Python 3.x support
diff --git a/ChangeLog b/ChangeLog
index e00a831..3c5a358 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-10-07 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Initial support for Python 3.x throughout the codebase.
+
2010-09-14 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/netscape_spki.c: Fix an off-by-one mistake in the
diff --git a/OpenSSL/__init__.py b/OpenSSL/__init__.py
index 6f393ff..51dfdc9 100644
--- a/OpenSSL/__init__.py
+++ b/OpenSSL/__init__.py
@@ -8,5 +8,21 @@
"""
pyOpenSSL - A simple wrapper around the OpenSSL library
"""
-import rand, crypto, SSL, tsafe
-from version import __version__
+
+import sys
+try:
+ orig = sys.getdlopenflags()
+except AttributeError:
+ pass
+else:
+ sys.setdlopenflags(2 | 256)
+ from OpenSSL import crypto
+ sys.setdlopenflags(orig)
+ del orig
+del sys
+
+from OpenSSL import rand, crypto, SSL
+from OpenSSL.version import __version__
+
+__all__ = [
+ 'rand', 'crypto', 'SSL', 'tsafe', '__version__']
diff --git a/OpenSSL/crypto/crl.c b/OpenSSL/crypto/crl.c
index 8e1c135..bc76f22 100644
--- a/OpenSSL/crypto/crl.c
+++ b/OpenSSL/crypto/crl.c
@@ -116,7 +116,10 @@
@type cert: L{X509}\n\
@param key: Used to sign CRL.\n\
@type key: L{PKey}\n\
-@return: None\n\
+@param type: The export format, either L{FILETYPE_PEM}, L{FILETYPE_ASN1}, or L{FILETYPE_TEXT}.\n\
+@param days: The number of days until the next update of this CRL.\n\
+@type days: L{int}\n\
+@return: L{str}\n\
";
static PyObject *
crypto_CRL_export(crypto_CRLObj *self, PyObject *args, PyObject *keywds) {
@@ -172,7 +175,7 @@
return NULL;
}
buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyString_FromStringAndSize(temp, buf_len);
+ buffer = PyBytes_FromStringAndSize(temp, buf_len);
BIO_free(bio);
return buffer;
}
@@ -207,11 +210,6 @@
#undef ADD_METHOD
-static PyObject *
-crypto_CRL_getattr(crypto_CRLObj *self, char *name) {
- return Py_FindMethod(crypto_CRL_methods, (PyObject *)self, name);
-}
-
static void
crypto_CRL_dealloc(crypto_CRLObj *self) {
X509_CRL_free(self->crl);
@@ -237,14 +235,13 @@
}
PyTypeObject crypto_CRL_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"CRL",
sizeof(crypto_CRLObj),
0,
(destructor)crypto_CRL_dealloc,
NULL, /* print */
- (getattrfunc)crypto_CRL_getattr,
+ NULL, /* getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
diff --git a/OpenSSL/crypto/crypto.c b/OpenSSL/crypto/crypto.c
index d9f1a4e..1a122b2 100644
--- a/OpenSSL/crypto/crypto.c
+++ b/OpenSSL/crypto/crypto.c
@@ -24,6 +24,18 @@
PyObject *crypto_Error;
+int crypto_byte_converter(PyObject *input, void* output) {
+ char **message = output;
+ if (input == Py_None) {
+ *message = NULL;
+ } else if (PyBytes_CheckExact(input)) {
+ *message = PyBytes_AsString(input);
+ } else {
+ return 0;
+ }
+ return 1;
+}
+
static int
global_passphrase_callback(char *buf, int len, int rwflag, void *cb_arg)
{
@@ -36,15 +48,15 @@
Py_DECREF(argv);
if (ret == NULL)
return 0;
- if (!PyString_Check(ret))
+ if (!PyBytes_Check(ret))
{
PyErr_SetString(PyExc_ValueError, "String expected");
return 0;
}
- nchars = PyString_Size(ret);
+ nchars = PyBytes_Size(ret);
if (nchars > len)
nchars = len;
- strncpy(buf, PyString_AsString(ret), nchars);
+ strncpy(buf, PyBytes_AsString(ret), nchars);
return nchars;
}
@@ -77,10 +89,10 @@
if (pw != NULL)
{
- if (PyString_Check(pw))
+ if (PyBytes_Check(pw))
{
cb = NULL;
- cb_arg = PyString_AsString(pw);
+ cb_arg = PyBytes_AsString(pw);
}
else if (PyCallable_Check(pw))
{
@@ -167,10 +179,10 @@
PyErr_SetString(PyExc_ValueError, "Invalid cipher name");
return NULL;
}
- if (PyString_Check(pw))
+ if (PyBytes_Check(pw))
{
cb = NULL;
- cb_arg = PyString_AsString(pw);
+ cb_arg = PyBytes_AsString(pw);
}
else if (PyCallable_Check(pw))
{
@@ -220,7 +232,7 @@
}
buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyString_FromStringAndSize(temp, buf_len);
+ buffer = PyBytes_FromStringAndSize(temp, buf_len);
BIO_free(bio);
return buffer;
@@ -323,7 +335,7 @@
}
buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyString_FromStringAndSize(temp, buf_len);
+ buffer = PyBytes_FromStringAndSize(temp, buf_len);
BIO_free(bio);
return buffer;
@@ -426,7 +438,7 @@
}
buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyString_FromStringAndSize(temp, buf_len);
+ buffer = PyBytes_FromStringAndSize(temp, buf_len);
BIO_free(bio);
return buffer;
@@ -578,7 +590,7 @@
return NULL;
str = X509_verify_cert_error_string(errnum);
- return PyString_FromString(str);
+ return PyText_FromString(str);
}
static char crypto_exception_from_error_queue_doc[] = "\n\
