Superceded
diff --git a/OpenSSL/ssl/connection.c b/OpenSSL/ssl/connection.c
deleted file mode 100755
index 9428376..0000000
--- a/OpenSSL/ssl/connection.c
+++ /dev/null
@@ -1,1725 +0,0 @@
-/*
- * connection.c
- *
- * Copyright (C) AB Strakt
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * SSL Connection objects and methods.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- */
-#include <Python.h>
-
-#ifndef MS_WINDOWS
-# include <sys/socket.h>
-# include <netinet/in.h>
-# if !(defined(__BEOS__) || defined(__CYGWIN__))
-# include <netinet/tcp.h>
-# endif
-#else
-# include <winsock.h>
-# include <wincrypt.h>
-#endif
-
-#define SSL_MODULE
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include "ssl.h"
-
-/**
- * If we are on UNIX, fine, just use PyErr_SetFromErrno. If we are on Windows,
- * apply some black winsock voodoo. This is basically just copied from Python's
- * socketmodule.c
- *
- * Arguments: None
- * Returns: None
- */
-static void
-syscall_from_errno(void)
-{
-#ifdef MS_WINDOWS
- int errnum = WSAGetLastError();
- if (errnum)
- {
- static struct { int num; const char *msg; } *msgp, msgs[] = {
- { WSAEINTR, "Interrupted system call" },
- { WSAEBADF, "Bad file descriptor" },
- { WSAEACCES, "Permission denied" },
- { WSAEFAULT, "Bad address" },
- { WSAEINVAL, "Invalid argument" },
- { WSAEMFILE, "Too many open files" },
- { WSAEWOULDBLOCK, "The socket operation could not complete "
- "without blocking" },
- { WSAEINPROGRESS, "Operation now in progress" },
- { WSAEALREADY, "Operation already in progress" },
- { WSAENOTSOCK, "Socket operation on non-socket" },
- { WSAEDESTADDRREQ, "Destination address required" },
- { WSAEMSGSIZE, "Message too long" },
- { WSAEPROTOTYPE, "Protocol wrong type for socket" },
- { WSAENOPROTOOPT, "Protocol not available" },
- { WSAEPROTONOSUPPORT, "Protocol not supported" },
- { WSAESOCKTNOSUPPORT, "Socket type not supported" },
- { WSAEOPNOTSUPP, "Operation not supported" },
- { WSAEPFNOSUPPORT, "Protocol family not supported" },
- { WSAEAFNOSUPPORT, "Address family not supported" },
- { WSAEADDRINUSE, "Address already in use" },
- { WSAEADDRNOTAVAIL, "Can't assign requested address" },
- { WSAENETDOWN, "Network is down" },
- { WSAENETUNREACH, "Network is unreachable" },
- { WSAENETRESET, "Network dropped connection on reset" },
- { WSAECONNABORTED, "Software caused connection abort" },
- { WSAECONNRESET, "Connection reset by peer" },
- { WSAENOBUFS, "No buffer space available" },
- { WSAEISCONN, "Socket is already connected" },
- { WSAENOTCONN, "Socket is not connected" },
- { WSAESHUTDOWN, "Can't send after socket shutdown" },
- { WSAETOOMANYREFS, "Too many references: can't splice" },
- { WSAETIMEDOUT, "Operation timed out" },
- { WSAECONNREFUSED, "Connection refused" },
- { WSAELOOP, "Too many levels of symbolic links" },
- { WSAENAMETOOLONG, "File name too long" },
- { WSAEHOSTDOWN, "Host is down" },
- { WSAEHOSTUNREACH, "No route to host" },
- { WSAENOTEMPTY, "Directory not empty" },
- { WSAEPROCLIM, "Too many processes" },
- { WSAEUSERS, "Too many users" },
- { WSAEDQUOT, "Disc quota exceeded" },
- { WSAESTALE, "Stale NFS file handle" },
- { WSAEREMOTE, "Too many levels of remote in path" },
- { WSASYSNOTREADY, "Network subsystem is unvailable" },
- { WSAVERNOTSUPPORTED, "WinSock version is not supported" },
- { WSANOTINITIALISED, "Successful WSAStartup() not yet performed" },
- { WSAEDISCON, "Graceful shutdown in progress" },
- /* Resolver errors */
- { WSAHOST_NOT_FOUND, "No such host is known" },
- { WSATRY_AGAIN, "Host not found, or server failed" },
- { WSANO_RECOVERY, "Unexpected server error encountered" },
- { WSANO_DATA, "Valid name without requested data" },
- { WSANO_ADDRESS, "No address, look for MX record" },
- { 0, NULL }
- };
- PyObject *v;
- const char *msg = "winsock error";
-
- for (msgp = msgs; msgp->msg; msgp++)
- {
- if (errnum == msgp->num)
- {
- msg = msgp->msg;
- break;
- }
- }
-
- v = Py_BuildValue("(is)", errnum, msg);
- if (v != NULL)
- {
- PyErr_SetObject(ssl_SysCallError, v);
- Py_DECREF(v);
- }
- return;
- }
-#else
- PyErr_SetFromErrno(ssl_SysCallError);
-#endif
-}
-
-/*
- * Handle errors raised by BIO functions.
- *
- * Arguments: bio - The BIO object
- * ret - The return value of the BIO_ function.
- * Returns: None, the calling function should return NULL;
- */
-static void
-handle_bio_errors(BIO* bio, int ret)
-{
- if (BIO_should_retry(bio)) {
- if (BIO_should_read(bio)) {
- PyErr_SetNone(ssl_WantReadError);
- } else if (BIO_should_write(bio)) {
- PyErr_SetNone(ssl_WantWriteError);
- } else if (BIO_should_io_special(bio)) {
- /*
- * It's somewhat unclear what this means. From the OpenSSL source,
- * it seems like it should not be triggered by the memory BIO, so
- * for the time being, this case shouldn't come up. The SSL BIO
- * (which I think should be named the socket BIO) may trigger this
- * case if its socket is not yet connected or it is busy doing
- * something related to x509.
- */
- PyErr_SetString(PyExc_ValueError, "BIO_should_io_special");
- } else {
- /*
- * I hope this is dead code. The BIO documentation suggests that
- * one of the above three checks should always be true.
- */
- PyErr_SetString(PyExc_ValueError, "unknown bio failure");
- }
- } else {
- /*
- * If we aren't to retry, it's really an error, so fall back to the
- * normal error reporting code. However, the BIO interface does not
- * specify a uniform error reporting mechanism. We can only hope that
- * the code which triggered the error also kindly pushed something onto
- * the error stack.
- */
- exception_from_error_queue(ssl_Error);
- }
-}
-
-/*
- * Handle errors raised by SSL I/O functions. NOTE: Not SSL_shutdown ;)
- *
- * Arguments: ssl - The SSL object
- * err - The return code from SSL_get_error
- * ret - The return code from the SSL I/O function
- * Returns: None, the calling function should return NULL
- */
-static void
-handle_ssl_errors(SSL *ssl, int err, int ret)
-{
- switch (err)
- {
- /*
- * Strange as it may seem, ZeroReturn is not an error per se. It means
- * that the SSL Connection has been closed correctly (note, not the
- * transport layer!), i.e. closure alerts have been exchanged. This is
- * an exception since
- * + There's an SSL "error" code for it
- * + You have to deal with it in any case, close the transport layer
- * etc
- */
- case SSL_ERROR_ZERO_RETURN:
- PyErr_SetNone(ssl_ZeroReturnError);
- break;
-
- /*
- * The WantXYZ exceptions don't mean that there's an error, just that
- * nothing could be read/written just now, maybe because the transport
- * layer would block on the operation, or that there's not enough data
- * available to fill an entire SSL record.
- */
- case SSL_ERROR_WANT_READ:
- PyErr_SetNone(ssl_WantReadError);
- break;
-
- case SSL_ERROR_WANT_WRITE:
- PyErr_SetNone(ssl_WantWriteError);
- break;
-
- case SSL_ERROR_WANT_X509_LOOKUP:
- PyErr_SetNone(ssl_WantX509LookupError);
- break;
-
- case SSL_ERROR_SYSCALL:
- if (ERR_peek_error() == 0)
- {
- if (ret < 0)
- {
- syscall_from_errno();
- }
- else
- {
- PyObject *v;
-
- v = Py_BuildValue("(is)", -1, "Unexpected EOF");
- if (v != NULL)
- {
- PyErr_SetObject(ssl_SysCallError, v);
- Py_DECREF(v);
- }
- }
- break;
- }
-
- /* NOTE: Fall-through here, we don't want to duplicate code, right? */
-
- case SSL_ERROR_SSL:
- ;
- default:
- exception_from_error_queue(ssl_Error);
- break;
- }
-}
-
-/*
- * Here be member methods of the Connection "class"
- */
-
-static char ssl_Connection_get_context_doc[] = "\n\
-Get session context\n\
-\n\
-:return: A Context object\n\
-";
-static PyObject *
-ssl_Connection_get_context(ssl_ConnectionObj *self, PyObject *args) {
- if (!PyArg_ParseTuple(args, ":get_context")) {
- return NULL;
- }
-
- Py_INCREF(self->context);
- return (PyObject *)self->context;
-}
-
-static char ssl_Connection_set_context_doc[] = "\n\
-Switch this connection to a new session context\n\
-\n\
-:param context: A :py:class:`Context` instance giving the new session context to use.\n\
-\n\
-";
-static PyObject *
-ssl_Connection_set_context(ssl_ConnectionObj *self, PyObject *args) {
- ssl_ContextObj *ctx;
- ssl_ContextObj *old;
-
- if (!PyArg_ParseTuple(args, "O!:set_context", &ssl_Context_Type, &ctx)) {
- return NULL;
- }
-
- /* This Connection will hold on to this context now. Make sure it stays
- * alive.
- */
- Py_INCREF(ctx);
-
- /* XXX The unit tests don't actually verify that this call is made.
- * They're satisfied if self->context gets updated.
- */
- SSL_set_SSL_CTX(self->ssl, ctx->ctx);
-
- /* Swap the old out and the new in.
- */
- old = self->context;
- self->context = ctx;
-
- /* XXX The unit tests don't verify that this reference is dropped.
- */
- Py_DECREF(old);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Connection_get_servername_doc[] = "\n\
-Retrieve the servername extension value if provided in the client hello\n\
-message, or None if there wasn't one.\n\
-\n\
-:return: A byte string giving the server name or :py:data:`None`.\n\
-\n\
-";
-static PyObject *
-ssl_Connection_get_servername(ssl_ConnectionObj *self, PyObject *args) {
- int type = TLSEXT_NAMETYPE_host_name;
- const char *name;
-
- if (!PyArg_ParseTuple(args, ":get_servername")) {
- return NULL;
- }
-
- name = SSL_get_servername(self->ssl, type);
-
- if (name == NULL) {
- Py_INCREF(Py_None);
- return Py_None;
- } else {
- return PyBytes_FromString(name);
- }
-}
-
-
-static char ssl_Connection_set_tlsext_host_name_doc[] = "\n\
-Set the value of the servername extension to send in the client hello.\n\
-\n\
-:param name: A byte string giving the name.\n\
-\n\
-";
-static PyObject *
-ssl_Connection_set_tlsext_host_name(ssl_ConnectionObj *self, PyObject *args) {
- char *buf;
-
- if (!PyArg_ParseTuple(args, BYTESTRING_FMT ":set_tlsext_host_name", &buf)) {
- return NULL;
- }
-
- /* XXX I guess this can fail sometimes? */
- SSL_set_tlsext_host_name(self->ssl, buf);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-
-
-static char ssl_Connection_pending_doc[] = "\n\
-Get the number of bytes that can be safely read from the connection\n\
-\n\
-:return: The number of bytes available in the receive buffer.\n\
-";
-static PyObject *
-ssl_Connection_pending(ssl_ConnectionObj *self, PyObject *args) {
- int ret;
-
- if (!PyArg_ParseTuple(args, ":pending")) {
- return NULL;
- }
-
- ret = SSL_pending(self->ssl);
- return PyLong_FromLong((long)ret);
-}
-
-static char ssl_Connection_bio_write_doc[] = "\n\
-When using non-socket connections this function sends\n\
-\"dirty\" data that would have traveled in on the network.\n\
-\n\
-:param buf: The string to put into the memory BIO.\n\
-:return: The number of bytes written\n\
-";
-static PyObject *
-ssl_Connection_bio_write(ssl_ConnectionObj *self, PyObject *args)
-{
- char *buf;
- int len, ret;
-
- if (self->into_ssl == NULL)
- {
- PyErr_SetString(PyExc_TypeError, "Connection sock was not None");
- return NULL;
- }
-
- if (!PyArg_ParseTuple(args, "s#|i:bio_write", &buf, &len))
- return NULL;
-
- ret = BIO_write(self->into_ssl, buf, len);
-
- if (PyErr_Occurred())
- {
- flush_error_queue();
- return NULL;
- }
-
- if (ret <= 0) {
- /*
- * There was a problem with the BIO_write of some sort.
- */
- handle_bio_errors(self->into_ssl, ret);
- return NULL;
- }
-
- return PyLong_FromLong((long)ret);
-}
-
-static char ssl_Connection_send_doc[] = "\n\
-Send data on the connection. NOTE: If you get one of the WantRead,\n\
-WantWrite or WantX509Lookup exceptions on this, you have to call the\n\
-method again with the SAME buffer.\n\
-\n\
-:param buf: The string to send\n\
-:param flags: (optional) Included for compatibility with the socket\n\
- API, the value is ignored\n\
-:return: The number of bytes written\n\
-";
-static PyObject *
-ssl_Connection_send(ssl_ConnectionObj *self, PyObject *args) {
- int len, ret, err, flags;
- char *buf;
-
-#if PY_VERSION_HEX >= 0x02060000
-
- /*
- * Sit back and I'll tell you a story of intrigue and corruption, deceit and
- * murder.
- *
- * A Py_buffer is used to hold any kind of byte-like data - a string, a
- * memoryview, a buffer, etc. PyArg_ParseTuple takes whatever kind of
- * object was supplied, notices the "s*" format specifier, and tries to copy
- * the metadata for that object into the Py_buffer also passed in.
- *
- * According to the Python documentation:
- *
- * ... the caller is responsible for calling PyBuffer_Release with the
- * structure after it has processed the data.
- *
- * Correct use of PyBuffer_Release is necessary due to the fact that
- * Py_buffer must hold a reference to the original Python object from which
- * it was initialized. PyBuffer_Release will decrement the reference count
- * of that original object, allowing it to eventually be deallocated - but
- * only after the Py_buffer is no longer in use.
