pkey))
+ return NULL;
+
+ if (!SSL_CTX_use_PrivateKey(self->ctx, pkey->pkey))
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+static char ssl_Context_check_privatekey_doc[] = "\n\
+Check that the private key and certificate match up\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: None (raises an exception if something's wrong)\n\
+";
+static PyObject *
+ssl_Context_check_privatekey(ssl_ContextObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":check_privatekey"))
+ return NULL;
+
+ if (!SSL_CTX_check_private_key(self->ctx))
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+static char ssl_Context_load_client_ca_doc[] = "\n\
+Load the trusted certificates that will be sent to the client (basically\n\
+telling the client \"These are the guys I trust\")\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ cafile - The name of the certificates file\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_load_client_ca(ssl_ContextObj *self, PyObject *args)
+{
+ char *cafile;
+
+ if (!PyArg_ParseTuple(args, "s:load_client_ca", &cafile))
+ return NULL;
+
+ SSL_CTX_set_client_CA_list(self->ctx, SSL_load_client_CA_file(cafile));
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Context_set_session_id_doc[] = "\n\
+Set the session identifier, this is needed if you want to do session\n\
+resumption (which, ironically, isn't implemented yet)\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ buf - A Python object that can be safely converted to a string\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_set_session_id(ssl_ContextObj *self, PyObject *args)
+{
+ char *buf;
+ int len;
+
+ if (!PyArg_ParseTuple(args, "s#:set_session_id", &buf, &len))
+ return NULL;
+
+ if (!SSL_CTX_set_session_id_context(self->ctx, buf, len))
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+static char ssl_Context_set_verify_doc[] = "\n\
+Set the verify mode and verify callback\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ mode - The verify mode, this is either SSL_VERIFY_NONE or\n\
+ SSL_VERIFY_PEER combined with possible other flags\n\
+ callback - The Python callback to use\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_set_verify(ssl_ContextObj *self, PyObject *args)
+{
+ int mode;
+ PyObject *callback = NULL;
+
+ if (!PyArg_ParseTuple(args, "iO:set_verify", &mode, &callback))
+ return NULL;
+
+ if (!PyCallable_Check(callback))
+ {
+ PyErr_SetString(PyExc_TypeError, "expected PyCallable");
+ return NULL;
+ }
+
+ Py_DECREF(self->verify_callback);
+ Py_INCREF(callback);
+ self->verify_callback = callback;
+ SSL_CTX_set_verify(self->ctx, mode, global_verify_callback);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Context_set_verify_depth_doc[] = "\n\
+Set the verify depth\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ depth - An integer specifying the verify depth\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_set_verify_depth(ssl_ContextObj *self, PyObject *args)
+{
+ int depth;
+
+ if (!PyArg_ParseTuple(args, "i:set_verify_depth", &depth))
+ return NULL;
+
+ SSL_CTX_set_verify_depth(self->ctx, depth);
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Context_get_verify_mode_doc[] = "\n\
+Get the verify mode\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: The verify mode\n\
+";
+static PyObject *
+ssl_Context_get_verify_mode(ssl_ContextObj *self, PyObject *args)
+{
+ int mode;
+
+ if (!PyArg_ParseTuple(args, ":get_verify_mode"))
+ return NULL;
+
+ mode = SSL_CTX_get_verify_mode(self->ctx);
+ return PyInt_FromLong((long)mode);
+}
+
+static char ssl_Context_get_verify_depth_doc[] = "\n\
+Get the verify depth\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: The verify depth\n\
+";
+static PyObject *
+ssl_Context_get_verify_depth(ssl_ContextObj *self, PyObject *args)
+{
+ int depth;
+
+ if (!PyArg_ParseTuple(args, ":get_verify_depth"))
+ return NULL;
+
+ depth = SSL_CTX_get_verify_depth(self->ctx);
+ return PyInt_FromLong((long)depth);
+}
+