@@ -612,8 +624,9 @@
EVP_MD_CTX md_ctx;
unsigned char sig_buf[512];
- if (!PyArg_ParseTuple(args, "O!ss:sign", &crypto_PKey_Type,
- &pkey, &data, &digest_name)) {
+ if (!PyArg_ParseTuple(
+ args, "O!" BYTESTRING_FMT "s:sign", &crypto_PKey_Type,
+ &pkey, &data, &digest_name)) {
return NULL;
}
@@ -632,7 +645,7 @@
return NULL;
}
- buffer = PyString_FromStringAndSize((char*)sig_buf, sig_len);
+ buffer = PyBytes_FromStringAndSize((char*)sig_buf, sig_len);
return buffer;
}
@@ -657,8 +670,11 @@
EVP_MD_CTX md_ctx;
EVP_PKEY *pkey;
- if (!PyArg_ParseTuple(args, "O!t#ss:verify", &crypto_X509_Type, &cert, &signature, &sig_len,
- &data, &digest_name)) {
+#ifdef PY3
+ if (!PyArg_ParseTuple(args, "O!" BYTESTRING_FMT "#" BYTESTRING_FMT "s:verify", &crypto_X509_Type, &cert, &signature, &sig_len, &data, &digest_name)) {
+#else
+ if (!PyArg_ParseTuple(args, "O!t#ss:verify", &crypto_X509_Type, &cert, &signature, &sig_len, &data, &digest_name)) {
+#endif
return NULL;
}
@@ -772,6 +788,15 @@
#endif
+#ifdef PY3
+static struct PyModuleDef cryptomodule = {
+ PyModuleDef_HEAD_INIT,
+ "crypto",
+ crypto_doc,
+ -1,
+ crypto_methods
+};
+#endif
/*
* Initialize crypto sub module
@@ -779,19 +804,27 @@
* Arguments: None
* Returns: None
*/
-void
-initcrypto(void)
-{
+PyOpenSSL_MODINIT(crypto) {
+#ifndef PY3
static void *crypto_API[crypto_API_pointers];
PyObject *c_api_object;
+#endif
PyObject *module;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
- if ((module = Py_InitModule3("crypto", crypto_methods, crypto_doc)) == NULL)
- return;
+#ifdef PY3
+ module = PyModule_Create(&cryptomodule);
+#else
+ module = Py_InitModule3("crypto", crypto_methods, crypto_doc);
+#endif
+ if (module == NULL) {
+ PyOpenSSL_MODRETURN(NULL);
+ }
+
+#ifndef PY3
/* Initialize the C API pointer array */
crypto_API[crypto_X509_New_NUM] = (void *)crypto_X509_New;
crypto_API[crypto_X509Name_New_NUM] = (void *)crypto_X509Name_New;
@@ -804,6 +837,7 @@
c_api_object = PyCObject_FromVoidPtr((void *)crypto_API, NULL);
if (c_api_object != NULL)
PyModule_AddObject(module, "_C_API", c_api_object);
+#endif
crypto_Error = PyErr_NewException("OpenSSL.crypto.Error", NULL, NULL);
if (crypto_Error == NULL)
@@ -844,6 +878,10 @@
goto error;
if (!init_crypto_revoked(module))
goto error;
+
+ PyOpenSSL_MODRETURN(module);
+
error:
+ PyOpenSSL_MODRETURN(NULL);
;
}
diff --git a/OpenSSL/crypto/crypto.h b/OpenSSL/crypto/crypto.h
index 057b5dd..75961a7 100644
--- a/OpenSSL/crypto/crypto.h
+++ b/OpenSSL/crypto/crypto.h
@@ -63,7 +63,7 @@
#define crypto_API_pointers 8
-#ifdef crypto_MODULE
+#if defined(PY3) || defined(crypto_MODULE)
extern crypto_X509_New_RETURN crypto_X509_New crypto_X509_New_PROTO;
extern crypto_X509Name_New_RETURN crypto_X509Name_New crypto_X509Name_New_PROTO;
@@ -74,6 +74,8 @@
extern crypto_PKCS7_New_RETURN crypto_PKCS7_New crypto_PKCS7_New_PROTO;
extern crypto_NetscapeSPKI_New_RETURN crypto_NetscapeSPKI_New crypto_NetscapeSPKI_New_PROTO;
+int crypto_byte_converter(PyObject *input, void *output);
+
#else /* crypto_MODULE */
extern void **crypto_API;
diff --git a/OpenSSL/crypto/netscape_spki.c b/OpenSSL/crypto/netscape_spki.c
index ada5ef6..ff40962 100644
--- a/OpenSSL/crypto/netscape_spki.c
+++ b/OpenSSL/crypto/netscape_spki.c
@@ -149,7 +149,7 @@
return NULL;
}
- return PyInt_FromLong((long)answer);
+ return PyLong_FromLong((long)answer);
}
static char crypto_NetscapeSPKI_b64_encode_doc[] = "\n\
@@ -167,7 +167,7 @@
return NULL;
str = NETSCAPE_SPKI_b64_encode(self->netscape_spki);
- return PyString_FromString(str);
+ return PyBytes_FromString(str);
}
@@ -243,29 +243,14 @@
};
#undef ADD_METHOD
-/*
- * Find attribute
- *
- * Arguments: self - The NetscapeSPKI object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something went
- * wrong
- */
-static PyObject *
-crypto_NetscapeSPKI_getattr(crypto_NetscapeSPKIObj *self, char *name)
-{
- return Py_FindMethod(crypto_NetscapeSPKI_methods, (PyObject *)self, name);
-}
-
PyTypeObject crypto_NetscapeSPKI_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"NetscapeSPKI",
sizeof(crypto_NetscapeSPKIObj),
0,
(destructor)crypto_NetscapeSPKI_dealloc,
NULL, /* print */
- (getattrfunc)crypto_NetscapeSPKI_getattr,
+ NULL, /* getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
diff --git a/OpenSSL/crypto/pkcs12.c b/OpenSSL/crypto/pkcs12.c
index 2302242..81d6074 100644
--- a/OpenSSL/crypto/pkcs12.c
+++ b/OpenSSL/crypto/pkcs12.c
@@ -202,8 +202,8 @@
kwlist, &name))
return NULL;
- if (name != Py_None && ! PyString_CheckExact(name)) {