- *
- * To support failures partway through parsing a format string,
- * PyArg_ParseTuple maintains an internal PyListObject of PyCObjects it has
- * created so far. This allows it to easily clean up these objects when
- * parsing fails, before returning an error to the caller (incidentally, it
- * also makes sure to clean up the Py_buffer it initialized in this case, by
- * calling PyBuffer_Release - which means the caller *must not* use
- * PyBuffer_Release when PyArg_ParseTuple fails; not exactly what the
- * documentation directs).
- *
- * The PyCObjects are given destructors which clean up some structure
- * PyArg_ParseTuple has created (or initialized) - often another PyObject
- * which needs to be decref'd.
- *
- * When parsing completes, the reference count of the PyListObject is merely
- * decremented. The normal Python garbage collection logic (the reference
- * counting logic, in this case) takes over and collects both the list and
- * all of the objects in it. When each PyCObject in the list is collected,
- * it triggers its destructor to clean up the structure it wraps. This all
- * happens immediately, before the Py_XDECREF of the PyListObject returns.
- *
- * The PyListObject is similarly destroyed in the success case, but not
- * until each PyCObject it contains has had its destructor set to NULL to
- * prevent it from cleaning up its contents.
- *
- * When PyArg_ParseTuple returns in an error case, therefore,
- * PyRelease_Buffer has already been used on the Py_buffer passed to
- * PyArg_ParseTuple.
- *
- * This is fortuitous, as the Py_buffer is typically (always?) allocated on
- * the stack of the caller of PyArg_ParseTuple. Once that caller returns,
- * that stack memory is no longer valid, and the Py_buffer may no longer be
- * used.
- *
- * On a Python runtime which does not use reference counting, the
- * PyListObject may not actually be collected before Py_XDECREF returns. It
- * may not even be collected before PyArg_ParseTuple returns. In fact, in
- * particularly unfortunate cases, it may even not be collected before the
- * caller of PyArg_ParseTuple returns. It may not be called until long,
- * long after the stack memory the Py_buffer was allocated on has been
- * re-used for some other function call, after the memory holding a pointer
- * to the structure that owns the memory the Py_buffer wrapped has been
- * overwritten. When PyBuffer_Release is used on the Py_buffer in this
- * case, it will try to decrement a random integer - probably part of a
- * local variable on some part of the stack.
- *
- * The PyPy runtime does not use reference counting.
- *
- * The solution adopted here is to allocate the Py_buffer on the heap,
- * instead. As there is no mechanism for learning when the PyCObject used
- * by PyArg_ParseTuple to do its internal cleanup has had its way with the
- * Py_buffer, the Py_buffer is leaked in the error case, to ensure it is
- * still valid whenever PyBuffer_Release is called on it.
- *
- * Real programs should rarely, if ever, trigger the error case of
- * PyArg_ParseTuple, so this is probably okay. Plus, I'm tired of this
- * stupid bug. -exarkun
- */
-
- Py_buffer *pbuf = PyMem_Malloc(sizeof *pbuf);
-
- if (!PyArg_ParseTuple(args, "s*|i:send", pbuf, &flags)) {
- return NULL;
- }
-
- buf = pbuf->buf;
- len = pbuf->len;
-#else
-
- if (!PyArg_ParseTuple(args, "s#|i:send", &buf, &len, &flags)) {
- return NULL;
- }
-#endif
-
- MY_BEGIN_ALLOW_THREADS(self->tstate)
- ret = SSL_write(self->ssl, buf, len);
- MY_END_ALLOW_THREADS(self->tstate)
-
-#if PY_VERSION_HEX >= 0x02060000
- PyBuffer_Release(pbuf);
- PyMem_Free(pbuf);
-#endif
-
- if (PyErr_Occurred())
- {
- flush_error_queue();
- return NULL;
- }
-
- err = SSL_get_error(self->ssl, ret);
- if (err == SSL_ERROR_NONE)
- {
- return PyLong_FromLong((long)ret);
- }
- else
- {
- handle_ssl_errors(self->ssl, err, ret);
- return NULL;
- }
-}
-
-static char ssl_Connection_sendall_doc[] = "\n\
-Send \"all\" data on the connection. This calls send() repeatedly until\n\
-all data is sent. If an error occurs, it's impossible to tell how much data\n\
-has been sent.\n\
-\n\
-:param buf: The string to send\n\
-:param flags: (optional) Included for compatibility with the socket\n\
- API, the value is ignored\n\
-:return: The number of bytes written\n\
-";
-static PyObject *
-ssl_Connection_sendall(ssl_ConnectionObj *self, PyObject *args)
-{
- char *buf;
- int len, ret, err, flags;
- PyObject *pyret = Py_None;
-
-#if PY_VERSION_HEX >= 0x02060000
- Py_buffer *pbuf = PyMem_Malloc(sizeof *pbuf);
-
- if (!PyArg_ParseTuple(args, "s*|i:sendall", pbuf, &flags)) {
- return NULL;
- }
-
- buf = pbuf->buf;
- len = pbuf->len;
-#else
- if (!PyArg_ParseTuple(args, "s#|i:sendall", &buf, &len, &flags)) {
- return NULL;
- }
-#endif
-
- do {
- MY_BEGIN_ALLOW_THREADS(self->tstate)
- ret = SSL_write(self->ssl, buf, len);
- MY_END_ALLOW_THREADS(self->tstate)
- if (PyErr_Occurred())
- {
- flush_error_queue();
- pyret = NULL;
- break;
- }
- err = SSL_get_error(self->ssl, ret);
- if (err == SSL_ERROR_NONE)
- {
- buf += ret;
- len -= ret;
- }
- else if (err == SSL_ERROR_SSL || err == SSL_ERROR_SYSCALL ||
- err == SSL_ERROR_ZERO_RETURN)
- {
- handle_ssl_errors(self->ssl, err, ret);
- pyret = NULL;
- break;
- }
- } while (len > 0);
-
-#if PY_VERSION_HEX >= 0x02060000
- PyBuffer_Release(pbuf);
- PyMem_Free(pbuf);
-#endif
-
- Py_XINCREF(pyret);
- return pyret;
-}
-
-static char ssl_Connection_recv_doc[] = "\n\
-Receive data on the connection. NOTE: If you get one of the WantRead,\n\
-WantWrite or WantX509Lookup exceptions on this, you have to call the\n\
-method again with the SAME buffer.\n\
-\n\
-:param bufsiz: The maximum number of bytes to read\n\
-:param flags: (optional) Included for compatibility with the socket\n\
- API, the value is ignored\n\
-:return: The string read from the Connection\n\
-";
-static PyObject *
-ssl_Connection_recv(ssl_ConnectionObj *self, PyObject *args)
-{
- int bufsiz, ret, err, flags;
- PyObject *buf;
-
- if (!PyArg_ParseTuple(args, "i|i:recv", &bufsiz, &flags))
- return NULL;
-
- buf = PyBytes_FromStringAndSize(NULL, bufsiz);
- if (buf == NULL)
- return NULL;
-
- MY_BEGIN_ALLOW_THREADS(self->tstate)
- ret = SSL_read(self->ssl, PyBytes_AsString(buf), bufsiz);
- MY_END_ALLOW_THREADS(self->tstate)
-
- if (PyErr_Occurred())
- {
- Py_DECREF(buf);
- flush_error_queue();
- return NULL;
- }
-
- err = SSL_get_error(self->ssl, ret);
- if (err == SSL_ERROR_NONE)
- {
- if (ret != bufsiz && _PyBytes_Resize(&buf, ret) < 0)
- return NULL;
- return buf;
- }
- else
- {
- handle_ssl_errors(self->ssl, err, ret);
- Py_DECREF(buf);
- return NULL;
- }
-}
-
-static char ssl_Connection_bio_read_doc[] = "\n\
-When using non-socket connections this function reads\n\
-the \"dirty\" data that would have traveled away on the network.\n\
-\n\
-:param bufsiz: The maximum number of bytes to read\n\
-:return: The string read.\n\
-";
-static PyObject *
-ssl_Connection_bio_read(ssl_ConnectionObj *self, PyObject *args)
-{
- int bufsiz, ret;
- PyObject *buf;
-
- if (self->from_ssl == NULL)
- {
- PyErr_SetString(PyExc_TypeError, "Connection sock was not None");
- return NULL;
- }
-
- if (!PyArg_ParseTuple(args, "i:bio_read", &bufsiz))
- return NULL;
-
- buf = PyBytes_FromStringAndSize(NULL, bufsiz);
- if (buf == NULL)
- return NULL;
-
- ret = BIO_read(self->from_ssl, PyBytes_AsString(buf), bufsiz);
-
- if (PyErr_Occurred())
- {
- Py_DECREF(buf);
- flush_error_queue();
- return NULL;
- }
-
- if (ret <= 0) {
- /*
- * There was a problem with the BIO_read of some sort.
- */
- handle_bio_errors(self->from_ssl, ret);
- Py_DECREF(buf);
- return NULL;
- }
-
- /*
- * Shrink the string to match the number of bytes we actually read.
- */
- if (ret != bufsiz && _PyBytes_Resize(&buf, ret) < 0)
- {
- Py_DECREF(buf);
- return NULL;
- }
- return buf;
-}
-
-static char ssl_Connection_renegotiate_doc[] = "\n\
-Renegotiate the session\n\
-\n\
-:return: True if the renegotiation can be started, false otherwise\n\
-";
-static PyObject *
-ssl_Connection_renegotiate(ssl_ConnectionObj *self, PyObject *args) {
- int ret;
-
- if (!PyArg_ParseTuple(args, ":renegotiate")) {
- return NULL;
- }
-
- MY_BEGIN_ALLOW_THREADS(self->tstate);
- ret = SSL_renegotiate(self->ssl);
- MY_END_ALLOW_THREADS(self->tstate);
-
- if (PyErr_Occurred()) {
- flush_error_queue();
- return NULL;
- }
-
- return PyLong_FromLong((long)ret);
-}
-
-static char ssl_Connection_do_handshake_doc[] = "\n\
-Perform an SSL handshake (usually called after renegotiate() or one of\n\
-set_*_state()). This can raise the same exceptions as send and recv.\n\
-\n\
-:return: None.\n\
-";
-static PyObject *
-ssl_Connection_do_handshake(ssl_ConnectionObj *self, PyObject *args)
-{
- int ret, err;
-
- if (!PyArg_ParseTuple(args, ":do_handshake"))
- return NULL;
-
- MY_BEGIN_ALLOW_THREADS(self->tstate);
- ret = SSL_do_handshake(self->ssl);
- MY_END_ALLOW_THREADS(self->tstate);
-
- if (PyErr_Occurred())
- {
- flush_error_queue();
- return NULL;
- }
-
- err = SSL_get_error(self->ssl, ret);
- if (err == SSL_ERROR_NONE)
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
- else
- {
- handle_ssl_errors(self->ssl, err, ret);
- return NULL;
- }
-}
-
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00907000L
-static char ssl_Connection_renegotiate_pending_doc[] = "\n\
-Check if there's a renegotiation in progress, it will return false once\n\
-a renegotiation is finished.\n\
-\n\
-:return: Whether there's a renegotiation in progress\n\
-";
-static PyObject *
-ssl_Connection_renegotiate_pending(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":renegotiate_pending"))
- return NULL;
-
- return PyLong_FromLong((long)SSL_renegotiate_pending(self->ssl));
-}
-#endif
-
-static char ssl_Connection_total_renegotiations_doc[] = "\n\
-Find out the total number of renegotiations.\n\
-\n\
-:return: The number of renegotiations.\n\
-";
-static PyObject *
-ssl_Connection_total_renegotiations(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":total_renegotiations"))
- return NULL;
-
- return PyLong_FromLong(SSL_total_renegotiations(self->ssl));
-}
-
-static char ssl_Connection_set_accept_state_doc[] = "\n\
-Set the connection to work in server mode. The handshake will be handled\n\
-automatically by read/write.\n\
-\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Connection_set_accept_state(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":set_accept_state"))
- return NULL;
-
- SSL_set_accept_state(self->ssl);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Connection_set_connect_state_doc[] = "\n\
-Set the connection to work in client mode. The handshake will be handled\n\
-automatically by read/write.\n\
-\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Connection_set_connect_state(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":set_connect_state"))
- return NULL;
-
- SSL_set_connect_state(self->ssl);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Connection_connect_doc[] = "\n\
-Connect to remote host and set up client-side SSL\n\
-\n\
-:param addr: A remote address\n\
-:return: What the socket's connect method returns\n\
-";
-static PyObject *
-ssl_Connection_connect(ssl_ConnectionObj *self, PyObject *args)
-{
- PyObject *meth, *ret;
-
- if ((meth = PyObject_GetAttrString(self->socket, "connect")) == NULL)
- return NULL;
-
- SSL_set_connect_state(self->ssl);
-
- ret = PyEval_CallObject(meth, args);
- Py_DECREF(meth);
- if (ret == NULL)
- return NULL;
-
- return ret;
-}
-
-static char ssl_Connection_connect_ex_doc[] = "\n\
-Connect to remote host and set up client-side SSL. Note that if the socket's\n\
-connect_ex method doesn't return 0, SSL won't be initialized.\n\
-\n\
-:param addr: A remove address\n\
-:return: What the socket's connect_ex method returns\n\
-";
-static PyObject *
-ssl_Connection_connect_ex(ssl_ConnectionObj *self, PyObject *args)
-{
- PyObject *meth, *ret;
-
- if ((meth = PyObject_GetAttrString(self->socket, "connect_ex")) == NULL)
- return NULL;
-
- SSL_set_connect_state(self->ssl);
-
- ret = PyEval_CallObject(meth, args);
- Py_DECREF(meth);
- return ret;
-}
-
-static char ssl_Connection_accept_doc[] = "\n\
-Accept incoming connection and set up SSL on it\n\
-\n\
-:return: A (conn,addr) pair where conn is a Connection and addr is an\n\
- address\n\
-";
-static PyObject *
-ssl_Connection_accept(ssl_ConnectionObj *self, PyObject *args)
-{
- PyObject *tuple, *socket, *address, *meth;
- ssl_ConnectionObj *conn;
-
- if ((meth = PyObject_GetAttrString(self->socket, "accept")) == NULL)
- return NULL;
- tuple = PyEval_CallObject(meth, args);
- Py_DECREF(meth);
- if (tuple == NULL)
- return NULL;
-
- socket = PyTuple_GetItem(tuple, 0);
- Py_INCREF(socket);
- address = PyTuple_GetItem(tuple, 1);
- Py_INCREF(address);
- Py_DECREF(tuple);
-
- conn = ssl_Connection_New(self->context, socket);
- Py_DECREF(socket);
- if (conn == NULL)
- {
- Py_DECREF(address);
- return NULL;
- }
-
- SSL_set_accept_state(conn->ssl);
-
- tuple = Py_BuildValue("(OO)", conn, address);
-
- Py_DECREF(conn);
- Py_DECREF(address);
-
- return tuple;
-}
-
-static char ssl_Connection_bio_shutdown_doc[] = "\n\
-When using non-socket connections this function signals end of\n\
-data on the input for this connection.\n\
-\n\
-:return: None\n\
-";
-