+static char ssl_Context_load_tmp_dh_doc[] = "\n\
+Load parameters for Ephemeral Diffie-Hellman\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ dhfile - The file to load EDH parameters from\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_load_tmp_dh(ssl_ContextObj *self, PyObject *args)
+{
+ char *dhfile;
+ BIO *bio;
+ DH *dh;
+
+ if (!PyArg_ParseTuple(args, "s:load_tmp_dh", &dhfile))
+ return NULL;
+
+ bio = BIO_new_file(dhfile, "r");
+ if (bio == NULL)
+ return PyErr_NoMemory();
+
+ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ SSL_CTX_set_tmp_dh(self->ctx, dh);
+ DH_free(dh);
+ BIO_free(bio);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Context_set_cipher_list_doc[] = "\n\
+Change the cipher list\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ cipher_list - A cipher list, see ciphers(1)\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_set_cipher_list(ssl_ContextObj *self, PyObject *args)
+{
+ char *cipher_list;
+
+ if (!PyArg_ParseTuple(args, "s:set_cipher_list", &cipher_list))
+ return NULL;
+
+ if (!SSL_CTX_set_cipher_list(self->ctx, cipher_list))
+ {
+ exception_from_error_queue();
+ return NULL;
+ }
+ else
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+}
+
+static char ssl_Context_set_timeout_doc[] = "\n\
+Set session timeout\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ t - The timeout in seconds\n\
+Returns: The previous session timeout\n\
+";
+static PyObject *
+ssl_Context_set_timeout(ssl_ContextObj *self, PyObject *args)
+{
+ long t, ret;
+
+ if (!PyArg_ParseTuple(args, "l:set_timeout", &t))
+ return NULL;
+
+ ret = SSL_CTX_set_timeout(self->ctx, t);
+ return PyLong_FromLong(ret);
+}
+
+static char ssl_Context_get_timeout_doc[] = "\n\
+Get the session timeout\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: The session timeout\n\
+";
+static PyObject *
+ssl_Context_get_timeout(ssl_ContextObj *self, PyObject *args)
+{
+ long ret;
+
+ if (!PyArg_ParseTuple(args, ":get_timeout"))
+ return NULL;
+
+ ret = SSL_CTX_get_timeout(self->ctx);
+ return PyLong_FromLong(ret);
+}
+
+static char ssl_Context_set_info_callback_doc[] = "\n\
+Set the info callback\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ callback - The Python callback to use\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_set_info_callback(ssl_ContextObj *self, PyObject *args)
+{
+ PyObject *callback;
+
+ if (!PyArg_ParseTuple(args, "O:set_info_callback", &callback))
+ return NULL;
+
+ if (!PyCallable_Check(callback))
+ {
+ PyErr_SetString(PyExc_TypeError, "expected PyCallable");
+ return NULL;
+ }
+
+ Py_DECREF(self->info_callback);
+ Py_INCREF(callback);
+ self->info_callback = callback;
+ SSL_CTX_set_info_callback(self->ctx, global_info_callback);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Context_get_app_data_doc[] = "\n\
+Get the application data (supplied via set_app_data())\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: The application data\n\
+";
+static PyObject *
+ssl_Context_get_app_data(ssl_ContextObj *self, PyObject *args)
+{
+ if (!PyArg_ParseTuple(args, ":get_app_data"))
+ return NULL;
+
+ Py_INCREF(self->app_data);
+ return self->app_data;
+}
+
+static char ssl_Context_set_app_data_doc[] = "\n\
+Set the application data (will be returned from get_app_data())\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ data - Any Python object\n\
+Returns: None\n\
+";
+static PyObject *
+ssl_Context_set_app_data(ssl_ContextObj *self, PyObject *args)
+{
+ PyObject *data;
+
+ if (!PyArg_ParseTuple(args, "O:set_app_data", &data))
+ return NULL;
+
+ Py_DECREF(self->app_data);
+ Py_INCREF(data);
+ self->app_data = data;
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Context_get_cert_store_doc[] = "\n\
+Get the certificate store for the context\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be empty\n\
+Returns: A X509Store object\n\
+";
+static PyObject *
+ssl_Context_get_cert_store(ssl_ContextObj *self, PyObject *args)
+{
+ X509_STORE *store;
+