- PyErr_SetString(PyExc_TypeError, "name must be a str or None");
+ if (name != Py_None && ! PyBytes_CheckExact(name)) {
+ PyErr_SetString(PyExc_TypeError, "name must be a byte string or None");
return NULL;
}
@@ -263,7 +263,7 @@
}
}
if (self->friendlyname != Py_None) {
- friendly_name = PyString_AsString(self->friendlyname);
+ friendly_name = PyBytes_AsString(self->friendlyname);
}
p12 = PKCS12_create(passphrase, friendly_name, pkey, x509, cacerts,
@@ -278,7 +278,7 @@
bio = BIO_new(BIO_s_mem());
i2d_PKCS12_bio(bio, p12);
buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyString_FromStringAndSize(temp, buf_len);
+ buffer = PyBytes_FromStringAndSize(temp, buf_len);
BIO_free(bio);
return buffer;
}
@@ -367,7 +367,8 @@
* certificate. */
alias_str = X509_alias_get0(cert, &alias_len);
if (alias_str) {
- if (!(self->friendlyname = Py_BuildValue("s#", alias_str, alias_len))) {
+ self->friendlyname = Py_BuildValue(BYTESTRING_FMT "#", alias_str, alias_len);
+ if (!self->friendlyname) {
/*
* XXX Untested
*/
@@ -439,20 +440,6 @@
}
/*
- * Find attribute
- *
- * Arguments: self - The PKCS12 object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something went
- * wrong
- */
-static PyObject *
-crypto_PKCS12_getattr(crypto_PKCS12Obj *self, char *name)
-{
- return Py_FindMethod(crypto_PKCS12_methods, (PyObject *)self, name);
-}
-
-/*
* Call the visitproc on all contained objects.
*
* Arguments: self - The PKCS12 object
@@ -512,14 +499,13 @@
}
PyTypeObject crypto_PKCS12_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"PKCS12",
sizeof(crypto_PKCS12Obj),
0,
(destructor)crypto_PKCS12_dealloc,
NULL, /* print */
- (getattrfunc)crypto_PKCS12_getattr,
+ NULL, /* getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
diff --git a/OpenSSL/crypto/pkcs7.c b/OpenSSL/crypto/pkcs7.c
index 1cb0813..fff95e2 100644
--- a/OpenSSL/crypto/pkcs7.c
+++ b/OpenSSL/crypto/pkcs7.c
@@ -24,9 +24,9 @@
return NULL;
if (PKCS7_type_is_signed(self->pkcs7))
- return PyInt_FromLong(1L);
+ return PyLong_FromLong(1L);
else
- return PyInt_FromLong(0L);
+ return PyLong_FromLong(0L);
}
static char crypto_PKCS7_type_is_enveloped_doc[] = "\n\
@@ -42,9 +42,9 @@
return NULL;
if (PKCS7_type_is_enveloped(self->pkcs7))
- return PyInt_FromLong(1L);
+ return PyLong_FromLong(1L);
else
- return PyInt_FromLong(0L);
+ return PyLong_FromLong(0L);
}
static char crypto_PKCS7_type_is_signedAndEnveloped_doc[] = "\n\
@@ -60,9 +60,9 @@
return NULL;
if (PKCS7_type_is_signedAndEnveloped(self->pkcs7))
- return PyInt_FromLong(1L);
+ return PyLong_FromLong(1L);
else
- return PyInt_FromLong(0L);
+ return PyLong_FromLong(0L);
}
static char crypto_PKCS7_type_is_data_doc[] = "\n\
@@ -78,9 +78,9 @@
return NULL;
if (PKCS7_type_is_data(self->pkcs7))
- return PyInt_FromLong(1L);
+ return PyLong_FromLong(1L);
else
- return PyInt_FromLong(0L);
+ return PyLong_FromLong(0L);
}
static char crypto_PKCS7_get_type_name_doc[] = "\n\
@@ -98,7 +98,7 @@
/*
* return a string with the typename
*/
- return PyString_FromString(OBJ_nid2sn(OBJ_obj2nid(self->pkcs7->type)));
+ return PyBytes_FromString(OBJ_nid2sn(OBJ_obj2nid(self->pkcs7->type)));
}
/*
@@ -160,29 +160,14 @@
PyObject_Del(self);
}
-/*
- * Find attribute
- *
- * Arguments: self - The PKCS7 object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something went
- * wrong
- */
-static PyObject *
-crypto_PKCS7_getattr(crypto_PKCS7Obj *self, char *name)
-{
- return Py_FindMethod(crypto_PKCS7_methods, (PyObject *)self, name);
-}
-
PyTypeObject crypto_PKCS7_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"PKCS7",
sizeof(crypto_PKCS7Obj),
0,
(destructor)crypto_PKCS7_dealloc,
NULL, /* print */
- (getattrfunc)crypto_PKCS7_getattr,
+ NULL, /* getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
@@ -191,7 +176,19 @@
NULL, /* as_mapping */
NULL, /* hash */
NULL, /* call */
- NULL /* str */
+ NULL, /* str */
+ NULL, /* getattro */
+ NULL, /* setattro */
+ NULL, /* as_buffer */
+ Py_TPFLAGS_DEFAULT,
+ NULL, /* doc */
+ NULL, /* traverse */
+ NULL, /* clear */
+ NULL, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+ NULL, /* tp_iter */
+ NULL, /* tp_iternext */
+ crypto_PKCS7_methods, /* tp_methods */
};
/*
diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c
index 583a2a1..6494d2a 100644
--- a/OpenSSL/crypto/pkey.c
+++ b/OpenSSL/crypto/pkey.c
@@ -88,7 +88,7 @@
if (!PyArg_ParseTuple(args, ":bits"))
return NULL;
- return PyInt_FromLong(EVP_PKEY_bits(self->pkey));
+ return PyLong_FromLong(EVP_PKEY_bits(self->pkey));
}