-static PyObject *
-ssl_Connection_bio_shutdown(ssl_ConnectionObj *self, PyObject *args)
-{
- if (self->from_ssl == NULL)
- {
- PyErr_SetString(PyExc_TypeError, "Connection sock was not None");
- return NULL;
- }
-
- BIO_set_mem_eof_return(self->into_ssl, 0);
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-
-
-static char ssl_Connection_shutdown_doc[] = "\n\
-Send closure alert\n\
-\n\
-:return: True if the shutdown completed successfully (i.e. both sides\n\
- have sent closure alerts), false otherwise (i.e. you have to\n\
- wait for a ZeroReturnError on a recv() method call\n\
-";
-static PyObject *
-ssl_Connection_shutdown(ssl_ConnectionObj *self, PyObject *args)
-{
- int ret;
-
- if (!PyArg_ParseTuple(args, ":shutdown"))
- return NULL;
-
- MY_BEGIN_ALLOW_THREADS(self->tstate)
- ret = SSL_shutdown(self->ssl);
- MY_END_ALLOW_THREADS(self->tstate)
-
- if (PyErr_Occurred())
- {
- flush_error_queue();
- return NULL;
- }
-
- if (ret < 0)
- {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else if (ret > 0)
- {
- Py_INCREF(Py_True);
- return Py_True;
- }
- else
- {
- Py_INCREF(Py_False);
- return Py_False;
- }
-}
-
-static char ssl_Connection_get_cipher_list_doc[] = "\n\
-Get the session cipher list\n\
-\n\
-:return: A list of cipher strings\n\
-";
-static PyObject *
-ssl_Connection_get_cipher_list(ssl_ConnectionObj *self, PyObject *args)
-{
- int idx = 0;
- const char *ret;
- PyObject *lst, *item;
-
- if (!PyArg_ParseTuple(args, ":get_cipher_list"))
- return NULL;
-
- lst = PyList_New(0);
- while ((ret = SSL_get_cipher_list(self->ssl, idx)) != NULL)
- {
- item = PyText_FromString(ret);
- PyList_Append(lst, item);
- Py_DECREF(item);
- idx++;
- }
- return lst;
-}
-
-static char ssl_Connection_get_client_ca_list_doc[] = "\n\
-Get CAs whose certificates are suggested for client authentication.\n\
-\n\
-:return: If this is a server connection, a list of X509Names representing\n\
- the acceptable CAs as set by :py:meth:`OpenSSL.SSL.Context.set_client_ca_list` or\n\
- :py:meth:`OpenSSL.SSL.Context.add_client_ca`. If this is a client connection,\n\
- the list of such X509Names sent by the server, or an empty list if that\n\
- has not yet happened.\n\
-";
-
-static PyObject *
-ssl_Connection_get_client_ca_list(ssl_ConnectionObj *self, PyObject *args) {
- STACK_OF(X509_NAME) *CANames;
- PyObject *CAList;
- int i, n;
-
- if (!PyArg_ParseTuple(args, ":get_client_ca_list")) {
- return NULL;
- }
- CANames = SSL_get_client_CA_list(self->ssl);
- if (CANames == NULL) {
- return PyList_New(0);
- }
- n = sk_X509_NAME_num(CANames);
- CAList = PyList_New(n);
- if (CAList == NULL) {
- return NULL;
- }
- for (i = 0; i < n; i++) {
- X509_NAME *CAName;
- PyObject *CA;
-
- CAName = X509_NAME_dup(sk_X509_NAME_value(CANames, i));
- if (CAName == NULL) {
- Py_DECREF(CAList);
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- CA = (PyObject *)new_x509name(CAName, 1);
- if (CA == NULL) {
- X509_NAME_free(CAName);
- Py_DECREF(CAList);
- return NULL;
- }
- if (PyList_SetItem(CAList, i, CA)) {
- Py_DECREF(CA);
- Py_DECREF(CAList);
- return NULL;
- }
- }
- return CAList;
-}
-
-static char ssl_Connection_makefile_doc[] = "\n\
-The makefile() method is not implemented, since there is no dup semantics\n\
-for SSL connections\n\
-\n\
-:raise NotImplementedError\n\
-";
-static PyObject *
-ssl_Connection_makefile(ssl_ConnectionObj *self, PyObject *args)
-{
- PyErr_SetString(PyExc_NotImplementedError, "Cannot make file object of SSL.Connection");
- return NULL;
-}
-
-static char ssl_Connection_get_app_data_doc[] = "\n\
-Get application data\n\
-\n\
-:return: The application data\n\
-";
-static PyObject *
-ssl_Connection_get_app_data(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":get_app_data"))
- return NULL;
-
- Py_INCREF(self->app_data);
- return self->app_data;
-}
-
-static char ssl_Connection_set_app_data_doc[] = "\n\
-Set application data\n\
-\n\
-:param data - The application data\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Connection_set_app_data(ssl_ConnectionObj *self, PyObject *args)
-{
- PyObject *data;
-
- if (!PyArg_ParseTuple(args, "O:set_app_data", &data))
- return NULL;
-
- Py_DECREF(self->app_data);
- Py_INCREF(data);
- self->app_data = data;
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Connection_get_shutdown_doc[] = "\n\
-Get shutdown state\n\
-\n\
-:return: The shutdown state, a bitvector of SENT_SHUTDOWN, RECEIVED_SHUTDOWN.\n\
-";
-static PyObject *
-ssl_Connection_get_shutdown(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":get_shutdown"))
- return NULL;
-
- return PyLong_FromLong((long)SSL_get_shutdown(self->ssl));
-}
-
-static char ssl_Connection_set_shutdown_doc[] = "\n\
-Set shutdown state\n\
-\n\
-:param state - bitvector of SENT_SHUTDOWN, RECEIVED_SHUTDOWN.\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Connection_set_shutdown(ssl_ConnectionObj *self, PyObject *args)
-{
- int shutdown;
-
- if (!PyArg_ParseTuple(args, "i:set_shutdown", &shutdown))
- return NULL;
-
- SSL_set_shutdown(self->ssl, shutdown);
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Connection_state_string_doc[] = "\n\
-Get a verbose state description\n\
-\n\
-:return: A string representing the state\n\
-";
-static PyObject *
-ssl_Connection_state_string(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":state_string"))
- return NULL;
-
- return PyText_FromString(SSL_state_string_long(self->ssl));
-}
-
-static char ssl_Connection_client_random_doc[] = "\n\
-Get a copy of the client hello nonce.\n\
-\n\
-:return: A string representing the state\n\
-";
-static PyObject *
-ssl_Connection_client_random(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":client_random"))
- return NULL;
-
- if (self->ssl->session == NULL) {
- Py_INCREF(Py_None);
- return Py_None;
- }
- return PyBytes_FromStringAndSize( (const char *) self->ssl->s3->client_random, SSL3_RANDOM_SIZE);
-}
-
-static char ssl_Connection_server_random_doc[] = "\n\
-Get a copy of the server hello nonce.\n\
-\n\
-:return: A string representing the state\n\
-";
-static PyObject *
-ssl_Connection_server_random(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":server_random"))
- return NULL;
-
- if (self->ssl->session == NULL) {
- Py_INCREF(Py_None);
- return Py_None;
- }
- return PyBytes_FromStringAndSize( (const char *) self->ssl->s3->server_random, SSL3_RANDOM_SIZE);
-}
-
-static char ssl_Connection_master_key_doc[] = "\n\
-Get a copy of the master key.\n\
-\n\
-:return: A string representing the state\n\
-";
-static PyObject *
-ssl_Connection_master_key(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":master_key"))
- return NULL;
-
- if (self->ssl->session == NULL) {
- Py_INCREF(Py_None);
- return Py_None;
- }
- return PyBytes_FromStringAndSize( (const char *) self->ssl->session->master_key, self->ssl->session->master_key_length);
-}
-
-static char ssl_Connection_sock_shutdown_doc[] = "\n\
-See shutdown(2)\n\
-\n\
-:return: What the socket's shutdown() method returns\n\
-";
-static PyObject *
-ssl_Connection_sock_shutdown(ssl_ConnectionObj *self, PyObject *args)
-{
- PyObject *meth, *ret;
-
- if ((meth = PyObject_GetAttrString(self->socket, "shutdown")) == NULL)
- return NULL;
- ret = PyEval_CallObject(meth, args);
- Py_DECREF(meth);
- return ret;
-}
-
-static char ssl_Connection_get_peer_certificate_doc[] = "\n\
-Retrieve the other side's certificate (if any)\n\
-\n\
-:return: The peer's certificate\n\
-";
-static PyObject *
-ssl_Connection_get_peer_certificate(ssl_ConnectionObj *self, PyObject *args)
-{
- X509 *cert;
-
- if (!PyArg_ParseTuple(args, ":get_peer_certificate"))
- return NULL;
-
- cert = SSL_get_peer_certificate(self->ssl);
- if (cert != NULL)
- {
- return (PyObject *)new_x509(cert, 1);
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-static char ssl_Connection_get_peer_cert_chain_doc[] = "\n\
-Retrieve the other side's certificate (if any)\n\
-\n\
-:return: A list of X509 instances giving the peer's certificate chain,\n\
- or None if it does not have one.\n\
-";
-static PyObject *
-ssl_Connection_get_peer_cert_chain(ssl_ConnectionObj *self, PyObject *args) {
- STACK_OF(X509) *sk;
- PyObject *chain;
- crypto_X509Obj *cert;
- Py_ssize_t i;
-
- if (!PyArg_ParseTuple(args, ":get_peer_cert_chain")) {
- return NULL;
- }
-
- sk = SSL_get_peer_cert_chain(self->ssl);
- if (sk != NULL) {
- chain = PyList_New(sk_X509_num(sk));
- for (i = 0; i < sk_X509_num(sk); i++) {
- cert = new_x509(sk_X509_value(sk, i), 1);
- if (!cert) {
- /* XXX Untested */
- Py_DECREF(chain);
- return NULL;
- }
- CRYPTO_add(&cert->x509->references, 1, CRYPTO_LOCK_X509);
- PyList_SET_ITEM(chain, i, (PyObject *)cert);
- }
- return chain;
- } else {
- Py_INCREF(Py_None);
- return Py_None;
- }
-
-}
-
-static char ssl_Connection_want_read_doc[] = "\n\
-Checks if more data has to be read from the transport layer to complete an\n\
-operation.\n\
-\n\
-:return: True iff more data has to be read\n\
-";
-static PyObject *
-ssl_Connection_want_read(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":want_read"))
- return NULL;
-
- return PyLong_FromLong((long)SSL_want_read(self->ssl));
-}
-
-static char ssl_Connection_want_write_doc[] = "\n\
-Checks if there is data to write to the transport layer to complete an\n\
-operation.\n\
-\n\
-:return: True iff there is data to write\n\
-";
-static PyObject *
-ssl_Connection_want_write(ssl_ConnectionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":want_write"))
- return NULL;
-
- return PyLong_FromLong((long)SSL_want_write(self->ssl));
-}
-
-static char ssl_Connection_get_session_doc[] = "\n\
-Returns the Session currently used.\n\
-\n\
-@return: An instance of :py:class:`OpenSSL.SSL.Session` or :py:obj:`None` if\n\
- no session exists.\n\
-";
-static PyObject *
-ssl_Connection_get_session(ssl_ConnectionObj *self, PyObject *args) {
- ssl_SessionObj *session;
- SSL_SESSION *native_session;
-
- if (!PyArg_ParseTuple(args, ":get_session")) {
- return NULL;
- }
-
- native_session = SSL_get1_session(self->ssl);
-
- if (native_session == NULL) {
- Py_INCREF(Py_None);
- return Py_None;
- }
-
- session = ssl_Session_from_SSL_SESSION(native_session);
- if (!session) {
- Py_INCREF(Py_None);
- return Py_None;
- }
-
- return (PyObject*)session;
-}
-
-static char ssl_Connection_set_session_doc[] = "\n\
-Set the session to be used when the TLS/SSL connection is established.\n\
-\n\
-:param session: A Session instance representing the session to use.\n\
-:returns: None\n\
-";
-static PyObject *
-ssl_Connection_set_session(ssl_ConnectionObj *self, PyObject *args) {
- ssl_SessionObj *session;
-
- if (!PyArg_ParseTuple(args, "O!:set_session", &ssl_Session_Type, &session)) {
- return NULL;
- }
-
- if (SSL_set_session(self->ssl, session->session) == 0) {
- /* The only case which leads to this seems to be a mismatch, between
- * this connection and the session, of the SSL method.
- */
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-/*
- * Member methods in the Connection object
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)ssl_Connection_name, METH_VARARGS }
- * for convenience
- * ADD_ALIAS(name,real) creates an "alias" of the ssl_Connection_real
- * function with the name 'name'
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)ssl_Connection_##name, METH_VARARGS, ssl_Connection_##name##_doc }
-#define ADD_ALIAS(name,real) \
- { #name, (PyCFunction)ssl_Connection_##real, METH_VARARGS, ssl_Connection_##real##_doc }
-static PyMethodDef ssl_Connection_methods[] =
-{
- ADD_METHOD(get_context),
- ADD_METHOD(set_context),
- ADD_METHOD(get_servername),
- ADD_METHOD(set_tlsext_host_name),
- ADD_METHOD(pending),
- ADD_METHOD(send),
- ADD_ALIAS (write, send),
- ADD_METHOD(sendall),
- ADD_METHOD(recv),
- ADD_ALIAS (read, recv),
- ADD_METHOD(bio_read),
- ADD_METHOD(bio_write),
- ADD_METHOD(renegotiate),
- ADD_METHOD(do_handshake),
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00907000L
- ADD_METHOD(renegotiate_pending),
-#endif
- ADD_METHOD(total_renegotiations),
- ADD_METHOD(connect),
- ADD_METHOD(connect_ex),
- ADD_METHOD(accept),
- ADD_METHOD(bio_shutdown),
- ADD_METHOD(shutdown),
- ADD_METHOD(get_cipher_list),
- ADD_METHOD(get_client_ca_list),
- ADD_METHOD(makefile),
- ADD_METHOD(get_app_data),
- ADD_METHOD(set_app_data),
- ADD_METHOD(get_shutdown),
- ADD_METHOD(set_shutdown),
- ADD_METHOD(state_string),
- ADD_METHOD(server_random),
- ADD_METHOD(client_random),
- ADD_METHOD(master_key),
- ADD_METHOD(sock_shutdown),
- ADD_METHOD(get_peer_certificate),
- ADD_METHOD(get_peer_cert_chain),
- ADD_METHOD(want_read),
- ADD_METHOD(want_write),
- ADD_METHOD(set_accept_state),
- ADD_METHOD(set_connect_state),
- ADD_METHOD(get_session),
- ADD_METHOD(set_session),
- { NULL, NULL }
-};
-#undef ADD_ALIAS
-#undef ADD_METHOD
-
-static char ssl_Connection_doc[] = "\n\
-Connection(context, socket) -> Connection instance\n\
-\n\
-Create a new Connection object, using the given OpenSSL.SSL.Context instance\n\
-and socket.\n\
-\n\
-:param context: An SSL Context to use for this connection\n\
-:param socket: The socket to use for transport layer\n\
-";
-
-/*
- * Initializer used by ssl_Connection_new and ssl_Connection_New. *Not*
- * tp_init. This takes an already allocated ssl_ConnectionObj, a context, and
- * a optionally a socket, and glues them all together.