+ if (!PyArg_ParseTuple(args, ":get_cert_store"))
+ return NULL;
+
+ if ((store = SSL_CTX_get_cert_store(self->ctx)) == NULL)
+ {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+ else
+ {
+ return (PyObject *)crypto_X509Store_New(store, 0);
+ }
+}
+
+static char ssl_Context_set_options_doc[] = "\n\
+Add options. Options set before are not cleared!\n\
+\n\
+Arguments: self - The Context object\n\
+ args - The Python argument tuple, should be:\n\
+ options - The options to add.\n\
+Returns: The new option bitmask.\n\
+";
+static PyObject *
+ssl_Context_set_options(ssl_ContextObj *self, PyObject *args)
+{
+ long options;
+
+ if (!PyArg_ParseTuple(args, "l:set_options", &options))
+ return NULL;
+
+ return PyInt_FromLong(SSL_CTX_set_options(self->ctx, options));
+}
+
+
+/*
+ * Member methods in the Context object
+ * ADD_METHOD(name) expands to a correct PyMethodDef declaration
+ * { 'name', (PyCFunction)ssl_Context_name, METH_VARARGS }
+ * for convenience
+ * ADD_ALIAS(name,real) creates an "alias" of the ssl_Context_real
+ * function with the name 'name'
+ */
+#define ADD_METHOD(name) { #name, (PyCFunction)ssl_Context_##name, METH_VARARGS, ssl_Context_##name##_doc }
+static PyMethodDef ssl_Context_methods[] = {
+ ADD_METHOD(load_verify_locations),
+ ADD_METHOD(set_passwd_cb),
+ ADD_METHOD(use_certificate_chain_file),
+ ADD_METHOD(use_certificate_file),
+ ADD_METHOD(use_certificate),
+ ADD_METHOD(use_privatekey_file),
+ ADD_METHOD(use_privatekey),
+ ADD_METHOD(check_privatekey),
+ ADD_METHOD(load_client_ca),
+ ADD_METHOD(set_session_id),
+ ADD_METHOD(set_verify),
+ ADD_METHOD(set_verify_depth),
+ ADD_METHOD(get_verify_mode),
+ ADD_METHOD(get_verify_depth),
+ ADD_METHOD(load_tmp_dh),
+ ADD_METHOD(set_cipher_list),
+ ADD_METHOD(set_timeout),
+ ADD_METHOD(get_timeout),
+ ADD_METHOD(set_info_callback),
+ ADD_METHOD(get_app_data),
+ ADD_METHOD(set_app_data),
+ ADD_METHOD(get_cert_store),
+ ADD_METHOD(set_options),
+ { NULL, NULL }
+};
+#undef ADD_METHOD
+
+
+/* Constructor, takes an int specifying which method to use */
+/*
+ * Constructor for Context objects
+ *
+ * Arguments: i_method - The SSL method to use, one of the SSLv2_METHOD,
+ * SSLv3_METHOD, SSLv23_METHOD and TLSv1_METHOD
+ * constants.
+ * Returns: The newly created Context object
+ */
+ssl_ContextObj *
+ssl_Context_New(int i_method)
+{
+ SSL_METHOD *method;
+ ssl_ContextObj *self;
+
+ switch (i_method)
+ {
+ /* Too bad TLSv1 servers can't accept SSLv3 clients */
+ case ssl_SSLv2_METHOD: method = SSLv2_method(); break;
+ case ssl_SSLv23_METHOD: method = SSLv23_method(); break;
+ case ssl_SSLv3_METHOD: method = SSLv3_method(); break;
+ case ssl_TLSv1_METHOD: method = TLSv1_method(); break;
+ default:
+ PyErr_SetString(PyExc_ValueError, "No such protocol");
+ return NULL;
+ }
+
+ self = PyObject_GC_New(ssl_ContextObj, &ssl_Context_Type);
+ if (self == NULL)
+ return (ssl_ContextObj *)PyErr_NoMemory();
+
+ self->ctx = SSL_CTX_new(method);
+ Py_INCREF(Py_None);
+ self->passphrase_callback = Py_None;
+ Py_INCREF(Py_None);
+ self->verify_callback = Py_None;
+ Py_INCREF(Py_None);
+ self->info_callback = Py_None;
+
+ Py_INCREF(Py_None);
+ self->passphrase_userdata = Py_None;
+
+ Py_INCREF(Py_None);
+ self->app_data = Py_None;
+
+ /* Some initialization that's required to operate smoothly in Python */
+ SSL_CTX_set_app_data(self->ctx, self);
+ SSL_CTX_set_mode(self->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE |
+ SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
+ SSL_MODE_AUTO_RETRY);
+
+ self->tstate = NULL;
+ PyObject_GC_Track((PyObject *)self);
+
+ return self;
+}
+
+/*
+ * Find attribute
+ *
+ * Arguments: self - The Context object
+ * name - The attribute name
+ * Returns: A Python object for the attribute, or NULL if something went
+ * wrong
+ */
+static PyObject *
+ssl_Context_getattr(ssl_ContextObj *self, char *name)
+{
+ return Py_FindMethod(ssl_Context_methods, (PyObject *)self, name);
+}
+
+/*
+ * Call the visitproc on all contained objects.