static char crypto_PKey_type_doc[] = "\n\
@@ -103,7 +103,7 @@
if (!PyArg_ParseTuple(args, ":type"))
return NULL;
- return PyInt_FromLong(self->pkey->type);
+ return PyLong_FromLong(self->pkey->type);
}
@@ -196,29 +196,14 @@
PyObject_Del(self);
}
-/*
- * Find attribute
- *
- * Arguments: self - The PKey object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something went
- * wrong
- */
-static PyObject *
-crypto_PKey_getattr(crypto_PKeyObj *self, char *name)
-{
- return Py_FindMethod(crypto_PKey_methods, (PyObject *)self, name);
-}
-
PyTypeObject crypto_PKey_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"OpenSSL.crypto.PKey",
sizeof(crypto_PKeyObj),
0,
(destructor)crypto_PKey_dealloc,
NULL, /* print */
- (getattrfunc)crypto_PKey_getattr,
+ NULL, /* getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
diff --git a/OpenSSL/crypto/revoked.c b/OpenSSL/crypto/revoked.c
index 3042c4d..e9b1297 100644
--- a/OpenSSL/crypto/revoked.c
+++ b/OpenSSL/crypto/revoked.c
@@ -36,7 +36,7 @@
list = PyList_New(0);
for (j = 0; j < NUM_REASONS; j++) {
if(crl_reasons[j]) {
- str = PyString_FromString(crl_reasons[j]);
+ str = PyBytes_FromString(crl_reasons[j]);
PyList_Append(list, str);
Py_DECREF(str);
}
@@ -66,7 +66,7 @@
/* Convert to a Python string. */
str_len = BIO_get_mem_data(bio, &tmp_str);
- str = PyString_FromStringAndSize(tmp_str, str_len);
+ str = PyBytes_FromStringAndSize(tmp_str, str_len);
/* Cleanup */
BIO_free(bio);
@@ -122,6 +122,7 @@
return reason_code;
}
+
static char crypto_Revoked_set_reason_doc[] = "\n\
Set the reason of a Revoked object.\n\
\n\
@@ -136,8 +137,9 @@
int reason_code;
ASN1_ENUMERATED *rtmp = NULL;
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "z:set_reason",
- kwlist, &reason_str)) {
+ if (!PyArg_ParseTupleAndKeywords(
+ args, keywds, "O&:set_reason", kwlist,
+ crypto_byte_converter, &reason_str)) {
return NULL;
}
@@ -231,7 +233,7 @@
static PyObject*
crypto_Revoked_set_rev_date(crypto_RevokedObj *self, PyObject *args) {
return _set_asn1_time(
- "s:set_rev_date", self->revoked->revocationDate, args);
+ BYTESTRING_FMT ":set_rev_date", self->revoked->revocationDate, args);
}
/* The integer is converted to an upper-case hex string
@@ -256,7 +258,7 @@
/* Convert to a Python string. */
str_len = BIO_get_mem_data(bio, &tmp_str);
- str = PyString_FromStringAndSize(tmp_str, str_len);
+ str = PyBytes_FromStringAndSize(tmp_str, str_len);
/* Cleanup */
BIO_free(bio);
@@ -307,7 +309,7 @@
BIGNUM *serial = NULL;
ASN1_INTEGER *tmpser = NULL;
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "s:set_serial",
+ if (!PyArg_ParseTupleAndKeywords(args, keywds, BYTESTRING_FMT ":set_serial",
kwlist, &hex_str)) {
return NULL;
}
@@ -362,11 +364,6 @@
#undef ADD_METHOD
-static PyObject *
-crypto_Revoked_getattr(crypto_RevokedObj *self, char *name) {
- return Py_FindMethod(crypto_Revoked_methods, (PyObject *)self, name);
-}
-
static void
crypto_Revoked_dealloc(crypto_RevokedObj *self) {
X509_REVOKED_free(self->revoked);
@@ -392,14 +389,13 @@
}
PyTypeObject crypto_Revoked_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"Revoked",
sizeof(crypto_RevokedObj),
0,
(destructor)crypto_Revoked_dealloc,
NULL, /* print */
- (getattrfunc)crypto_Revoked_getattr,
+ NULL, /* getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
diff --git a/OpenSSL/crypto/x509.c b/OpenSSL/crypto/x509.c
index 4c97525..9c2448c 100644
--- a/OpenSSL/crypto/x509.c
+++ b/OpenSSL/crypto/x509.c
@@ -30,7 +30,7 @@
if (!PyArg_ParseTuple(args, ":get_version"))
return NULL;
- return PyInt_FromLong((long)X509_get_version(self->x509));
+ return PyLong_FromLong((long)X509_get_version(self->x509));
}
static char crypto_X509_set_version_doc[] = "\n\
@@ -93,44 +93,44 @@
long small_serial;
PyObject *serial = NULL;
PyObject *hex = NULL;
- PyObject *format = NULL;
- PyObject *format_args = NULL;
ASN1_INTEGER *asn1_i = NULL;
BIGNUM *bignum = NULL;
+ char *hexstr;
if (!PyArg_ParseTuple(args, "O:set_serial_number", &serial)) {
return NULL;
}
- if (!PyInt_Check(serial) && !PyLong_Check(serial)) {
+ if (!PyOpenSSL_Integer_Check(serial)) {
PyErr_SetString(
PyExc_TypeError, "serial number must be integer");
goto err;
}
- if ((format_args = Py_BuildValue("(O)", serial)) == NULL) {
+ if ((hex = PyOpenSSL_LongToHex(serial)) == NULL) {
goto err;
}
- if ((format = PyString_FromString("%x")) == NULL) {
- goto err;
+#ifdef PY3
+ {
+ PyObject *hexbytes = PyUnicode_AsASCIIString(hex);
+ Py_DECREF(hex);
+ hex = hexbytes;
}
-
- if ((hex = PyString_Format(format, format_args)) == NULL) {
- goto err;