- */
-static ssl_ConnectionObj*
-ssl_Connection_init(ssl_ConnectionObj *self, ssl_ContextObj *ctx, PyObject *sock) {
- int fd;
-
- Py_INCREF(ctx);
- self->context = ctx;
-
- Py_INCREF(sock);
- self->socket = sock;
-
- self->ssl = NULL;
- self->from_ssl = NULL;
- self->into_ssl = NULL;
-
- Py_INCREF(Py_None);
- self->app_data = Py_None;
-
- self->tstate = NULL;
-
- self->ssl = SSL_new(self->context->ctx);
- SSL_set_app_data(self->ssl, self);
-
- if (self->socket == Py_None)
- {
- /* If it's not a socket or file, treat it like a memory buffer,
- * so crazy people can do things like EAP-TLS. */
- self->into_ssl = BIO_new(BIO_s_mem());
- self->from_ssl = BIO_new(BIO_s_mem());
- if (self->into_ssl == NULL || self->from_ssl == NULL)
- goto error;
- SSL_set_bio(self->ssl, self->into_ssl, self->from_ssl);
- }
- else
- {
- fd = PyObject_AsFileDescriptor(self->socket);
- if (fd < 0)
- {
- Py_DECREF(self);
- return NULL;
- }
- else
- {
- SSL_set_fd(self->ssl, (SOCKET_T)fd);
- }
- }
- return self;
-
-error:
- BIO_free(self->into_ssl); /* NULL safe */
- BIO_free(self->from_ssl); /* NULL safe */
- Py_DECREF(self);
- return NULL;
-}
-
-/*
- * Constructor for Connection objects
- *
- * Arguments: ctx - An SSL Context to use for this connection
- * sock - The socket to use for transport layer
- * Returns: The newly created Connection object
- */
-ssl_ConnectionObj *
-ssl_Connection_New(ssl_ContextObj *ctx, PyObject *sock) {
- ssl_ConnectionObj *self;
-
- self = PyObject_GC_New(ssl_ConnectionObj, &ssl_Connection_Type);
- if (self == NULL) {
- return NULL;
- }
- self = ssl_Connection_init(self, ctx, sock);
- if (self == NULL) {
- return NULL;
- }
- PyObject_GC_Track((PyObject *)self);
- return self;
-}
-
-static PyObject*
-ssl_Connection_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
- ssl_ConnectionObj *self;
- ssl_ContextObj *ctx;
- PyObject *sock;
- static char *kwlist[] = {"context", "socket", NULL};
-
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O!O:Connection", kwlist,
- &ssl_Context_Type, &ctx, &sock)) {
- return NULL;
- }
-
- self = (ssl_ConnectionObj *)subtype->tp_alloc(subtype, 1);
- if (self == NULL) {
- return NULL;
- }
-
- return (PyObject *)ssl_Connection_init(self, ctx, sock);
-}
-
-/*
- * Find attribute
- *
- * Arguments: self - The Connection object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something went
- * wrong
- */
-static PyObject *
-ssl_Connection_getattro(ssl_ConnectionObj *self, PyObject *nameobj) {
- PyObject *meth;
-
- meth = PyObject_GenericGetAttr((PyObject*)self, nameobj);
- if (PyErr_Occurred() && PyErr_ExceptionMatches(PyExc_AttributeError)) {
- PyErr_Clear();
- /* Try looking it up in the "socket" instead. */
- meth = PyObject_GenericGetAttr(self->socket, nameobj);
- }
-
- return meth;
-}
-
-/*
- * Call the visitproc on all contained objects.
- *
- * Arguments: self - The Connection object
- * visit - Function to call
- * arg - Extra argument to visit
- * Returns: 0 if all goes well, otherwise the return code from the first
- * call that gave non-zero result.
- */
-static int
-ssl_Connection_traverse(ssl_ConnectionObj *self, visitproc visit, void *arg)
-{
- int ret = 0;
-
- if (ret == 0 && self->context != NULL)
- ret = visit((PyObject *)self->context, arg);
- if (ret == 0 && self->socket != NULL)
- ret = visit(self->socket, arg);
- if (ret == 0 && self->app_data != NULL)
- ret = visit(self->app_data, arg);
- return ret;
-}
-
-/*
- * Decref all contained objects and zero the pointers.
- *
- * Arguments: self - The Connection object
- * Returns: Always 0.
- */
-static int
-ssl_Connection_clear(ssl_ConnectionObj *self)
-{
- Py_XDECREF(self->context);
- self->context = NULL;
- Py_XDECREF(self->socket);
- self->socket = NULL;
- Py_XDECREF(self->app_data);
- self->app_data = NULL;
- self->into_ssl = NULL; /* was cleaned up by SSL_free() */
- self->from_ssl = NULL; /* was cleaned up by SSL_free() */
- return 0;
-}
-
-/*
- * Deallocate the memory used by the Connection object
- *
- * Arguments: self - The Connection object
- * Returns: None
- */
-static void
-ssl_Connection_dealloc(ssl_ConnectionObj *self)
-{
- PyObject_GC_UnTrack(self);
- if (self->ssl != NULL)
- SSL_free(self->ssl);
- ssl_Connection_clear(self);
- PyObject_GC_Del(self);
-}
-
-PyTypeObject ssl_Connection_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "OpenSSL.SSL.Connection",
- sizeof(ssl_ConnectionObj),
- 0,
- (destructor)ssl_Connection_dealloc,
- NULL, /* print */
- NULL, /* tp_getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- (getattrofunc)ssl_Connection_getattro, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC,
- ssl_Connection_doc, /* doc */
- (traverseproc)ssl_Connection_traverse,
- (inquiry)ssl_Connection_clear,
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- ssl_Connection_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- ssl_Connection_new, /* tp_new */
-};
-
-
-/*
- * Initiailze the Connection part of the SSL sub module
- *
- * Arguments: dict - The OpenSSL.SSL module
- * Returns: 1 for success, 0 otherwise
- */
-int
-init_ssl_connection(PyObject *module) {
-
- if (PyType_Ready(&ssl_Connection_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&ssl_Connection_Type);
- if (PyModule_AddObject(module, "Connection", (PyObject *)&ssl_Connection_Type) != 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&ssl_Connection_Type);
- if (PyModule_AddObject(module, "ConnectionType", (PyObject *)&ssl_Connection_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
-
diff --git a/OpenSSL/ssl/connection.h b/OpenSSL/ssl/connection.h
deleted file mode 100644
index 59f659b..0000000
--- a/OpenSSL/ssl/connection.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * connection.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Export SSL Connection data structures and functions.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- *
- */
-#ifndef PyOpenSSL_SSL_CONNECTION_H_
-#define PyOpenSSL_SSL_CONNECTION_H_
-
-#include <Python.h>
-#include <openssl/ssl.h>
-
-/* shamelessly stolen from socketmodule.c */
-#ifdef MS_WINDOWS
-# include <winsock.h>
-typedef SOCKET SOCKET_T;
-# ifdef MS_WIN64
-# define SIZEOF_SOCKET_T 8
-# else
-# define SIZEOF_SOCKET_T 4
-# endif
-#else
-typedef int SOCKET_T;
-# define SIZEOF_SOCKET_T SIZEOF_INT
-#endif
-
-
-extern int init_ssl_connection (PyObject *);
-
-extern PyTypeObject ssl_Connection_Type;
-
-#define ssl_Connection_Check(v) ((v)->ob_type == &ssl_Connection_Type)
-
-typedef struct {
- PyObject_HEAD
- SSL *ssl;
- ssl_ContextObj *context;
- PyObject *socket;
- PyThreadState *tstate; /* This field is no longer used. */
- PyObject *app_data;
- BIO *into_ssl, *from_ssl; /* for connections without file descriptors */
-} ssl_ConnectionObj;
-
-
-
-#endif
-
diff --git a/OpenSSL/ssl/context.c b/OpenSSL/ssl/context.c
deleted file mode 100644
index 84180b8..0000000
--- a/OpenSSL/ssl/context.c
+++ /dev/null
@@ -1,1501 +0,0 @@
-/*
- * context.c
- *
- * Copyright (C) AB Strakt
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * SSL Context objects and their methods.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- */
-#include <Python.h>
-
-#if PY_VERSION_HEX >= 0x02050000
-# define PYARG_PARSETUPLE_FORMAT const char
-# define PYOBJECT_GETATTRSTRING_TYPE const char*
-#else
-# define PYARG_PARSETUPLE_FORMAT char
-# define PYOBJECT_GETATTRSTRING_TYPE char*
-#endif
-
-#ifndef MS_WINDOWS
-# include <sys/socket.h>
-# include <netinet/in.h>
-# if !(defined(__BEOS__) || defined(__CYGWIN__))
-# include <netinet/tcp.h>
-# endif
-#else
-# include <winsock.h>
-# include <wincrypt.h>
-#endif
-
-#define SSL_MODULE
-#include "ssl.h"
-
-/*
- * CALLBACKS
- *
- * Callbacks work like this: We provide a "global" callback in C which
- * transforms the arguments into a Python argument tuple and calls the
- * corresponding Python callback, and then parsing the return value back into
- * things the C function can return.
- *
- * Three caveats:
- * + How do we find the Context object where the Python callbacks are stored?
- * + What about multithreading and execution frames?
- * + What about Python callbacks that raise exceptions?
- *
- * The solution to the first issue is trivial if the callback provides
- * "userdata" functionality. Since the only callbacks that don't provide
- * userdata do provide a pointer to an SSL structure, we can associate an SSL
- * object and a Connection one-to-one via the SSL_set/get_app_data()
- * functions.
- *
- * The solution to the other issue is to rewrite the Py_BEGIN_ALLOW_THREADS
- * macro allowing it (or rather a new macro) to specify where to save the
- * thread state (in our case, as a member of the Connection/Context object) so
- * we can retrieve it again before calling the Python callback.
- */
-
-/*
- * Globally defined passphrase callback. This is called from OpenSSL
- * internally. The GIL will not be held when this function is invoked. It
- * must not be held when the function returns.
- *
- * Arguments: buf - Buffer to store the returned passphrase in
- * maxlen - Maximum length of the passphrase
- * verify - If true, the passphrase callback should ask for a
- * password twice and verify they're equal. If false, only
- * ask once.
- * arg - User data, always a Context object
- * Returns: The length of the password if successful, 0 otherwise
- */
-static int
-global_passphrase_callback(char *buf, int maxlen, int verify, void *arg)
-{
- /*
- * Initialize len here because we're always going to return it, and we
- * might jump to the return before it gets initialized in any other way.
- */
- int len = 0;
- char *str;
- PyObject *argv, *ret = NULL;
- ssl_ContextObj *ctx = (ssl_ContextObj *)arg;
-
- /*
- * GIL isn't held yet. First things first - acquire it, or any Python API
- * we invoke might segfault or blow up the sun. The reverse will be done
- * before returning.
- */
- MY_END_ALLOW_THREADS(ctx->tstate);
-
- /* The Python callback is called with a (maxlen,verify,userdata) tuple */
- argv = Py_BuildValue("(iiO)", maxlen, verify, ctx->passphrase_userdata);
-
- /*
- * XXX Didn't check argv to see if it was NULL. -exarkun
- */
- ret = PyEval_CallObject(ctx->passphrase_callback, argv);
- Py_DECREF(argv);
-
- if (ret == NULL) {
- /*
- * The callback raised an exception. It will be raised by whatever
- * Python API triggered this callback.
- */
- goto out;
- }
-
- if (!PyObject_IsTrue(ret)) {
- /*
- * Returned "", or None, or something. Treat it as no passphrase.
- */
- Py_DECREF(ret);
- goto out;
- }
-
- if (!PyBytes_Check(ret)) {
- /*
- * XXX Returned something that wasn't a string. This is bogus. We'll
- * return 0 and OpenSSL will treat it as an error, resulting in an
- * exception from whatever Python API triggered this callback.
- */
- Py_DECREF(ret);
- goto out;
- }
-
- len = PyBytes_Size(ret);
- if (len > maxlen) {
- /*
- * Returned more than we said they were allowed to return. Just
- * truncate it. Might be better to raise an exception,
- * instead. -exarkun
- */
- len = maxlen;
- }
-
- str = PyBytes_AsString(ret);
- strncpy(buf, str, len);
- Py_XDECREF(ret);
-
- out:
- /*
- * This function is returning into OpenSSL. Release the GIL again.
- */
- MY_BEGIN_ALLOW_THREADS(ctx->tstate);
- return len;
-}
-
-/*
- * Globally defined verify callback
- *
- * Arguments: ok - True everything is OK "so far", false otherwise
- * x509_ctx - Contains the certificate being checked, the current
- * error number and depth, and the Connection we're
- * dealing with
- * Returns: True if everything is okay, false otherwise
- */
-static int
-global_verify_callback(int ok, X509_STORE_CTX *x509_ctx)
-{
- PyObject *argv, *ret;
- SSL *ssl;
- ssl_ConnectionObj *conn;
- crypto_X509Obj *cert;
- int errnum, errdepth, c_ret;
-
- // Get Connection object to check thread state
- ssl = (SSL *)X509_STORE_CTX_get_app_data(x509_ctx);
- conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
-
- MY_END_ALLOW_THREADS(conn->tstate);
-
- cert = new_x509(X509_STORE_CTX_get_current_cert(x509_ctx), 0);
- errnum = X509_STORE_CTX_get_error(x509_ctx);
- errdepth = X509_STORE_CTX_get_error_depth(x509_ctx);
-
- argv = Py_BuildValue("(OOiii)", (PyObject *)conn, (PyObject *)cert,
- errnum, errdepth, ok);
- Py_DECREF(cert);
- ret = PyEval_CallObject(conn->context->verify_callback, argv);
- Py_DECREF(argv);
-
- if (ret != NULL && PyObject_IsTrue(ret)) {
- X509_STORE_CTX_set_error(x509_ctx, X509_V_OK);
- Py_DECREF(ret);
- c_ret = 1;
- } else {
- c_ret = 0;
- }
-
- MY_BEGIN_ALLOW_THREADS(conn->tstate);
- return c_ret;
-}
-
-/*
- * Globally defined info callback. This is called from OpenSSL internally.