+ *
+ * Arguments: self - The Context object
+ * visit - Function to call
+ * arg - Extra argument to visit
+ * Returns: 0 if all goes well, otherwise the return code from the first
+ * call that gave non-zero result.
+ */
+static int
+ssl_Context_traverse(ssl_ContextObj *self, visitproc visit, void *arg)
+{
+ int ret = 0;
+
+ if (ret == 0 && self->passphrase_callback != NULL)
+ ret = visit((PyObject *)self->passphrase_callback, arg);
+ if (ret == 0 && self->passphrase_userdata != NULL)
+ ret = visit((PyObject *)self->passphrase_userdata, arg);
+ if (ret == 0 && self->verify_callback != NULL)
+ ret = visit((PyObject *)self->verify_callback, arg);
+ if (ret == 0 && self->info_callback != NULL)
+ ret = visit((PyObject *)self->info_callback, arg);
+ if (ret == 0 && self->app_data != NULL)
+ ret = visit(self->app_data, arg);
+ return ret;
+}
+
+/*
+ * Decref all contained objects and zero the pointers.
+ *
+ * Arguments: self - The Context object
+ * Returns: Always 0.
+ */
+static int
+ssl_Context_clear(ssl_ContextObj *self)
+{
+ Py_XDECREF(self->passphrase_callback);
+ self->passphrase_callback = NULL;
+ Py_XDECREF(self->passphrase_userdata);
+ self->passphrase_userdata = NULL;
+ Py_XDECREF(self->verify_callback);
+ self->verify_callback = NULL;
+ Py_XDECREF(self->info_callback);
+ self->info_callback = NULL;
+ Py_XDECREF(self->app_data);
+ self->app_data = NULL;
+ return 0;
+}
+
+/*
+ * Deallocate the memory used by the Context object
+ *
+ * Arguments: self - The Context object
+ * Returns: None
+ */
+static void
+ssl_Context_dealloc(ssl_ContextObj *self)
+{
+ PyObject_GC_UnTrack((PyObject *)self);
+ SSL_CTX_free(self->ctx);
+ ssl_Context_clear(self);
+ PyObject_GC_Del(self);
+}
+
+
+PyTypeObject ssl_Context_Type = {
+ PyObject_HEAD_INIT(NULL)
+ 0,
+ "Context",
+ sizeof(ssl_ContextObj),
+ 0,
+ (destructor)ssl_Context_dealloc,
+ NULL, /* print */
+ (getattrfunc)ssl_Context_getattr,
+ NULL, /* setattr */
+ NULL, /* compare */
+ NULL, /* repr */
+ NULL, /* as_number */
+ NULL, /* as_sequence */
+ NULL, /* as_mapping */
+ NULL, /* hash */
+ NULL, /* call */
+ NULL, /* str */
+ NULL, /* getattro */
+ NULL, /* setattro */
+ NULL, /* as_buffer */
+ Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC,
+ NULL, /* doc */
+ (traverseproc)ssl_Context_traverse,
+ (inquiry)ssl_Context_clear,
+};
+
+
+/*
+ * Initialize the Context part of the SSL sub module
+ *
+ * Arguments: dict - Dictionary of the OpenSSL.SSL module
+ * Returns: 1 for success, 0 otherwise
+ */
+int
+init_ssl_context(PyObject *dict)
+{
+ ssl_Context_Type.ob_type = &PyType_Type;
+ Py_INCREF(&ssl_Context_Type);
+ if (PyDict_SetItemString(dict, "ContextType", (PyObject *)&ssl_Context_Type) != 0)
+ return 0;
+
+ return 1;
+}
+
diff --git a/src/ssl/context.h b/src/ssl/context.h
new file mode 100644
index 0000000..b52acf1
--- /dev/null
+++ b/src/ssl/context.h
@@ -0,0 +1,42 @@
+/*
+ * context.h
+ *
+ * Copyright (C) AB Strakt 2001, All rights reserved
+ *
+ * Export SSL Context object data structures and functions.