- }
+#endif
/**
* BN_hex2bn stores the result in &bignum. Unless it doesn't feel like
* it. If bignum is still NULL after this call, then the return value
* is actually the result. I hope. -exarkun
*/
- small_serial = BN_hex2bn(&bignum, PyString_AsString(hex));
+ hexstr = PyBytes_AsString(hex);
+ if (hexstr[1] == 'x') {
+ /* +2 to skip the "0x" */
+ hexstr += 2;
+ }
+ small_serial = BN_hex2bn(&bignum, hexstr);
- Py_DECREF(format_args);
- format_args = NULL;
- Py_DECREF(format);
- format = NULL;
Py_DECREF(hex);
hex = NULL;
@@ -159,12 +159,6 @@
return Py_None;
err:
- if (format_args) {
- Py_DECREF(format_args);
- }
- if (format) {
- Py_DECREF(format);
- }
if (hex) {
Py_DECREF(hex);
}
@@ -375,7 +369,8 @@
crypto_X509_set_notBefore(crypto_X509Obj *self, PyObject *args)
{
return _set_asn1_time(
- "s:set_notBefore", X509_get_notBefore(self->x509), args);
+ BYTESTRING_FMT ":set_notBefore",
+ X509_get_notBefore(self->x509), args);
}
static char crypto_X509_set_notAfter_doc[] = "\n\
@@ -394,7 +389,8 @@
crypto_X509_set_notAfter(crypto_X509Obj *self, PyObject *args)
{
return _set_asn1_time(
- "s:set_notAfter", X509_get_notAfter(self->x509), args);
+ BYTESTRING_FMT ":set_notAfter",
+ X509_get_notAfter(self->x509), args);
}
PyObject*
@@ -418,14 +414,14 @@
Py_INCREF(Py_None);
return Py_None;
} else if (timestamp->type == V_ASN1_GENERALIZEDTIME) {
- return PyString_FromString((char *)timestamp->data);
+ return PyBytes_FromString((char *)timestamp->data);
} else {
ASN1_TIME_to_generalizedtime(timestamp, >_timestamp);
if (gt_timestamp == NULL) {
exception_from_error_queue(crypto_Error);
return NULL;
} else {
- py_timestamp = PyString_FromString((char *)gt_timestamp->data);
+ py_timestamp = PyBytes_FromString((char *)gt_timestamp->data);
ASN1_GENERALIZEDTIME_free(gt_timestamp);
return py_timestamp;
}
@@ -582,9 +578,9 @@
tnow = time(NULL);
if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(self->x509), tnow) < 0)
- return PyInt_FromLong(1L);
+ return PyLong_FromLong(1L);
else
- return PyInt_FromLong(0L);
+ return PyLong_FromLong(0L);
}
static char crypto_X509_subject_name_hash_doc[] = "\n\
@@ -637,7 +633,7 @@
sprintf(tmp+i*3,"%02X:",fp[i]);
}
tmp[3*len-1] = 0;
- ret = PyString_FromStringAndSize(tmp,3*len-1);
+ ret = PyBytes_FromStringAndSize(tmp,3*len-1);
free(tmp);
return ret;
}
@@ -783,29 +779,14 @@
PyObject_Del(self);
}
-/*
- * Find attribute
- *
- * Arguments: self - The X509 object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something went
- * wrong
- */
-static PyObject *
-crypto_X509_getattr(crypto_X509Obj *self, char *name)
-{
- return Py_FindMethod(crypto_X509_methods, (PyObject *)self, name);
-}
-
PyTypeObject crypto_X509_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"X509",
sizeof(crypto_X509Obj),
0,
(destructor)crypto_X509_dealloc,
NULL, /* print */
- (getattrfunc)crypto_X509_getattr,
+ NULL, /* getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
diff --git a/OpenSSL/crypto/x509ext.c b/OpenSSL/crypto/x509ext.c
index 90ef543..d629732 100644
--- a/OpenSSL/crypto/x509ext.c
+++ b/OpenSSL/crypto/x509ext.c
@@ -25,7 +25,7 @@
if (!PyArg_ParseTuple(args, ":get_critical"))
return NULL;
- return PyInt_FromLong(X509_EXTENSION_get_critical(self->x509_extension));
+ return PyLong_FromLong(X509_EXTENSION_get_critical(self->x509_extension));
}
static char crypto_X509Extension_get_short_name_doc[] = "\n\
@@ -47,7 +47,7 @@
obj = X509_EXTENSION_get_object(self->x509_extension);
extname = OBJ_nid2sn(OBJ_obj2nid(obj));
- return PyString_FromString(extname);
+ return PyBytes_FromString(extname);
}
@@ -186,10 +186,12 @@
static char *kwlist[] = {"type_name", "critical", "value", "subject",
"issuer", NULL};
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sis|O!O!:X509Extension",
- kwlist, &type_name, &critical, &value,
- &crypto_X509_Type, &subject,
- &crypto_X509_Type, &issuer )) {
+ if (!PyArg_ParseTupleAndKeywords(
+ args, kwargs,
+ BYTESTRING_FMT "i" BYTESTRING_FMT "|O!O!:X509Extension",
+ kwlist, &type_name, &critical, &value,
+ &crypto_X509_Type, &subject,
+ &crypto_X509_Type, &issuer )) {
return NULL;
}
@@ -214,20 +216,6 @@
}
/*
- * Find attribute
- *
- * Arguments: self - The X509Extension object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something
- * went wrong.
- */
-static PyObject *
-crypto_X509Extension_getattr(crypto_X509ExtensionObj *self, char *name)
-{
- return Py_FindMethod(crypto_X509Extension_methods, (PyObject *)self, name);
-}
-
-/*
* Print a nice text representation of the certificate request.