- * The GIL will not be held when this function is invoked. It must not be held
- * when the function returns.
- *
- * Arguments: ssl - The Connection
- * where - The part of the SSL code that called us
- * _ret - The return code of the SSL function that called us
- * Returns: None
- */
-static void
-global_info_callback(const SSL *ssl, int where, int _ret)
-{
- ssl_ConnectionObj *conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
- PyObject *argv, *ret;
-
- /*
- * GIL isn't held yet. First things first - acquire it, or any Python API
- * we invoke might segfault or blow up the sun. The reverse will be done
- * before returning.
- */
- MY_END_ALLOW_THREADS(conn->tstate);
-
- argv = Py_BuildValue("(Oii)", (PyObject *)conn, where, _ret);
- ret = PyEval_CallObject(conn->context->info_callback, argv);
- Py_DECREF(argv);
-
- if (ret == NULL) {
- /*
- * XXX - This should be reported somehow. -exarkun
- */
- PyErr_Clear();
- } else {
- Py_DECREF(ret);
- }
-
- /*
- * This function is returning into OpenSSL. Release the GIL again.
- */
- MY_BEGIN_ALLOW_THREADS(conn->tstate);
- return;
-}
-
-/*
- * Globally defined TLS extension server name callback. This is called from
- * OpenSSL internally. The GIL will not be held when this function is invoked.
- * It must not be held when the function returns.
- *
- * ssl represents the connection this callback is for
- *
- * alert is a pointer to the alert value which maybe will be emitted to the
- * client if there is an error handling the client hello (which contains the
- * server name). This is an out parameter, maybe.
- *
- * arg is an arbitrary pointer specified by SSL_CTX_set_tlsext_servername_arg.
- * It will be NULL for all pyOpenSSL uses.
- */
-static int
-global_tlsext_servername_callback(const SSL *ssl, int *alert, void *arg) {
- int result = 0;
- PyObject *argv, *ret;
- ssl_ConnectionObj *conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
-
- /*
- * GIL isn't held yet. First things first - acquire it, or any Python API
- * we invoke might segfault or blow up the sun. The reverse will be done
- * before returning.
- */
- MY_END_ALLOW_THREADS(conn->tstate);
-
- argv = Py_BuildValue("(O)", (PyObject *)conn);
- ret = PyEval_CallObject(conn->context->tlsext_servername_callback, argv);
- Py_DECREF(argv);
- Py_DECREF(ret);
-
- /*
- * This function is returning into OpenSSL. Release the GIL again.
- */
- MY_BEGIN_ALLOW_THREADS(conn->tstate);
- return result;
-}
-
-/*
- * More recent builds of OpenSSL may have SSLv2 completely disabled.
- */
-#ifdef OPENSSL_NO_SSL2
-#define SSLv2_METHOD_TEXT ""
-#else
-#define SSLv2_METHOD_TEXT " SSLv2_METHOD"
-#endif
-
-#ifdef SSL_OP_NO_TLSv1_1
-#define TLSv1_1_METHOD_TEXT " TLSv1_1_METHOD"
-#endif
-
-#ifdef SSL_OP_NO_TLSv1_2
-#define TLSv1_2_METHOD_TEXT " TLSv1_2_METHOD"
-#endif
-
-static char ssl_Context_doc[] = "\n\
-Context(method) -> Context instance\n\
-\n\
-OpenSSL.SSL.Context instances define the parameters for setting up new SSL\n\
-connections.\n\
-\n\
-:param method: One of:" SSLv2_METHOD_TEXT " SSLv3_METHOD SSLv23_METHOD TLSv1_METHOD" TLSv1_1_METHOD_TEXT TLSv1_2_METHOD_TEXT "\n\
-";
-
-#undef SSLv2_METHOD_TEXT
-#undef TLSv1_1_METHOD_TEXT
-#undef TLSv1_2_METHOD_TEXT
-
-static char ssl_Context_load_verify_locations_doc[] = "\n\
-Let SSL know where we can find trusted certificates for the certificate\n\
-chain\n\
-\n\
-:param cafile: In which file we can find the certificates\n\
-:param capath: In which directory we can find the certificates\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_load_verify_locations(ssl_ContextObj *self, PyObject *args) {
- char *cafile = NULL;
- char *capath = NULL;
-
- if (!PyArg_ParseTuple(args, "z|z:load_verify_locations", &cafile, &capath)) {
- return NULL;
- }
-
- if (!SSL_CTX_load_verify_locations(self->ctx, cafile, capath))
- {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-static char ssl_Context_set_default_verify_paths_doc[] = "\n\
-Use the platform-specific CA certificate locations\n\
-\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_set_default_verify_paths(ssl_ContextObj *self, PyObject *args) {
- if (!PyArg_ParseTuple(args, ":set_default_verify_paths")) {
- return NULL;
- }
-
- /*
- * XXX Error handling for SSL_CTX_set_default_verify_paths is untested.
- * -exarkun
- */
- if (!SSL_CTX_set_default_verify_paths(self->ctx)) {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- Py_INCREF(Py_None);
- return Py_None;
-};
-
-
-static char ssl_Context_set_passwd_cb_doc[] = "\n\
-Set the passphrase callback\n\
-\n\
-:param callback: The Python callback to use\n\
-:param userdata: (optional) A Python object which will be given as\n\
- argument to the callback\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_set_passwd_cb(ssl_ContextObj *self, PyObject *args)
-{
- PyObject *callback = NULL, *userdata = Py_None;
-
- if (!PyArg_ParseTuple(args, "O|O:set_passwd_cb", &callback, &userdata))
- return NULL;
-
- if (!PyCallable_Check(callback))
- {
- PyErr_SetString(PyExc_TypeError, "expected PyCallable");
- return NULL;
- }
-
- Py_DECREF(self->passphrase_callback);
- Py_INCREF(callback);
- self->passphrase_callback = callback;
- SSL_CTX_set_default_passwd_cb(self->ctx, global_passphrase_callback);
-
- Py_DECREF(self->passphrase_userdata);
- Py_INCREF(userdata);
- self->passphrase_userdata = userdata;
- SSL_CTX_set_default_passwd_cb_userdata(self->ctx, (void *)self);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static PyTypeObject *
-type_modified_error(const char *name) {
- PyErr_Format(PyExc_RuntimeError,
- "OpenSSL.crypto's '%s' attribute has been modified",
- name);
- return NULL;
-}
-
-static PyTypeObject *
-import_crypto_type(const char *name, size_t objsize) {
- PyObject *module, *type, *name_attr;
- PyTypeObject *res;
- int right_name;
-
- module = PyImport_ImportModule("OpenSSL.crypto");
- if (module == NULL) {
- return NULL;
- }
- type = PyObject_GetAttrString(module, (PYOBJECT_GETATTRSTRING_TYPE)name);
- Py_DECREF(module);
- if (type == NULL) {
- return NULL;
- }
- if (!(PyType_Check(type))) {
- Py_DECREF(type);
- return type_modified_error(name);
- }
- name_attr = PyObject_GetAttrString(type, "__name__");
- if (name_attr == NULL) {
- Py_DECREF(type);
- return NULL;
- }
-
-#ifdef PY3
- {
- PyObject* asciiname = PyUnicode_AsASCIIString(name_attr);
- Py_DECREF(name_attr);
- name_attr = asciiname;
- }
-#endif
- right_name = (PyBytes_CheckExact(name_attr) &&
- strcmp(name, PyBytes_AsString(name_attr)) == 0);
- Py_DECREF(name_attr);
- res = (PyTypeObject *)type;
- if (!right_name || res->tp_basicsize != objsize) {
- Py_DECREF(type);
- return type_modified_error(name);
- }
- return res;
-}
-
-static crypto_X509Obj *
-parse_certificate_argument(const char* format, PyObject* args) {
- static PyTypeObject *crypto_X509_type = NULL;
- crypto_X509Obj *cert;
-
- if (!crypto_X509_type) {
- crypto_X509_type = import_crypto_type("X509", sizeof(crypto_X509Obj));
- if (!crypto_X509_type) {
- return NULL;
- }
- }
- if (!PyArg_ParseTuple(args, (PYARG_PARSETUPLE_FORMAT *)format,
- crypto_X509_type, &cert)) {
- return NULL;
- }
- return cert;
-}
-
-static char ssl_Context_add_extra_chain_cert_doc[] = "\n\
-Add certificate to chain\n\
-\n\
-:param certobj: The X509 certificate object to add to the chain\n\
-:return: None\n\
-";
-
-static PyObject *
-ssl_Context_add_extra_chain_cert(ssl_ContextObj *self, PyObject *args)
-{
- X509* cert_original;
- crypto_X509Obj *cert = parse_certificate_argument(
- "O!:add_extra_chain_cert", args);
- if (cert == NULL)
- {
- return NULL;
- }
- if (!(cert_original = X509_dup(cert->x509)))
- {
- /* exception_from_error_queue(ssl_Error); */
- PyErr_SetString(PyExc_RuntimeError, "X509_dup failed");
- return NULL;
- }
- if (!SSL_CTX_add_extra_chain_cert(self->ctx, cert_original))
- {
- X509_free(cert_original);
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-
-static char ssl_Context_use_certificate_chain_file_doc[] = "\n\
-Load a certificate chain from a file\n\
-\n\
-:param certfile: The name of the certificate chain file\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_use_certificate_chain_file(ssl_ContextObj *self, PyObject *args)
-{
- char *certfile;
-
- if (!PyArg_ParseTuple(args, "s:use_certificate_chain_file", &certfile))
- return NULL;
-
- if (!SSL_CTX_use_certificate_chain_file(self->ctx, certfile))
- {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-
-static char ssl_Context_use_certificate_file_doc[] = "\n\
-Load a certificate from a file\n\
-\n\
-:param certfile: The name of the certificate file\n\
-:param filetype: (optional) The encoding of the file, default is PEM\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_use_certificate_file(ssl_ContextObj *self, PyObject *args)
-{
- char *certfile;
- int filetype = SSL_FILETYPE_PEM;
-
- if (!PyArg_ParseTuple(args, "s|i:use_certificate_file", &certfile, &filetype))
- return NULL;
-
- if (!SSL_CTX_use_certificate_file(self->ctx, certfile, filetype))
- {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-static char ssl_Context_use_certificate_doc[] = "\n\
-Load a certificate from a X509 object\n\
-\n\
-:param cert: The X509 object\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_use_certificate(ssl_ContextObj *self, PyObject *args)
-{
- crypto_X509Obj *cert = parse_certificate_argument(
- "O!:use_certificate", args);
- if (cert == NULL) {
- return NULL;
- }
-
- if (!SSL_CTX_use_certificate(self->ctx, cert->x509))
- {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-static char ssl_Context_use_privatekey_file_doc[] = "\n\
-Load a private key from a file\n\
-\n\
-:param keyfile: The name of the key file\n\
-:param filetype: (optional) The encoding of the file, default is PEM\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_use_privatekey_file(ssl_ContextObj *self, PyObject *args)
-{
- char *keyfile;
- int filetype = SSL_FILETYPE_PEM, ret;
-
- if (!PyArg_ParseTuple(args, "s|i:use_privatekey_file", &keyfile, &filetype))
- return NULL;
-
- MY_BEGIN_ALLOW_THREADS(self->tstate);
- ret = SSL_CTX_use_PrivateKey_file(self->ctx, keyfile, filetype);
- MY_END_ALLOW_THREADS(self->tstate);
-
- if (PyErr_Occurred())
- {
- flush_error_queue();
- return NULL;
- }
-
- if (!ret)
- {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-static char ssl_Context_use_privatekey_doc[] = "\n\
-Load a private key from a PKey object\n\
-\n\
-:param pkey: The PKey object\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_use_privatekey(ssl_ContextObj *self, PyObject *args) {
- static PyTypeObject *crypto_PKey_type = NULL;
- crypto_PKeyObj *pkey;
-
- if (!crypto_PKey_type) {
- crypto_PKey_type = import_crypto_type("PKey", sizeof(crypto_PKeyObj));
- if (!crypto_PKey_type) {
- return NULL;
- }
- }
- if (!PyArg_ParseTuple(args, "O!:use_privatekey", crypto_PKey_type, &pkey)) {
- return NULL;
- }
-
- if (!SSL_CTX_use_PrivateKey(self->ctx, pkey->pkey)) {
- exception_from_error_queue(ssl_Error);
- return NULL;
- } else {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-static char ssl_Context_check_privatekey_doc[] = "\n\
-Check that the private key and certificate match up\n\
-\n\
-:return: None (raises an exception if something's wrong)\n\
-";
-static PyObject *
-ssl_Context_check_privatekey(ssl_ContextObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":check_privatekey"))
- return NULL;
-
- if (!SSL_CTX_check_private_key(self->ctx))
- {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-static char ssl_Context_load_client_ca_doc[] = "\n\
-Load the trusted certificates that will be sent to the client (basically\n\
-telling the client \"These are the guys I trust\"). Does not actually\n\
-imply any of the certificates are trusted; that must be configured\n\
-separately.\n\
-\n\
-:param cafile: The name of the certificates file\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_load_client_ca(ssl_ContextObj *self, PyObject *args)
-{
- char *cafile;
-
- if (!PyArg_ParseTuple(args, "s:load_client_ca", &cafile))
- return NULL;
-
- SSL_CTX_set_client_CA_list(self->ctx, SSL_load_client_CA_file(cafile));
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Context_set_session_id_doc[] = "\n\
-Set the session identifier. This is needed if you want to do session\n\
-resumption.\n\
-\n\
-:param buf: A Python object that can be safely converted to a string\n\
-:returns: None\n\
-";
-static PyObject *
-ssl_Context_set_session_id(ssl_ContextObj *self, PyObject *args)
-{
- unsigned char *buf;
- unsigned int len;
-
- if (!PyArg_ParseTuple(args, "s#:set_session_id", &buf, &len))
- return NULL;
-
- if (!SSL_CTX_set_session_id_context(self->ctx, buf, len))
- {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-static char ssl_Context_set_session_cache_mode_doc[] = "\n\
-Enable/disable session caching and specify the mode used.\n\
-\n\
-:param mode: One or more of the SESS_CACHE_* flags (combine using bitwise or)\n\