+ * See the file RATIONALE for a short explanation of why this module was written.
+ *
+ * Reviewed 2001-07-23
+ *
+ * @(#) $Id: context.h,v 1.6 2002/09/04 22:24:59 iko Exp $
+ */
+#ifndef PyOpenSSL_SSL_CONTEXT_H_
+#define PyOpenSSL_SSL_CONTEXT_H_
+
+#include <Python.h>
+#include <openssl/ssl.h>
+
+extern int init_ssl_context (PyObject *);
+
+extern PyTypeObject ssl_Context_Type;
+
+#define ssl_Context_Check(v) ((v)->ob_type == &ssl_Context_Type)
+
+typedef struct {
+ PyObject_HEAD
+ SSL_CTX *ctx;
+ PyObject *passphrase_callback,
+ *passphrase_userdata,
+ *verify_callback,
+ *info_callback,
+ *app_data;
+ PyThreadState *tstate;
+} ssl_ContextObj;
+
+#define ssl_SSLv2_METHOD (1)
+#define ssl_SSLv3_METHOD (2)
+#define ssl_SSLv23_METHOD (3)
+#define ssl_TLSv1_METHOD (4)
+
+
+#endif
diff --git a/src/ssl/ssl.c b/src/ssl/ssl.c
new file mode 100644
index 0000000..9d3abd2
--- /dev/null
+++ b/src/ssl/ssl.c
@@ -0,0 +1,191 @@
+/*
+ * ssl.c
+ *
+ * Copyright (C) AB Strakt 2001, All rights reserved
+ *
+ * Main file of the SSL sub module.
+ * See the file RATIONALE for a short explanation of why this module was written.
+ *
+ * Reviewed 2001-07-23
+ */
+#include <Python.h>
+#define SSL_MODULE
+#include "ssl.h"
+
+static char ssl_doc[] = "\n\
+Main file of the SSL sub module.\n\
+See the file RATIONALE for a short explanation of hy this module was written.\n\
+";
+
+static char *CVSid = "@(#) $Id: ssl.c,v 1.12 2004/08/10 21:42:51 martin Exp $";
+
+void **crypto_API;
+
+/* Exceptions defined by the SSL submodule */
+PyObject *ssl_Error, /* Base class */
+ *ssl_ZeroReturnError, /* Used with SSL_get_error */
+ *ssl_WantReadError, /* ... */
+ *ssl_WantWriteError, /* ... */
+ *ssl_WantX509LookupError, /* ... */
+ *ssl_SysCallError; /* Uses (errno,errstr) */
+
+static char ssl_Context_doc[] = "\n\
+The factory function inserted in the module dictionary to create Context\n\
+objects\n\
+\n\
+Arguments: spam - Always NULL\n\
+ args - The Python argument tuple, should be:\n\
+ method - The SSL method to use\n\
+Returns: The Context object\n\
+";
+
+static PyObject *
+ssl_Context(PyObject *spam, PyObject *args)
+{
+ int method;
+
+ if (!PyArg_ParseTuple(args, "i:Context", &method))
+ return NULL;
+
+ return (PyObject *)ssl_Context_New(method);
+}
+
+static char ssl_Connection_doc[] = "\n\
+The factory function inserted in the module dictionary to create Connection\n\
+objects\n\
+\n\
+Arguments: spam - Always NULL\n\
+ args - The Python argument tuple, should be:\n\
+ ctx - An SSL Context to use for this connection\n\
+ sock - The socket to use for transport layer\n\
+Returns: The Connection object\n\
+";
+
+static PyObject *
+ssl_Connection(PyObject *spam, PyObject *args)
+{
+ ssl_ContextObj *ctx;
+ PyObject *sock;
+
+ if (!PyArg_ParseTuple(args, "O!O:Connection", &ssl_Context_Type, &ctx, &sock))
+ return NULL;
+
+ return (PyObject *)ssl_Connection_New(ctx, sock);
+}
+
+
+/* Methods in the OpenSSL.SSL module */
+static PyMethodDef ssl_methods[] = {
+ { "Context", ssl_Context, METH_VARARGS, ssl_Context_doc },
+ { "Connection", ssl_Connection, METH_VARARGS, ssl_Connection_doc },
+ { NULL, NULL }
+};
+
+/*
+ * Initialize SSL sub module
+ *
+ * Arguments: None
+ * Returns: None
+ */
+void
+initSSL(void)
+{
+ static void *ssl_API[ssl_API_pointers];
+ PyObject *ssl_api_object;