*/
static PyObject *
@@ -246,7 +234,7 @@
}
str_len = BIO_get_mem_data(bio, &tmp_str);
- str = PyString_FromStringAndSize(tmp_str, str_len);
+ str = PyText_FromStringAndSize(tmp_str, str_len);
BIO_free(bio);
@@ -254,14 +242,13 @@
}
PyTypeObject crypto_X509Extension_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"X509Extension",
sizeof(crypto_X509ExtensionObj),
0,
(destructor)crypto_X509Extension_dealloc,
NULL, /* print */
- (getattrfunc)crypto_X509Extension_getattr,
+ NULL, /* getattr */
NULL, /* setattr (setattrfunc)crypto_X509Name_setattr, */
NULL, /* compare */
NULL, /* repr */
diff --git a/OpenSSL/crypto/x509ext.h b/OpenSSL/crypto/x509ext.h
index f20e562..6ce7f68 100644
--- a/OpenSSL/crypto/x509ext.h
+++ b/OpenSSL/crypto/x509ext.h
@@ -19,8 +19,9 @@
extern PyTypeObject crypto_X509Extension_Type;
-#define crypto_X509Extension_Check(v) ((v)->ob_type == \
- &crypto_X509Extension_Type)
+#define crypto_X509Extension_Check(v) ( \
+ PyObject_TypeCheck((v), \
+ &crypto_X509Extension_Type))
typedef struct {
PyObject_HEAD
diff --git a/OpenSSL/crypto/x509name.c b/OpenSSL/crypto/x509name.c
index 39fdcf8..e10c5a5 100644
--- a/OpenSSL/crypto/x509name.c
+++ b/OpenSSL/crypto/x509name.c
@@ -148,10 +148,16 @@
* wrong
*/
static PyObject *
-crypto_X509Name_getattr(crypto_X509NameObj *self, char *name)
+crypto_X509Name_getattro(crypto_X509NameObj *self, PyObject *nameobj)
{
int nid, len;
char *utf8string;
+ char *name;
+#ifdef PY3
+ name = PyBytes_AsString(PyUnicode_AsASCIIString(nameobj));
+#else
+ name = PyBytes_AsString(nameobj);
+#endif
if ((nid = OBJ_txt2nid(name)) == NID_undef) {
/*
@@ -162,7 +168,7 @@
* See lp#314814.
*/
flush_error_queue();
- return Py_FindMethod(crypto_X509Name_methods, (PyObject *)self, name);
+ return PyObject_GenericGetAttr((PyObject*)self, nameobj);
}
len = get_name_by_nid(self->x509_name, nid, &utf8string);
@@ -216,16 +222,56 @@
* m - The second X509Name
* Returns: <0 if n < m, 0 if n == m and >0 if n > m
*/
-static int
-crypto_X509Name_compare(crypto_X509NameObj *n, crypto_X509NameObj *m)
-{
- int result = X509_NAME_cmp(n->x509_name, m->x509_name);
- if (result < 0) {
- return -1;
- } else if (result > 0) {
- return 1;
+static PyObject *
+crypto_X509Name_richcompare(PyObject *n, PyObject *m, int op) {
+ int result;
+
+ if (!crypto_X509Name_Check(n) || !crypto_X509Name_Check(m)) {
+ Py_INCREF(Py_NotImplemented);
+ return Py_NotImplemented;
+ }
+
+ result = X509_NAME_cmp(
+ ((crypto_X509NameObj*)n)->x509_name,
+ ((crypto_X509NameObj*)m)->x509_name);
+
+ switch (op) {
+ case Py_EQ:
+ result = (result == 0);
+ break;
+
+ case Py_NE:
+ result = (result != 0);
+ break;
+
+ case Py_LT:
+ result = (result < 0);
+ break;
+
+ case Py_LE:
+ result = (result <= 0);
+ break;
+
+ case Py_GT:
+ result = (result > 0);
+ break;
+
+ case Py_GE:
+ result = (result >= 0);
+ break;
+
+ default:
+ /* Should be impossible */
+ Py_INCREF(Py_NotImplemented);
+ return Py_NotImplemented;
+ }
+
+ if (result) {
+ Py_INCREF(Py_True);
+ return Py_True;
} else {
- return 0;
+ Py_INCREF(Py_False);
+ return Py_False;
}
}
@@ -250,7 +296,7 @@
{
/* This is safe because tmpbuf is max 512 characters */
sprintf(realbuf, "<X509Name object '%s'>", tmpbuf);
- return PyString_FromString(realbuf);
+ return PyText_FromString(realbuf);
}
}
@@ -275,7 +321,7 @@
return NULL;
}
hash = X509_NAME_hash(self->x509_name);
- return PyInt_FromLong(hash);
+ return PyLong_FromLong(hash);
}
static char crypto_X509Name_der_doc[] = "\n\
@@ -296,8 +342,8 @@
}
i2d_X509_NAME(self->x509_name, 0);
- return PyString_FromStringAndSize(self->x509_name->bytes->data,
- self->x509_name->bytes->length);
+ return PyBytes_FromStringAndSize(self->x509_name->bytes->data,
+ self->x509_name->bytes->length);
}
@@ -342,8 +388,8 @@
/* printf("fname is %s len=%d str=%s\n", OBJ_nid2sn(nid), l, str); */
tuple = PyTuple_New(2);
- PyTuple_SetItem(tuple, 0, PyString_FromString(OBJ_nid2sn(nid)));
- PyTuple_SetItem(tuple, 1, PyString_FromStringAndSize((char *)str, l));
+ PyTuple_SetItem(tuple, 0, PyBytes_FromString(OBJ_nid2sn(nid)));
+ PyTuple_SetItem(tuple, 1, PyBytes_FromStringAndSize((char *)str, l));
PyList_SetItem(list, i, tuple);
}
@@ -421,16 +467,15 @@
#undef ADD_METHOD
PyTypeObject crypto_X509Name_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"X509Name",
sizeof(crypto_X509NameObj),
0,
(destructor)crypto_X509Name_dealloc,
NULL, /* print */
- (getattrfunc)crypto_X509Name_getattr,
+ NULL, /* getattr */
(setattrfunc)crypto_X509Name_setattr,
- (cmpfunc)crypto_X509Name_compare,
+ NULL, /* reserved */
(reprfunc)crypto_X509Name_repr,
NULL, /* as_number */
NULL, /* as_sequence */
@@ -438,14 +483,14 @@
NULL, /* hash */
NULL, /* call */
NULL, /* str */
- NULL, /* getattro */
+ (getattrofunc)crypto_X509Name_getattro, /* getattro */
NULL, /* setattro */
NULL, /* as_buffer */
Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC, /* tp_flags */
crypto_X509Name_doc, /* tp_doc */
(traverseproc)crypto_X509Name_traverse, /* tp_traverse */
(inquiry)crypto_X509Name_clear, /* tp_clear */
- NULL, /* tp_richcompare */
+ crypto_X509Name_richcompare, /* tp_richcompare */
0, /* tp_weaklistoffset */
NULL, /* tp_iter */
NULL, /* tp_iternext */
diff --git a/OpenSSL/crypto/x509req.c b/OpenSSL/crypto/x509req.c
index 14ae072..23c0218 100644
--- a/OpenSSL/crypto/x509req.c
+++ b/OpenSSL/crypto/x509req.c
@@ -166,7 +166,7 @@
return NULL;
}
- return PyInt_FromLong(answer);
+ return PyLong_FromLong(answer);
}
static char crypto_X509Req_add_extensions_doc[] = "\n\
@@ -357,29 +357,14 @@
}
-/*
- * Find attribute.
