Catch up to trunk
diff --git a/ChangeLog b/ChangeLog
index 4f92b03..e5a9d04 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2011-08-29 Guillermo Gonzalez <guillermo.gonzalez@canonical.com>
+
+ * OpenSSL/ssl/context.c: Add Context.set_mode method.
+ * OpenSSL/ssl/ssl.c: Add MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION
+ constants.
+
2011-09-02 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* Release 0.13
diff --git a/OpenSSL/ssl/context.c b/OpenSSL/ssl/context.c
index c2bdcab..4ab024f 100644
--- a/OpenSSL/ssl/context.c
+++ b/OpenSSL/ssl/context.c
@@ -1108,6 +1108,23 @@
return PyLong_FromLong(SSL_CTX_set_options(self->ctx, options));
}
+static char ssl_Context_set_mode_doc[] = "\n\
+Add modes via bitmask. Modes set before are not cleared!\n\
+\n\
+@param mode: The mode to add.\n\
+@return: The new mode bitmask.\n\
+";
+static PyObject *
+ssl_Context_set_mode(ssl_ContextObj *self, PyObject *args)
+{
+ long mode;
+
+ if (!PyArg_ParseTuple(args, "l:set_mode", &mode))
+ return NULL;
+
+ return PyLong_FromLong(SSL_CTX_set_mode(self->ctx, mode));
+}
+
static char ssl_Context_set_tlsext_servername_callback_doc[] = "\n\
Specify a callback function to be called when clients specify a server name.\n\
\n\
@@ -1174,6 +1191,7 @@
ADD_METHOD(set_app_data),
ADD_METHOD(get_cert_store),
ADD_METHOD(set_options),
+ ADD_METHOD(set_mode),
ADD_METHOD(set_tlsext_servername_callback),
{ NULL, NULL }
};
diff --git a/OpenSSL/ssl/ssl.c b/OpenSSL/ssl/ssl.c
index 0dd9871..ce84041 100644
--- a/OpenSSL/ssl/ssl.c
+++ b/OpenSSL/ssl/ssl.c
@@ -224,6 +224,10 @@
PyModule_AddIntConstant(module, "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG);
PyModule_AddIntConstant(module, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+#ifdef SSL_OP_NO_COMPRESSION
+ PyModule_AddIntConstant(module, "OP_NO_COMPRESSION", SSL_OP_NO_COMPRESSION);
+#endif
+
/* DTLS related options. The first two of these were introduced in
* 2005, the third in 2007. To accomodate systems which are still using
* older versions, make them optional. */
@@ -273,6 +277,11 @@
/* Straight up version number */
PyModule_AddIntConstant(module, "OPENSSL_VERSION_NUMBER", OPENSSL_VERSION_NUMBER);
+ /* SSL modes constants */
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ PyModule_AddIntConstant(module, "MODE_RELEASE_BUFFERS", SSL_MODE_RELEASE_BUFFERS);
+#endif
+
if (!init_ssl_context(module))
goto error;
if (!init_ssl_connection(module))
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index 2ab67fd..9e64d64 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -26,6 +26,7 @@
from OpenSSL.SSL import OP_NO_SSLv2, OP_NO_SSLv3, OP_SINGLE_DH_USE
from OpenSSL.SSL import (
VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)
+
from OpenSSL.SSL import (
Error, SysCallError, WantReadError, ZeroReturnError, SSLeay_version)
from OpenSSL.SSL import Context, ContextType, Connection, ConnectionType
@@ -50,6 +51,16 @@
except ImportError:
OP_NO_TICKET = None
+try:
+ from OpenSSL.SSL import OP_NO_COMPRESSION
+except ImportError:
+ OP_NO_COMPRESSION = None
+
+try:
+ from OpenSSL.SSL import MODE_RELEASE_BUFFERS
+except ImportError:
+ MODE_RELEASE_BUFFERS = None
+
from OpenSSL.SSL import (
SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,
SSL_ST_OK, SSL_ST_RENEGOTIATE,
@@ -352,6 +363,30 @@
self.assertRaises(TypeError, context.set_options, 1, None)
+ def test_set_mode_wrong_args(self):
+ """
+ L{Context.set_mode} raises L{TypeError} if called with the wrong
+ number of arguments or a non-C{int} argument.
+ """
+ context = Context(TLSv1_METHOD)
+ self.assertRaises(TypeError, context.set_mode)
+ self.assertRaises(TypeError, context.set_mode, None)
+ self.assertRaises(TypeError, context.set_mode, 1, None)
+
+
+ if MODE_RELEASE_BUFFERS is not None:
+ def test_set_mode(self):
+ """
+ L{Context.set_mode} accepts a mode bitvector and returns the newly
+ set mode.
+ """
+ context = Context(TLSv1_METHOD)
+ self.assertTrue(
+ MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))
+ else:
+ "MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"
+
+
def test_set_timeout_wrong_args(self):
"""
L{Context.set_timeout} raises L{TypeError} if called with the wrong
@@ -1581,6 +1616,17 @@
"OP_NO_TICKET unavailable - OpenSSL version may be too old"
+ if OP_NO_COMPRESSION is not None:
+ def test_op_no_compression(self):
+ """
+ The value of L{OpenSSL.SSL.OP_NO_COMPRESSION} is 0x20000, the value
+ of L{SSL_OP_NO_COMPRESSION} defined by I{openssl/ssl.h}.
+ """
+ self.assertEqual(OP_NO_COMPRESSION, 0x20000)
+ else:
+ "OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"
+
+
class MemoryBIOTests(TestCase, _LoopbackMixin):
"""
diff --git a/doc/pyOpenSSL.tex b/doc/pyOpenSSL.tex
index 99e3479..95009a2 100644
--- a/doc/pyOpenSSL.tex
+++ b/doc/pyOpenSSL.tex
@@ -843,6 +843,8 @@
\dataline{OP_NO_SSLv2}
\dataline{OP_NO_SSLv3}
\dataline{OP_NO_TLSv1}
+\dataline{OP_NO_TICKET}
+\dataline{OP_NO_COMPRESSION}
Constants used with \method{set_options} of Context objects.
\constant{OP_SINGLE_DH_USE} means to always create a new key when using ephemeral
Diffie-Hellman. \constant{OP_EPHEMERAL_RSA} means to always use ephemeral RSA keys
@@ -852,6 +854,11 @@
handshake, but don't want to use SSLv2.
\end{datadesc}
+\begin{datadesc}{MODE_NO_COMPRESSION}
+Constant used with \method{set_mode} of Context objects to disable automatic
+compression of application traffic.
+\end{datadesc}
+
\begin{datadesc}{SSLEAY_VERSION}
\dataline{SSLEAY_CFLAGS}
\dataline{SSLEAY_BUILT_ON}
@@ -1055,6 +1062,11 @@
This method should be used with the \constant{OP_*} constants.
\end{methoddesc}
+\begin{methoddesc}[Context]{set_mode}{mode}
+Add SSL mode. Modes you have set before are not cleared!
+This method should be used with the \constant{MODE_*} constants.
+\end{methoddesc}
+
\begin{methoddesc}[Context]{set_passwd_cb}{callback\optional{, userdata}}
Set the passphrase callback to \var{callback}. This function will be called
when a private key with a passphrase is loaded. \var{callback} must accept