-:returns: The previously set caching mode.\n\
-";
-static PyObject *
-ssl_Context_set_session_cache_mode(ssl_ContextObj *self, PyObject *args) {
- long mode, result;
-
- if (!PyArg_ParseTuple(args, "l:set_session_cache_mode", &mode)) {
- return NULL;
- }
-
- result = SSL_CTX_set_session_cache_mode(self->ctx, mode);
- return PyLong_FromLong(result);
-
-}
-
-static char ssl_Context_get_session_cache_mode_doc[] = "\n\
-:returns: The currently used cache mode.\n\
-";
-static PyObject *
-ssl_Context_get_session_cache_mode(ssl_ContextObj *self, PyObject *args) {
- long result;
-
- if (!PyArg_ParseTuple(args, ":get_session_cache_mode")) {
- return NULL;
- }
- result = SSL_CTX_get_session_cache_mode(self->ctx);
- return PyLong_FromLong(result);
-}
-
-static char ssl_Context_set_verify_doc[] = "\n\
-Set the verify mode and verify callback\n\
-\n\
-:param mode: The verify mode, this is either VERIFY_NONE or\n\
- VERIFY_PEER combined with possible other flags\n\
-:param callback: The Python callback to use\n\
-:return: None\n\
-\n\
-See SSL_CTX_set_verify(3SSL) for further details.\n\
-";
-static PyObject *
-ssl_Context_set_verify(ssl_ContextObj *self, PyObject *args)
-{
- int mode;
- PyObject *callback = NULL;
-
- if (!PyArg_ParseTuple(args, "iO:set_verify", &mode, &callback))
- return NULL;
-
- if (!PyCallable_Check(callback))
- {
- PyErr_SetString(PyExc_TypeError, "expected PyCallable");
- return NULL;
- }
-
- Py_DECREF(self->verify_callback);
- Py_INCREF(callback);
- self->verify_callback = callback;
- SSL_CTX_set_verify(self->ctx, mode, global_verify_callback);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Context_set_verify_depth_doc[] = "\n\
-Set the verify depth\n\
-\n\
-:param depth: An integer specifying the verify depth\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_set_verify_depth(ssl_ContextObj *self, PyObject *args)
-{
- int depth;
-
- if (!PyArg_ParseTuple(args, "i:set_verify_depth", &depth))
- return NULL;
-
- SSL_CTX_set_verify_depth(self->ctx, depth);
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Context_get_verify_mode_doc[] = "\n\
-Get the verify mode\n\
-\n\
-:return: The verify mode\n\
-";
-static PyObject *
-ssl_Context_get_verify_mode(ssl_ContextObj *self, PyObject *args)
-{
- int mode;
-
- if (!PyArg_ParseTuple(args, ":get_verify_mode"))
- return NULL;
-
- mode = SSL_CTX_get_verify_mode(self->ctx);
- return PyLong_FromLong((long)mode);
-}
-
-static char ssl_Context_get_verify_depth_doc[] = "\n\
-Get the verify depth\n\
-\n\
-:return: The verify depth\n\
-";
-static PyObject *
-ssl_Context_get_verify_depth(ssl_ContextObj *self, PyObject *args)
-{
- int depth;
-
- if (!PyArg_ParseTuple(args, ":get_verify_depth"))
- return NULL;
-
- depth = SSL_CTX_get_verify_depth(self->ctx);
- return PyLong_FromLong((long)depth);
-}
-
-static char ssl_Context_load_tmp_dh_doc[] = "\n\
-Load parameters for Ephemeral Diffie-Hellman\n\
-\n\
-:param dhfile: The file to load EDH parameters from\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_load_tmp_dh(ssl_ContextObj *self, PyObject *args)
-{
- char *dhfile;
- BIO *bio;
- DH *dh;
-
- if (!PyArg_ParseTuple(args, "s:load_tmp_dh", &dhfile))
- return NULL;
-
- bio = BIO_new_file(dhfile, "r");
- if (bio == NULL) {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
-
- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
- SSL_CTX_set_tmp_dh(self->ctx, dh);
- DH_free(dh);
- BIO_free(bio);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Context_set_cipher_list_doc[] = "\n\
-Change the cipher list\n\
-\n\
-:param cipher_list: A cipher list, see ciphers(1)\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_set_cipher_list(ssl_ContextObj *self, PyObject *args)
-{
- char *cipher_list;
-
- if (!PyArg_ParseTuple(args, "s:set_cipher_list", &cipher_list))
- return NULL;
-
- if (!SSL_CTX_set_cipher_list(self->ctx, cipher_list))
- {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- else
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
-}
-
-static char ssl_Context_set_client_ca_list_doc[] = "\n\
-Set the list of preferred client certificate signers for this server context.\n\
-\n\
-This list of certificate authorities will be sent to the client when the\n\
-server requests a client certificate.\n\
-\n\
-:param certificate_authorities: a sequence of X509Names.\n\
-:return: None\n\
-";
-
-static PyObject *
-ssl_Context_set_client_ca_list(ssl_ContextObj *self, PyObject *args)
-{
- static PyTypeObject *X509NameType;
- PyObject *sequence, *tuple, *item;
- crypto_X509NameObj *name;
- X509_NAME *sslname;
- STACK_OF(X509_NAME) *CANames;
- Py_ssize_t length;
- int i;
-
- if (X509NameType == NULL) {
- X509NameType = import_crypto_type("X509Name", sizeof(crypto_X509NameObj));
- if (X509NameType == NULL) {
- return NULL;
- }
- }
- if (!PyArg_ParseTuple(args, "O:set_client_ca_list", &sequence)) {
- return NULL;
- }
- tuple = PySequence_Tuple(sequence);
- if (tuple == NULL) {
- return NULL;
- }
- length = PyTuple_Size(tuple);
- if (length >= INT_MAX) {
- PyErr_SetString(PyExc_ValueError, "client CA list is too long");
- Py_DECREF(tuple);
- return NULL;
- }
- CANames = sk_X509_NAME_new_null();
- if (CANames == NULL) {
- Py_DECREF(tuple);
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- for (i = 0; i < length; i++) {
- item = PyTuple_GetItem(tuple, i);
- if (item->ob_type != X509NameType) {
- PyErr_Format(PyExc_TypeError,
- "client CAs must be X509Name objects, not %s objects",
- item->ob_type->tp_name);
- sk_X509_NAME_free(CANames);
- Py_DECREF(tuple);
- return NULL;
- }
- name = (crypto_X509NameObj *)item;
- sslname = X509_NAME_dup(name->x509_name);
- if (sslname == NULL) {
- sk_X509_NAME_free(CANames);
- Py_DECREF(tuple);
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- if (!sk_X509_NAME_push(CANames, sslname)) {
- X509_NAME_free(sslname);
- sk_X509_NAME_free(CANames);
- Py_DECREF(tuple);
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- }
- Py_DECREF(tuple);
- SSL_CTX_set_client_CA_list(self->ctx, CANames);
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Context_add_client_ca_doc[] = "\n\
-Add the CA certificate to the list of preferred signers for this context.\n\
-\n\
-The list of certificate authorities will be sent to the client when the\n\
-server requests a client certificate.\n\
-\n\
-:param certificate_authority: certificate authority's X509 certificate.\n\
-:return: None\n\
-";
-
-static PyObject *
-ssl_Context_add_client_ca(ssl_ContextObj *self, PyObject *args)
-{
- crypto_X509Obj *cert;
-
- cert = parse_certificate_argument("O!:add_client_ca", args);
- if (cert == NULL) {
- return NULL;
- }
- if (!SSL_CTX_add_client_CA(self->ctx, cert->x509)) {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Context_set_timeout_doc[] = "\n\
-Set session timeout\n\
-\n\
-:param timeout: The timeout in seconds\n\
-:return: The previous session timeout\n\
-";
-static PyObject *
-ssl_Context_set_timeout(ssl_ContextObj *self, PyObject *args)
-{
- long t, ret;
-
- if (!PyArg_ParseTuple(args, "l:set_timeout", &t))
- return NULL;
-
- ret = SSL_CTX_set_timeout(self->ctx, t);
- return PyLong_FromLong(ret);
-}
-
-static char ssl_Context_get_timeout_doc[] = "\n\
-Get the session timeout\n\
-\n\
-:return: The session timeout\n\
-";
-static PyObject *
-ssl_Context_get_timeout(ssl_ContextObj *self, PyObject *args)
-{
- long ret;
-
- if (!PyArg_ParseTuple(args, ":get_timeout"))
- return NULL;
-
- ret = SSL_CTX_get_timeout(self->ctx);
- return PyLong_FromLong(ret);
-}
-
-static char ssl_Context_set_info_callback_doc[] = "\n\
-Set the info callback\n\
-\n\
-:param callback: The Python callback to use\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_set_info_callback(ssl_ContextObj *self, PyObject *args)
-{
- PyObject *callback;
-
- if (!PyArg_ParseTuple(args, "O:set_info_callback", &callback))
- return NULL;
-
- if (!PyCallable_Check(callback))
- {
- PyErr_SetString(PyExc_TypeError, "expected PyCallable");
- return NULL;
- }
-
- Py_DECREF(self->info_callback);
- Py_INCREF(callback);
- self->info_callback = callback;
- SSL_CTX_set_info_callback(self->ctx, global_info_callback);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Context_get_app_data_doc[] = "\n\
-Get the application data (supplied via set_app_data())\n\
-\n\
-:return: The application data\n\
-";
-static PyObject *
-ssl_Context_get_app_data(ssl_ContextObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":get_app_data"))
- return NULL;
-
- Py_INCREF(self->app_data);
- return self->app_data;
-}
-
-static char ssl_Context_set_app_data_doc[] = "\n\
-Set the application data (will be returned from get_app_data())\n\
-\n\
-:param data: Any Python object\n\
-:return: None\n\
-";
-static PyObject *
-ssl_Context_set_app_data(ssl_ContextObj *self, PyObject *args)
-{
- PyObject *data;
-
- if (!PyArg_ParseTuple(args, "O:set_app_data", &data))
- return NULL;
-
- Py_DECREF(self->app_data);
- Py_INCREF(data);
- self->app_data = data;
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char ssl_Context_get_cert_store_doc[] = "\n\
-Get the certificate store for the context\n\
-\n\
-:return: A X509Store object\n\
-";
-static PyObject *
-ssl_Context_get_cert_store(ssl_ContextObj *self, PyObject *args)
-{
- X509_STORE *store;
-
- if (!PyArg_ParseTuple(args, ":get_cert_store"))
- return NULL;
-
- if ((store = SSL_CTX_get_cert_store(self->ctx)) == NULL)
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
- else
- {
- return (PyObject *)new_x509store(store, 0);
- }
-}
-
-static char ssl_Context_set_options_doc[] = "\n\
-Add options. Options set before are not cleared!\n\
-\n\
-:param options: The options to add.\n\
-:return: The new option bitmask.\n\
-";
-static PyObject *
-ssl_Context_set_options(ssl_ContextObj *self, PyObject *args)
-{
- long options;
-
- if (!PyArg_ParseTuple(args, "l:set_options", &options))
- return NULL;
-
- return PyLong_FromLong(SSL_CTX_set_options(self->ctx, options));
-}
-
-static char ssl_Context_set_mode_doc[] = "\n\
-Add modes via bitmask. Modes set before are not cleared!\n\
-\n\
-:param mode: The mode to add.\n\
-:return: The new mode bitmask.\n\
-";
-static PyObject *
-ssl_Context_set_mode(ssl_ContextObj *self, PyObject *args) {
- long mode;
-
- if (!PyArg_ParseTuple(args, "l:set_mode", &mode)) {
- return NULL;
- }
-
- return PyLong_FromLong(SSL_CTX_set_mode(self->ctx, mode));
-}
-
-static char ssl_Context_set_tlsext_servername_callback_doc[] = "\n\
-Specify a callback function to be called when clients specify a server name.\n\
-\n\
-:param callback: The callback function. It will be invoked with one\n\
- argument, the Connection instance.\n\
-\n\
-";
-static PyObject *
-ssl_Context_set_tlsext_servername_callback(ssl_ContextObj *self, PyObject *args) {
- PyObject *callback;
- PyObject *old;
-
- if (!PyArg_ParseTuple(args, "O:set_tlsext_servername_callback", &callback)) {
- return NULL;
- }
-
- Py_INCREF(callback);
- old = self->tlsext_servername_callback;
- self->tlsext_servername_callback = callback;
- Py_DECREF(old);
-
- SSL_CTX_set_tlsext_servername_callback(self->ctx, global_tlsext_servername_callback);
- SSL_CTX_set_tlsext_servername_arg(self->ctx, NULL);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-
-/*
- * Member methods in the Context object
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)ssl_Context_name, METH_VARARGS }
- * for convenience
- * ADD_ALIAS(name,real) creates an "alias" of the ssl_Context_real
- * function with the name 'name'
- */
-#define ADD_METHOD(name) { #name, (PyCFunction)ssl_Context_##name, METH_VARARGS, ssl_Context_##name##_doc }
-static PyMethodDef ssl_Context_methods[] = {
- ADD_METHOD(load_verify_locations),
- ADD_METHOD(set_passwd_cb),
- ADD_METHOD(set_default_verify_paths),
- ADD_METHOD(use_certificate_chain_file),
- ADD_METHOD(use_certificate_file),
- ADD_METHOD(use_certificate),
- ADD_METHOD(add_extra_chain_cert),
- ADD_METHOD(use_privatekey_file),
- ADD_METHOD(use_privatekey),
- ADD_METHOD(check_privatekey),
- ADD_METHOD(load_client_ca),
- ADD_METHOD(set_session_id),
- ADD_METHOD(set_session_cache_mode),
- ADD_METHOD(get_session_cache_mode),
- ADD_METHOD(set_verify),
- ADD_METHOD(set_verify_depth),
- ADD_METHOD(get_verify_mode),
- ADD_METHOD(get_verify_depth),
- ADD_METHOD(load_tmp_dh),
- ADD_METHOD(set_cipher_list),
- ADD_METHOD(set_client_ca_list),
- ADD_METHOD(add_client_ca),
- ADD_METHOD(set_timeout),
- ADD_METHOD(get_timeout),
- ADD_METHOD(set_info_callback),
- ADD_METHOD(get_app_data),
- ADD_METHOD(set_app_data),
- ADD_METHOD(get_cert_store),
- ADD_METHOD(set_options),
- ADD_METHOD(set_mode),
- ADD_METHOD(set_tlsext_servername_callback),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-/*
- * Despite the name which might suggest otherwise, this is not the tp_init for
- * the Context type. It's just the common initialization code shared by the
- * two _{Nn}ew functions below.