- *
- * Arguments: self - The X509Req object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something went
- * wrong
- */
-static PyObject *
-crypto_X509Req_getattr(crypto_X509ReqObj *self, char *name)
-{
- return Py_FindMethod(crypto_X509Req_methods, (PyObject *)self, name);
-}
-
PyTypeObject crypto_X509Req_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"X509Req",
sizeof(crypto_X509ReqObj),
0,
(destructor)crypto_X509Req_dealloc,
NULL, /* print */
- (getattrfunc)crypto_X509Req_getattr,
+ NULL, /* getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
diff --git a/OpenSSL/crypto/x509store.c b/OpenSSL/crypto/x509store.c
index 16af3b0..30ae508 100644
--- a/OpenSSL/crypto/x509store.c
+++ b/OpenSSL/crypto/x509store.c
@@ -92,36 +92,35 @@
}
-/*
- * Find attribute.
- *
- * Arguments: self - The X509Store object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something went
- * wrong
- */
-static PyObject *
-crypto_X509Store_getattr(crypto_X509StoreObj *self, char *name)
-{
- return Py_FindMethod(crypto_X509Store_methods, (PyObject *)self, name);
-}
-
PyTypeObject crypto_X509Store_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"X509Store",
sizeof(crypto_X509StoreObj),
0,
(destructor)crypto_X509Store_dealloc,
NULL, /* print */
- (getattrfunc)crypto_X509Store_getattr,
+ NULL, /* getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
NULL, /* as_number */
NULL, /* as_sequence */
NULL, /* as_mapping */
- NULL /* hash */
+ NULL, /* hash */
+ NULL, /* call */
+ NULL, /* str */
+ NULL, /* getattro */
+ NULL, /* setattro */
+ NULL, /* as_buffer */
+ Py_TPFLAGS_DEFAULT,
+ NULL, /* doc */
+ NULL, /* traverse */
+ NULL, /* clear */
+ NULL, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+ NULL, /* tp_iter */
+ NULL, /* tp_iternext */
+ crypto_X509Store_methods, /* tp_methods */
};
diff --git a/OpenSSL/py3k.h b/OpenSSL/py3k.h
new file mode 100644
index 0000000..d64817d
--- /dev/null
+++ b/OpenSSL/py3k.h
@@ -0,0 +1,55 @@
+#ifndef PyOpenSSL_PY3K_H_
+#define PyOpenSSL_PY3K_H_
+
+#if (PY_VERSION_HEX >= 0x03000000)
+
+#define PY3
+
+#define PyOpenSSL_MODINIT(name) \
+PyMODINIT_FUNC \
+PyInit_##name(void)
+
+#define PyText_CheckExact PyUnicode_CheckExact
+#define PyText_FromString PyUnicode_FromString
+#define PyText_FromStringAndSize PyUnicode_FromStringAndSize
+
+#define PyOpenSSL_HEAD_INIT(type, size) PyVarObject_HEAD_INIT(type, size)
+
+#define PyOpenSSL_Integer_Check(o) PyLong_Check(o)
+
+#define PyOpenSSL_MODRETURN(module) { return module; }
+
+#define BYTESTRING_FMT "y"
+
+#else /* (PY_VERSION_HEX >= 0x03000000) */
+
+#define PyOpenSSL_MODRETURN(module) { return; }
+
+#define PyOpenSSL_HEAD_INIT(type, size) PyObject_HEAD_INIT(NULL) 0,
+
+#define PyBytes_FromStringAndSize PyString_FromStringAndSize
+
+#define PyOpenSSL_Integer_Check(o) (PyInt_Check(o) || PyLong_Check(o))
+
+#define PyBytes_Size PyString_Size
+#define PyBytes_Check PyString_Check
+#define PyBytes_CheckExact PyString_CheckExact
+#define PyBytes_AsString PyString_AsString
+#define PyBytes_FromString PyString_FromString
+#define PyBytes_FromStringAndSize PyString_FromStringAndSize
+#define _PyBytes_Resize _PyString_Resize
+
+#define PyText_CheckExact PyString_CheckExact
+#define PyText_FromString PyString_FromString
+#define PyText_FromStringAndSize PyString_FromStringAndSize
+
+#define PyOpenSSL_MODINIT(name) \
+void \
+init##name(void)
+
+#define BYTESTRING_FMT "s"
+
+#endif /* (PY_VERSION_HEX >= 0x03000000) */
+
+#endif /* PyOpenSSL_PY3K_H_ */
+
diff --git a/OpenSSL/rand/rand.c b/OpenSSL/rand/rand.c
index 1bf71b1..fabf805 100644
--- a/OpenSSL/rand/rand.c
+++ b/OpenSSL/rand/rand.c
@@ -45,7 +45,7 @@
int size;
double entropy;
- if (!PyArg_ParseTuple(args, "s#d:add", &buf, &size, &entropy))