+ PyObject *module, *dict;
+
+ SSL_library_init();
+ ERR_load_SSL_strings();
+
+ import_crypto();
+
+ if ((module = Py_InitModule3("SSL", ssl_methods, ssl_doc)) == NULL)
+ return;
+
+ /* Initialize the C API pointer array */
+ ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New;
+ ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New;
+ ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL);
+ if (ssl_api_object != NULL)
+ PyModule_AddObject(module, "_C_API", ssl_api_object);
+
+ /* Exceptions */
+/*
+ * ADD_EXCEPTION(dict,name,base) expands to a correct Exception declaration,
+ * inserting OpenSSL.SSL.name into dict, derviving the exception from base.
+ */
+#define ADD_EXCEPTION(_name, _base) \
+do { \
+ ssl_##_name = PyErr_NewException("OpenSSL.SSL."#_name, _base, NULL);\
+ if (ssl_##_name == NULL) \
+ goto error; \
+ if (PyModule_AddObject(module, #_name, ssl_##_name) != 0) \
+ goto error; \
+} while (0)
+
+ ssl_Error = PyErr_NewException("OpenSSL.SSL.Error", NULL, NULL);
+ if (ssl_Error == NULL)
+ goto error;
+ if (PyModule_AddObject(module, "Error", ssl_Error) != 0)
+ goto error;
+
+ ADD_EXCEPTION(ZeroReturnError, ssl_Error);
+ ADD_EXCEPTION(WantReadError, ssl_Error);
+ ADD_EXCEPTION(WantWriteError, ssl_Error);
+ ADD_EXCEPTION(WantX509LookupError, ssl_Error);
+ ADD_EXCEPTION(SysCallError, ssl_Error);
+#undef ADD_EXCEPTION
+
+ /* Method constants */
+ PyModule_AddIntConstant(module, "SSLv2_METHOD", ssl_SSLv2_METHOD);
+ PyModule_AddIntConstant(module, "SSLv3_METHOD", ssl_SSLv3_METHOD);
+ PyModule_AddIntConstant(module, "SSLv23_METHOD", ssl_SSLv23_METHOD);
+ PyModule_AddIntConstant(module, "TLSv1_METHOD", ssl_TLSv1_METHOD);
+
+ /* Verify constants */
+ PyModule_AddIntConstant(module, "VERIFY_NONE", SSL_VERIFY_NONE);
+ PyModule_AddIntConstant(module, "VERIFY_PEER", SSL_VERIFY_PEER);
+ PyModule_AddIntConstant(module, "VERIFY_FAIL_IF_NO_PEER_CERT",
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
+ PyModule_AddIntConstant(module, "VERIFY_CLIENT_ONCE",
+ SSL_VERIFY_CLIENT_ONCE);
+
+ /* File type constants */
+ PyModule_AddIntConstant(module, "FILETYPE_PEM", SSL_FILETYPE_PEM);
+ PyModule_AddIntConstant(module, "FILETYPE_ASN1", SSL_FILETYPE_ASN1);
+
+ /* SSL option constants */
+ PyModule_AddIntConstant(module, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE);
+ PyModule_AddIntConstant(module, "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA);
+ PyModule_AddIntConstant(module, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
+ PyModule_AddIntConstant(module, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
+ PyModule_AddIntConstant(module, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
+
+ /* More SSL option constants */
+ PyModule_AddIntConstant(module, "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG);
+ PyModule_AddIntConstant(module, "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG);
+ PyModule_AddIntConstant(module, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
+ PyModule_AddIntConstant(module, "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
+ PyModule_AddIntConstant(module, "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
+ PyModule_AddIntConstant(module, "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING);
+ PyModule_AddIntConstant(module, "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