- */
-static ssl_ContextObj*
-ssl_Context_init(ssl_ContextObj *self, int i_method) {
-#if (OPENSSL_VERSION_NUMBER >> 28) == 0x01
- const
-#endif
- SSL_METHOD *method;
-
- switch (i_method) {
- case ssl_SSLv2_METHOD:
-#ifdef OPENSSL_NO_SSL2
- PyErr_SetString(PyExc_ValueError, "SSLv2_METHOD not supported by this version of OpenSSL");
- return NULL;
-#else
- method = SSLv2_method();
-#endif
- break;
- case ssl_SSLv23_METHOD:
- method = SSLv23_method();
- break;
- case ssl_SSLv3_METHOD:
- method = SSLv3_method();
- break;
- case ssl_TLSv1_METHOD:
- method = TLSv1_method();
- break;
- case ssl_TLSv1_1_METHOD:
-#ifdef SSL_OP_NO_TLSv1_1
- method = TLSv1_1_method();
-#else
- PyErr_SetString(PyExc_ValueError, "TLSv1_1_method not supported by this version of OpenSSL");
- return NULL;
-#endif
- break;
- case ssl_TLSv1_2_METHOD:
-#ifdef SSL_OP_NO_TLSv1_2
- method = TLSv1_2_method();
-#else
- PyErr_SetString(PyExc_ValueError, "TLSv1_2_method not supported by this version of OpenSSL");
- return NULL;
-#endif
- break;
- default:
- PyErr_SetString(PyExc_ValueError, "No such protocol");
- return NULL;
- }
-
- self->ctx = SSL_CTX_new(method);
- if (self->ctx == NULL) {
- exception_from_error_queue(ssl_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- self->passphrase_callback = Py_None;
- Py_INCREF(Py_None);
- self->verify_callback = Py_None;
- Py_INCREF(Py_None);
- self->info_callback = Py_None;
-
- Py_INCREF(Py_None);
- self->tlsext_servername_callback = Py_None;
-
- Py_INCREF(Py_None);
- self->passphrase_userdata = Py_None;
-
- Py_INCREF(Py_None);
- self->app_data = Py_None;
-
- /* Some initialization that's required to operate smoothly in Python */
- SSL_CTX_set_app_data(self->ctx, self);
- SSL_CTX_set_mode(self->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE |
- SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
- SSL_MODE_AUTO_RETRY);
-
- self->tstate = NULL;
-
- return self;
-}
-
-/*
- * This one is exposed in the CObject API. I want to deprecate it.
- */
-ssl_ContextObj*
-ssl_Context_New(int i_method) {
- ssl_ContextObj *self;
-
- self = PyObject_GC_New(ssl_ContextObj, &ssl_Context_Type);
- if (self == NULL) {
- return (ssl_ContextObj *)PyErr_NoMemory();
- }
- self = ssl_Context_init(self, i_method);
- PyObject_GC_Track((PyObject *)self);
- return self;
-}
-
-
-/*
- * This one is the tp_new of the Context type. It's great.
- */
-static PyObject*
-ssl_Context_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
- int i_method;
- ssl_ContextObj *self;
- static char *kwlist[] = {"method", NULL};
-
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "i:Context", kwlist, &i_method)) {
- return NULL;
- }
-
- self = (ssl_ContextObj *)subtype->tp_alloc(subtype, 1);
- if (self == NULL) {
- return NULL;
- }
-
- return (PyObject *)ssl_Context_init(self, i_method);
-}
-
-/*
- * Call the visitproc on all contained objects.
- *
- * Arguments: self - The Context object
- * visit - Function to call
- * arg - Extra argument to visit
- * Returns: 0 if all goes well, otherwise the return code from the first
- * call that gave non-zero result.
- */
-static int
-ssl_Context_traverse(ssl_ContextObj *self, visitproc visit, void *arg)
-{
- int ret = 0;
-
- if (ret == 0 && self->passphrase_callback != NULL)
- ret = visit((PyObject *)self->passphrase_callback, arg);
- if (ret == 0 && self->passphrase_userdata != NULL)
- ret = visit((PyObject *)self->passphrase_userdata, arg);
- if (ret == 0 && self->verify_callback != NULL)
- ret = visit((PyObject *)self->verify_callback, arg);
- if (ret == 0 && self->info_callback != NULL)
- ret = visit((PyObject *)self->info_callback, arg);
- if (ret == 0 && self->app_data != NULL)
- ret = visit(self->app_data, arg);
- return ret;
-}
-
-/*
- * Decref all contained objects and zero the pointers.
- *
- * Arguments: self - The Context object
- * Returns: Always 0.
- */
-static int
-ssl_Context_clear(ssl_ContextObj *self)
-{
- Py_XDECREF(self->passphrase_callback);
- self->passphrase_callback = NULL;
- Py_XDECREF(self->passphrase_userdata);
- self->passphrase_userdata = NULL;
- Py_XDECREF(self->verify_callback);
- self->verify_callback = NULL;
- Py_XDECREF(self->info_callback);
- self->info_callback = NULL;
- Py_XDECREF(self->app_data);
- self->app_data = NULL;
- return 0;
-}
-
-/*
- * Deallocate the memory used by the Context object
- *
- * Arguments: self - The Context object
- * Returns: None
- */
-static void
-ssl_Context_dealloc(ssl_ContextObj *self)
-{
- PyObject_GC_UnTrack((PyObject *)self);
- SSL_CTX_free(self->ctx);
- ssl_Context_clear(self);
- PyObject_GC_Del(self);
-}
-
-
-PyTypeObject ssl_Context_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "OpenSSL.SSL.Context",
- sizeof(ssl_ContextObj),
- 0,
- (destructor)ssl_Context_dealloc, /* tp_dealloc */
- NULL, /* print */
- NULL, /* tp_getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE, /* tp_flags */
- ssl_Context_doc, /* tp_doc */
- (traverseproc)ssl_Context_traverse, /* tp_traverse */
- (inquiry)ssl_Context_clear, /* tp_clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- ssl_Context_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- ssl_Context_new, /* tp_new */
-};
-
-
-/*
- * Initialize the Context part of the SSL sub module
- *
- * Arguments: dict - The OpenSSL.SSL module
- * Returns: 1 for success, 0 otherwise
- */
-int
-init_ssl_context(PyObject *module) {
-
- if (PyType_Ready(&ssl_Context_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&ssl_Context_Type);
- if (PyModule_AddObject(module, "Context", (PyObject *)&ssl_Context_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&ssl_Context_Type);
- if (PyModule_AddObject(module, "ContextType", (PyObject *)&ssl_Context_Type) < 0) {
- return 0;
- }
-
- return 1;
-}
-
diff --git a/OpenSSL/ssl/context.h b/OpenSSL/ssl/context.h
deleted file mode 100644
index 989d8f1..0000000
--- a/OpenSSL/ssl/context.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * context.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Export SSL Context object data structures and functions.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- *
- */
-#ifndef PyOpenSSL_SSL_CONTEXT_H_
-#define PyOpenSSL_SSL_CONTEXT_H_
-
-#include <Python.h>
-#include <openssl/ssl.h>
-
-extern int init_ssl_context (PyObject *);
-
-extern PyTypeObject ssl_Context_Type;
-
-#define ssl_Context_Check(v) ((v)->ob_type == &ssl_Context_Type)
-
-typedef struct {
- PyObject_HEAD
- SSL_CTX *ctx;
- PyObject *passphrase_callback,
- *passphrase_userdata,
- *verify_callback,
- *info_callback,
- *tlsext_servername_callback,
- *app_data;
- PyThreadState *tstate;
-} ssl_ContextObj;
-
-#define ssl_SSLv2_METHOD (1)
-#define ssl_SSLv3_METHOD (2)
-#define ssl_SSLv23_METHOD (3)
-#define ssl_TLSv1_METHOD (4)
-#define ssl_TLSv1_1_METHOD (5)
-#define ssl_TLSv1_2_METHOD (6)
-
-
-#endif
diff --git a/OpenSSL/ssl/session.c b/OpenSSL/ssl/session.c
deleted file mode 100644
index f9932a4..0000000
--- a/OpenSSL/ssl/session.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * session.c
- *
- * Copyright (C) Jean-Paul Calderone
- * Copyright (C) Alejandro Alvarez Ayllon
- * See LICENSE for details.
- *
- * SSL Session object data structures and functions.
- *
- */
-#include <Python.h>
-#define SSL_MODULE
-#include "ssl.h"
-
-static char ssl_Session_doc[] = "\n\
-Session() -> Session instance\n\
-\n\
-";
-
-/*
- * Initialize an already-constructed Session instance with an OpenSSL session
- * structure (or NULL). A reference to the OpenSSL session structure is stolen.
- */
-static ssl_SessionObj*
-ssl_Session_init(ssl_SessionObj *self, SSL_SESSION *native_session) {
- self->session = native_session;
- return self;
-}
-
-/*
- * Create a Session object
- */
-static PyObject*
-ssl_Session_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
- ssl_SessionObj *self;
-
- if (!PyArg_ParseTuple(args, ":Session")) {
- return NULL;
- }
-
- self = PyObject_New(ssl_SessionObj, &ssl_Session_Type);
- if (self == NULL) {
- return NULL;
- }
-
- return (PyObject *)ssl_Session_init(self, NULL);
-}
-
-/*
- * Create a Session object from an existing SSL_SESSION*. A reference to the
- * SSL_SESSION* is stolen.
- */
-ssl_SessionObj*
-ssl_Session_from_SSL_SESSION(SSL_SESSION *native_session) {
- ssl_SessionObj *self;
-
- self = PyObject_New(ssl_SessionObj, &ssl_Session_Type);
- if (self == NULL) {
- return NULL;
- }
-
- return ssl_Session_init(self, native_session);
-}
-
-/*
- * Discard the reference to the OpenSSL session structure, if there is one, so
- * that it can be freed if it is no longer in use. Also release the memory for
- * the Python object.
- */
-static void
-ssl_Session_dealloc(ssl_SessionObj *self) {
- if (self->session != NULL) {
- SSL_SESSION_free(self->session);
- self->session = NULL;
- }
- Py_TYPE(self)->tp_free((PyObject*)self);
-}
-
-/*
- * Member methods in the Session object
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)ssl_Session_name, METH_VARARGS }
- * for convenience
- * ADD_ALIAS(name,real) creates an "alias" of the ssl_Session_real
- * function with the name 'name'
- */
-#define ADD_METHOD(name) { #name, (PyCFunction)ssl_Session_##name, METH_VARARGS, ssl_Session_##name##_doc }
-static PyMethodDef ssl_Session_methods[] = {
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-/*
- * The Python Session type definition.
- */
-PyTypeObject ssl_Session_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "OpenSSL.SSL.Session",
- sizeof(ssl_SessionObj),
- 0,
- (destructor)ssl_Session_dealloc, /* tp_dealloc */
- NULL, /* print */
- NULL, /* tp_getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT, // Py_TPFLAGS_HAVE_GC, /* tp_flags */
- ssl_Session_doc, /* tp_doc */
- NULL, // (traverseproc)ssl_Session_traverse, /* tp_traverse */
- NULL, // (inquiry)ssl_Session_clear, /* tp_clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- ssl_Session_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- ssl_Session_new, /* tp_new */
-};
-
-/*
- * Initialize the Session part of the SSL sub module
- *
- * Arguments: dict - The OpenSSL.SSL module
- * Returns: 1 for success, 0 otherwise
- */
-int
-init_ssl_session(PyObject *module) {
-
- if (PyType_Ready(&ssl_Session_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&ssl_Session_Type);
- if (PyModule_AddObject(module, "Session", (PyObject *)&ssl_Session_Type) < 0) {
- return 0;
- }
-
- return 1;
-}
-
diff --git a/OpenSSL/ssl/session.h b/OpenSSL/ssl/session.h
deleted file mode 100644
index 4e8de11..0000000
--- a/OpenSSL/ssl/session.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * session.h
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * Defined here is the Python type which represents an SSL session by wrapping
- * an OpenSSL SSL_SESSION*.
- *
- */
-
-#ifndef PyOpenSSL_SSL_SESSION_H_
-#define PyOpenSSL_SSL_SESSION_H_
-
-#include <Python.h>
-#include <openssl/ssl.h>
-
-typedef struct {
- PyObject_HEAD
- SSL_SESSION *session;
-} ssl_SessionObj;
-
-extern PyTypeObject ssl_Session_Type;
-
-extern int init_ssl_session(PyObject *);
-extern ssl_SessionObj *ssl_Session_from_SSL_SESSION(SSL_SESSION *native_session);
-
-#endif
diff --git a/OpenSSL/ssl/ssl.c b/OpenSSL/ssl/ssl.c
deleted file mode 100644
index 0087cbb..0000000
--- a/OpenSSL/ssl/ssl.c
+++ /dev/null
@@ -1,326 +0,0 @@
-/*
- * ssl.c
- *
- * Copyright (C) AB Strakt
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * Main file of the SSL sub module.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- */
-#include <Python.h>
-
-#ifndef MS_WINDOWS
-# include <sys/socket.h>
-# include <netinet/in.h>
-# if !(defined(__BEOS__) || defined(__CYGWIN__))
-# include <netinet/tcp.h>
-# endif
-#else
-# include <winsock.h>
-# include <wincrypt.h>
-#endif
-
-#define SSL_MODULE
-#include "ssl.h"
-
-static char ssl_doc[] = "\n\
-Main file of the SSL sub module.\n\
-See the file RATIONALE for a short explanation of why this module was written.\n\
-";
-
-crypto_X509Obj* (*new_x509)(X509*, int);
-crypto_X509NameObj* (*new_x509name)(X509_NAME*, int);
-crypto_X509StoreObj* (*new_x509store)(X509_STORE*, int);
-
-
-#ifndef PY3
-void **crypto_API;
-#endif
-
-int _pyOpenSSL_tstate_key;
-
-/* Exceptions defined by the SSL submodule */
-PyObject *ssl_Error, /* Base class */
- *ssl_ZeroReturnError, /* Used with SSL_get_error */
- *ssl_WantReadError, /* ... */
- *ssl_WantWriteError, /* ... */
- *ssl_WantX509LookupError, /* ... */
- *ssl_SysCallError; /* Uses (errno,errstr) */
-
-static char ssl_SSLeay_version_doc[] = "\n\
-Return a string describing the version of OpenSSL in use.\n\
-\n\
-:param type: One of the SSLEAY_ constants defined in this module.\n\
-";
-
-static PyObject *
-ssl_SSLeay_version(PyObject *spam, PyObject *args) {
- int t;
- const char *version;
-
- if (!PyArg_ParseTuple(args, "i:SSLeay_version", &t)) {
- return NULL;
- }
-
- version = SSLeay_version(t);
- return PyBytes_FromStringAndSize(version, strlen(version));
-}
-
-
-
-/* Methods in the OpenSSL.SSL module */
-static PyMethodDef ssl_methods[] = {
- { "SSLeay_version", ssl_SSLeay_version, METH_VARARGS, ssl_SSLeay_version_doc },
- { NULL, NULL }
-};
-
-#ifdef PY3
-static struct PyModuleDef sslmodule = {
- PyModuleDef_HEAD_INIT,
- "xSSL",
- ssl_doc,
- -1,
- ssl_methods
-};
-#endif
-
-/*
- * Initialize SSL sub module
- *
- * Arguments: None
- * Returns: None
- */
-PyOpenSSL_MODINIT(xSSL) {
- PyObject *module;
-#ifndef PY3
- static void *ssl_API[ssl_API_pointers];
- PyObject *ssl_api_object;
-
- import_crypto();
-
- new_x509 = crypto_X509_New;
- new_x509name = crypto_X509Name_New;
- new_x509store = crypto_X509Store_New;
-#else
-# ifdef _WIN32
- HMODULE crypto = GetModuleHandle("crypto.pyd");
- if (crypto == NULL) {
- PyErr_SetString(PyExc_RuntimeError, "Unable to get crypto module");
- PyOpenSSL_MODRETURN(NULL);
- }
-
- new_x509 = (crypto_X509Obj* (*)(X509*, int))GetProcAddress(crypto, "crypto_X509_New");
- new_x509name = (crypto_X509NameObj* (*)(X509_NAME*, int))GetProcAddress(crypto, "crypto_X509Name_New");
- new_x509store = (crypto_X509StoreObj* (*)(X509_STORE*, int))GetProcAddress(crypto, "crypto_X509Store_New");
-# else
- new_x509 = crypto_X509_New;
- new_x509name = crypto_X509Name_New;
- new_x509store = crypto_X509Store_New;
-# endif
-#endif
-
- SSL_library_init();
- ERR_load_SSL_strings();
-
-#ifdef PY3
- module = PyModule_Create(&sslmodule);
-#else
- module = Py_InitModule3("xSSL", ssl_methods, ssl_doc);
-#endif
- if (module == NULL) {
- PyOpenSSL_MODRETURN(NULL);
- }
-
-#ifndef PY3
- /* Initialize the C API pointer array */
- ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New;
- ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New;
- ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL);
- if (ssl_api_object != NULL) {
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF(ssl_api_object);
- PyModule_AddObject(module, "_C_API", ssl_api_object);
- }
-#endif
-
- /* Exceptions */
-/*
- * ADD_EXCEPTION(dict,name,base) expands to a correct Exception declaration,
- * inserting OpenSSL.SSL.name into dict, derviving the exception from base.
- */
-#define ADD_EXCEPTION(_name, _base) \
-do { \
- ssl_##_name = PyErr_NewException("OpenSSL.SSL."#_name, _base, NULL);\
- if (ssl_##_name == NULL) \
- goto error; \
- /* PyModule_AddObject steals a reference. */ \
- Py_INCREF(ssl_##_name); \
- if (PyModule_AddObject(module, #_name, ssl_##_name) != 0) \
- goto error; \
-} while (0)
-
- ssl_Error = PyErr_NewException("OpenSSL.SSL.Error", NULL, NULL);
- if (ssl_Error == NULL) {
- goto error;
- }
-
- /* PyModule_AddObject steals a reference. */
- Py_INCREF(ssl_Error);
- if (PyModule_AddObject(module, "Error", ssl_Error) != 0)
- goto error;
-
- ADD_EXCEPTION(ZeroReturnError, ssl_Error);
- ADD_EXCEPTION(WantReadError, ssl_Error);
- ADD_EXCEPTION(WantWriteError, ssl_Error);
- ADD_EXCEPTION(WantX509LookupError, ssl_Error);
- ADD_EXCEPTION(SysCallError, ssl_Error);
-#undef ADD_EXCEPTION
-
- /* Method constants */
- PyModule_AddIntConstant(module, "SSLv2_METHOD", ssl_SSLv2_METHOD);
- PyModule_AddIntConstant(module, "SSLv3_METHOD", ssl_SSLv3_METHOD);
- PyModule_AddIntConstant(module, "SSLv23_METHOD", ssl_SSLv23_METHOD);
- PyModule_AddIntConstant(module, "TLSv1_METHOD", ssl_TLSv1_METHOD);
- PyModule_AddIntConstant(module, "TLSv1_1_METHOD", ssl_TLSv1_1_METHOD);
- PyModule_AddIntConstant(module, "TLSv1_2_METHOD", ssl_TLSv1_2_METHOD);
-
- /* Verify constants */
- PyModule_AddIntConstant(module, "VERIFY_NONE", SSL_VERIFY_NONE);
- PyModule_AddIntConstant(module, "VERIFY_PEER", SSL_VERIFY_PEER);
- PyModule_AddIntConstant(module, "VERIFY_FAIL_IF_NO_PEER_CERT",
- SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
- PyModule_AddIntConstant(module, "VERIFY_CLIENT_ONCE",
- SSL_VERIFY_CLIENT_ONCE);
-
- /* File type constants */
- PyModule_AddIntConstant(module, "FILETYPE_PEM", SSL_FILETYPE_PEM);
- PyModule_AddIntConstant(module, "FILETYPE_ASN1", SSL_FILETYPE_ASN1);
-
- /* SSL option constants */
- PyModule_AddIntConstant(module, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE);
- PyModule_AddIntConstant(module, "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA);
- PyModule_AddIntConstant(module, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
- PyModule_AddIntConstant(module, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
- PyModule_AddIntConstant(module, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
-#ifdef SSL_OP_NO_TLSv1_1
- PyModule_AddIntConstant(module, "OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1);
-#endif
-#ifdef SSL_OP_NO_TLSv1_2
- PyModule_AddIntConstant(module, "OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2);
-#endif
-
- /* More SSL option constants */
- PyModule_AddIntConstant(module, "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG);
- PyModule_AddIntConstant(module, "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG);
- PyModule_AddIntConstant(module, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
- PyModule_AddIntConstant(module, "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
- PyModule_AddIntConstant(module, "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
- PyModule_AddIntConstant(module, "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING);
- PyModule_AddIntConstant(module, "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
- PyModule_AddIntConstant(module, "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG);
- PyModule_AddIntConstant(module, "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG);
- PyModule_AddIntConstant(module, "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
- PyModule_AddIntConstant(module, "OP_ALL", SSL_OP_ALL);
- PyModule_AddIntConstant(module, "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE);
- PyModule_AddIntConstant(module, "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG);
- PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1);
- PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2);
- PyModule_AddIntConstant(module, "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG);
- PyModule_AddIntConstant(module, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
-
-#ifdef SSL_OP_NO_COMPRESSION
- PyModule_AddIntConstant(module, "OP_NO_COMPRESSION", SSL_OP_NO_COMPRESSION);
-#endif
-
- /* DTLS related options. The first two of these were introduced in
- * 2005, the third in 2007. To accomodate systems which are still using
- * older versions, make them optional. */
-#ifdef SSL_OP_NO_QUERY_MTU
- PyModule_AddIntConstant(module, "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU);
-#endif
-#ifdef SSL_OP_COOKIE_EXCHANGE
- PyModule_AddIntConstant(module, "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE);
-#endif
-#ifdef SSL_OP_NO_TICKET
- PyModule_AddIntConstant(module, "OP_NO_TICKET", SSL_OP_NO_TICKET);
-#endif
-
- /* For SSL_set_shutdown */
- PyModule_AddIntConstant(module, "SENT_SHUTDOWN", SSL_SENT_SHUTDOWN);
- PyModule_AddIntConstant(module, "RECEIVED_SHUTDOWN", SSL_RECEIVED_SHUTDOWN);
-
- /* For set_info_callback */
- PyModule_AddIntConstant(module, "SSL_ST_CONNECT", SSL_ST_CONNECT);
- PyModule_AddIntConstant(module, "SSL_ST_ACCEPT", SSL_ST_ACCEPT);
- PyModule_AddIntConstant(module, "SSL_ST_MASK", SSL_ST_MASK);
- PyModule_AddIntConstant(module, "SSL_ST_INIT", SSL_ST_INIT);
- PyModule_AddIntConstant(module, "SSL_ST_BEFORE", SSL_ST_BEFORE);
- PyModule_AddIntConstant(module, "SSL_ST_OK", SSL_ST_OK);
- PyModule_AddIntConstant(module, "SSL_ST_RENEGOTIATE", SSL_ST_RENEGOTIATE);
- PyModule_AddIntConstant(module, "SSL_CB_LOOP", SSL_CB_LOOP);
- PyModule_AddIntConstant(module, "SSL_CB_EXIT", SSL_CB_EXIT);
- PyModule_AddIntConstant(module, "SSL_CB_READ", SSL_CB_READ);
- PyModule_AddIntConstant(module, "SSL_CB_WRITE", SSL_CB_WRITE);
- PyModule_AddIntConstant(module, "SSL_CB_ALERT", SSL_CB_ALERT);
- PyModule_AddIntConstant(module, "SSL_CB_READ_ALERT", SSL_CB_READ_ALERT);
- PyModule_AddIntConstant(module, "SSL_CB_WRITE_ALERT", SSL_CB_WRITE_ALERT);
- PyModule_AddIntConstant(module, "SSL_CB_ACCEPT_LOOP", SSL_CB_ACCEPT_LOOP);
- PyModule_AddIntConstant(module, "SSL_CB_ACCEPT_EXIT", SSL_CB_ACCEPT_EXIT);
- PyModule_AddIntConstant(module, "SSL_CB_CONNECT_LOOP", SSL_CB_CONNECT_LOOP);
- PyModule_AddIntConstant(module, "SSL_CB_CONNECT_EXIT", SSL_CB_CONNECT_EXIT);
- PyModule_AddIntConstant(module, "SSL_CB_HANDSHAKE_START", SSL_CB_HANDSHAKE_START);
- PyModule_AddIntConstant(module, "SSL_CB_HANDSHAKE_DONE", SSL_CB_HANDSHAKE_DONE);
-
- /* Version information indicators, used with SSLeay_version */
- PyModule_AddIntConstant(module, "SSLEAY_VERSION", SSLEAY_VERSION);
- PyModule_AddIntConstant(module, "SSLEAY_CFLAGS", SSLEAY_CFLAGS);
- PyModule_AddIntConstant(module, "SSLEAY_BUILT_ON", SSLEAY_BUILT_ON);
- PyModule_AddIntConstant(module, "SSLEAY_PLATFORM", SSLEAY_PLATFORM);
- PyModule_AddIntConstant(module, "SSLEAY_DIR", SSLEAY_DIR);
-
- /* Cache modes */
-#define CACHE_MODE(mode) \
- PyModule_AddIntConstant(module, "SESS_CACHE_" #mode, SSL_SESS_CACHE_##mode)
-
- CACHE_MODE(OFF);
- CACHE_MODE(CLIENT);
- CACHE_MODE(SERVER);
- CACHE_MODE(BOTH);
- CACHE_MODE(NO_AUTO_CLEAR);
- CACHE_MODE(NO_INTERNAL_LOOKUP);
- CACHE_MODE(NO_INTERNAL_STORE);
- CACHE_MODE(NO_INTERNAL);
-#undef CACHE_MODE
-
- /* Straight up version number */
- PyModule_AddIntConstant(module, "OPENSSL_VERSION_NUMBER", OPENSSL_VERSION_NUMBER);
-
- /* SSL modes constants */
-#ifdef SSL_MODE_RELEASE_BUFFERS
- PyModule_AddIntConstant(module, "MODE_RELEASE_BUFFERS", SSL_MODE_RELEASE_BUFFERS);
-#endif
-
- if (!init_ssl_context(module))
- goto error;
- if (!init_ssl_session(module))
- goto error;
- if (!init_ssl_connection(module))
- goto error;
-
-#ifdef WITH_THREAD
- /*
- * Initialize this module's threading support structures.
- */
- _pyOpenSSL_tstate_key = PyThread_create_key();
-#endif
-
- PyOpenSSL_MODRETURN(module);
-
-error:
- PyOpenSSL_MODRETURN(NULL);
- ;
-}
diff --git a/OpenSSL/ssl/ssl.h b/OpenSSL/ssl/ssl.h
deleted file mode 100644
index 3074ba5..0000000
--- a/OpenSSL/ssl/ssl.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * ssl.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Export functions and exceptions from the SSL sub module.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- *
- */
-#ifndef PyOpenSSL_SSL_H_
-#define PyOpenSSL_SSL_H_
-
-#include <Python.h>
-#include <pythread.h>
-#include "context.h"
-#include "session.h"
-#include "connection.h"
-#include "../util.h"
-#include "../crypto/crypto.h"
-
-extern PyObject *ssl_Error, /* Base class */
- *ssl_ZeroReturnError, /* Used with SSL_get_erorr */
- *ssl_WantReadError, /* ... */
- *ssl_WantWriteError, /* ... */
- *ssl_WantX509LookupError, /* ... */
- *ssl_SysCallError; /* Uses (errno,errstr) */
-
-#define ssl_Context_New_NUM 0
-#define ssl_Context_New_RETURN ssl_ContextObj *
-#define ssl_Context_New_PROTO (int method)
-
-#define ssl_Connection_New_NUM 1
-#define ssl_Connection_New_RETURN ssl_ConnectionObj *
-#define ssl_Connection_New_PROTO (ssl_ContextObj *ctx, PyObject *sock)
-
-#define ssl_API_pointers 2
-
-#ifdef WITH_THREAD
-extern int _pyOpenSSL_tstate_key;
-#endif /* WITH_THREAD */
-
-#ifdef SSL_MODULE
-
-extern ssl_Context_New_RETURN ssl_Context_New ssl_Context_New_PROTO;
-extern ssl_Connection_New_RETURN ssl_Connection_New ssl_Connection_New_PROTO;
-
-extern crypto_X509Obj* (*new_x509)(X509*, int);
-extern crypto_X509NameObj* (*new_x509name)(X509_NAME*, int);
-extern crypto_X509StoreObj* (*new_x509store)(X509_STORE*, int);
-
-#else /* SSL_MODULE */
-
-extern void **ssl_API;
-
-#define ssl_Context_New \
- (*(ssl_Context_New_RETURN (*)ssl_Context_New_PROTO) ssl_API[ssl_Context_New_NUM])
-#define ssl_Connection_New \
- (*(ssl_Connection_New_RETURN (*)ssl_Connection_New_PROTO) ssl_API[ssl_Connection_New_NUM])
-
-#define import_SSL() \
-{ \
- PyObject *module = PyImport_ImportModule("OpenSSL.SSL"); \
- if (module != NULL) { \
- PyObject *module_dict = PyModule_GetDict(module); \
- PyObject *c_api_object = PyDict_GetItemString(module_dict, "_C_API"); \
- if (PyCObject_Check(c_api_object)) { \
- ssl_API = (void **)PyCObject_AsVoidPtr(c_api_object); \
- } \
- } \
-}
-
-#endif /* SSL_MODULE */
-
-#endif /* PyOpenSSL_SSL_H_ */