+ PyModule_AddIntConstant(module, "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG);
+ PyModule_AddIntConstant(module, "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG);
+ PyModule_AddIntConstant(module, "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+ PyModule_AddIntConstant(module, "OP_ALL", SSL_OP_ALL);
+ PyModule_AddIntConstant(module, "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE);
+ PyModule_AddIntConstant(module, "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG);
+ PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1);
+ PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2);
+ PyModule_AddIntConstant(module, "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG);
+ PyModule_AddIntConstant(module, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+
+ dict = PyModule_GetDict(module);
+ if (!init_ssl_context(dict))
+ goto error;
+ if (!init_ssl_connection(dict))
+ goto error;
+
+error:
+ ;
+}
diff --git a/src/ssl/ssl.h b/src/ssl/ssl.h
new file mode 100644
index 0000000..e8d3e93
--- /dev/null
+++ b/src/ssl/ssl.h
@@ -0,0 +1,76 @@
+/*
+ * ssl.h
+ *
+ * Copyright (C) AB Strakt 2001, All rights reserved
+ *
+ * Export functions and exceptions from the SSL sub module.
+ * See the file RATIONALE for a short explanation of why this module was written.
+ *
+ * Reviewed 2001-07-23
+ *
+ * @(#) $Id: ssl.h,v 1.6 2002/04/08 19:25:43 martin Exp $
+ */
+#ifndef PyOpenSSL_SSL_H_
+#define PyOpenSSL_SSL_H_
+
+#include <Python.h>
+#include "context.h"
+#include "connection.h"
+#include "../util.h"
+#include "../crypto/crypto.h"
+
+extern PyObject *ssl_Error, /* Base class */
+ *ssl_ZeroReturnError, /* Used with SSL_get_erorr */
+ *ssl_WantReadError, /* ... */
+ *ssl_WantWriteError, /* ... */
+ *ssl_WantX509LookupError, /* ... */
+ *ssl_SysCallError; /* Uses (errno,errstr) */
+
+#ifdef exception_from_error_queue
+# undef exception_from_error_queue
+#endif
+#define exception_from_error_queue() do { \
+ PyObject *errlist = error_queue_to_list(); \
+ PyErr_SetObject(ssl_Error, errlist); \
+ Py_DECREF(errlist); \
+} while (0)
+
+#define ssl_Context_New_NUM 0
+#define ssl_Context_New_RETURN ssl_ContextObj *
+#define ssl_Context_New_PROTO (int method)
+
+#define ssl_Connection_New_NUM 1
+#define ssl_Connection_New_RETURN ssl_ConnectionObj *
+#define ssl_Connection_New_PROTO (ssl_ContextObj *ctx, PyObject *sock)
+
+#define ssl_API_pointers 2
+
+#ifdef SSL_MODULE
+
+extern ssl_Context_New_RETURN ssl_Context_New ssl_Context_New_PROTO;
+extern ssl_Connection_New_RETURN ssl_Connection_New ssl_Connection_New_PROTO;
+
+#else /* SSL_MODULE */
+
+extern void **ssl_API;
+
+#define ssl_Context_New \
+ (*(ssl_Context_New_RETURN (*)ssl_Context_New_PROTO) ssl_API[ssl_Context_New_NUM])
+#define ssl_Connection_New \
+ (*(ssl_Connection_New_RETURN (*)ssl_Connection_New_PROTO) ssl_API[ssl_Connection_New_NUM])
+
+#define import_SSL() \
+{ \
+ PyObject *module = PyImport_ImportModule("OpenSSL.SSL"); \
+ if (module != NULL) { \
+ PyObject *module_dict = PyModule_GetDict(module); \
+ PyObject *c_api_object = PyDict_GetItemString(module_dict, "_C_API"); \
+ if (PyCObject_Check(c_api_object)) { \
+ ssl_API = (void **)PyCObject_AsVoidPtr(c_api_object); \
+ } \
+ } \
+}
+
+#endif /* SSL_MODULE */
+
+#endif /* PyOpenSSL_SSL_H_ */