+ if (!PyArg_ParseTuple(args, BYTESTRING_FMT "#d:add", &buf, &size, &entropy))
return NULL;
RAND_add(buf, size, entropy);
@@ -67,7 +67,7 @@
char *buf;
int size;
- if (!PyArg_ParseTuple(args, "s#:seed", &buf, &size))
+ if (!PyArg_ParseTuple(args, BYTESTRING_FMT "#:seed", &buf, &size))
return NULL;
RAND_seed(buf, size);
@@ -88,7 +88,7 @@
if (!PyArg_ParseTuple(args, ":status"))
return NULL;
- return PyInt_FromLong((long)RAND_status());
+ return PyLong_FromLong((long)RAND_status());
}
#ifdef MS_WINDOWS
@@ -131,7 +131,7 @@
if (!PyArg_ParseTuple(args, "s|i:egd", &path, &bytes))
return NULL;
- return PyInt_FromLong((long)RAND_egd_bytes(path, bytes));
+ return PyLong_FromLong((long)RAND_egd_bytes(path, bytes));
}
static char rand_cleanup_doc[] = "\n\
@@ -170,7 +170,7 @@
if (!PyArg_ParseTuple(args, "s|i:load_file", &filename, &maxbytes))
return NULL;
- return PyInt_FromLong((long)RAND_load_file(filename, maxbytes));
+ return PyLong_FromLong((long)RAND_load_file(filename, maxbytes));
}
static char rand_write_file_doc[] = "\n\
@@ -188,7 +188,7 @@
if (!PyArg_ParseTuple(args, "s:write_file", &filename))
return NULL;
- return PyInt_FromLong((long)RAND_write_file(filename));
+ return PyLong_FromLong((long)RAND_write_file(filename));
}
static char rand_bytes_doc[] = "\n\
@@ -230,7 +230,7 @@
exception_from_error_queue(rand_Error);
goto done;
}
- obj = PyString_FromStringAndSize(buf, (unsigned) num_bytes);
+ obj = PyBytes_FromStringAndSize(buf, (unsigned) num_bytes);
done:
free(buf);
return obj;
@@ -254,28 +254,50 @@
};
+#ifdef PY3
+static struct PyModuleDef randmodule = {
+ PyModuleDef_HEAD_INIT,
+ "rand",
+ rand_doc,
+ -1,
+ rand_methods
+};
+#endif
+
/*
* Initialize the rand sub module
*
* Arguments: None
* Returns: None
*/
-void
-initrand(void)
-{
+PyOpenSSL_MODINIT(rand) {
PyObject *module;
+#ifdef PY3
+ module = PyModule_Create(&randmodule);
+#else
+ module = Py_InitModule3("rand", rand_methods, rand_doc);
+#endif
+ if (module == NULL) {
+ PyOpenSSL_MODRETURN(NULL);
+ }
+
+ rand_Error = PyErr_NewException("OpenSSL.rand.Error", NULL, NULL);
+
+ if (rand_Error == NULL) {
+ goto error;
+ }
+
+ if (PyModule_AddObject(module, "Error", rand_Error) != 0) {
+ goto error;
+ }
+
ERR_load_RAND_strings();
- if ((module = Py_InitModule3("rand", rand_methods, rand_doc)) == NULL)
- return;
+ PyOpenSSL_MODRETURN(module);
- rand_Error = PyErr_NewException("OpenSSL.rand.Error", NULL, NULL);
- if (rand_Error == NULL)
- goto error;
- if (PyModule_AddObject(module, "Error", rand_Error) != 0)
- goto error;
- error:
+error:
+ PyOpenSSL_MODRETURN(NULL);
;
}
diff --git a/OpenSSL/ssl/connection.c b/OpenSSL/ssl/connection.c
index d53f45c..0289876 100755
--- a/OpenSSL/ssl/connection.c
+++ b/OpenSSL/ssl/connection.c
@@ -276,7 +276,7 @@
}
ret = SSL_pending(self->ssl);
- return PyInt_FromLong((long)ret);
+ return PyLong_FromLong((long)ret);
}
static char ssl_Connection_bio_write_doc[] = "\n\
@@ -317,7 +317,7 @@
return NULL;
}
- return PyInt_FromLong((long)ret);
+ return PyLong_FromLong((long)ret);
}
static char ssl_Connection_send_doc[] = "\n\
@@ -352,7 +352,7 @@
err = SSL_get_error(self->ssl, ret);
if (err == SSL_ERROR_NONE)
{
- return PyInt_FromLong((long)ret);
+ return PyLong_FromLong((long)ret);
}
else
{
@@ -429,12 +429,12 @@
if (!PyArg_ParseTuple(args, "i|i:recv", &bufsiz, &flags))
return NULL;
- buf = PyString_FromStringAndSize(NULL, bufsiz);
+ buf = PyBytes_FromStringAndSize(NULL, bufsiz);
if (buf == NULL)
return NULL;
MY_BEGIN_ALLOW_THREADS(self->tstate)
- ret = SSL_read(self->ssl, PyString_AsString(buf), bufsiz);
+ ret = SSL_read(self->ssl, PyBytes_AsString(buf), bufsiz);
MY_END_ALLOW_THREADS(self->tstate)
if (PyErr_Occurred())
@@ -447,7 +447,7 @@
err = SSL_get_error(self->ssl, ret);
if (err == SSL_ERROR_NONE)
{
- if (ret != bufsiz && _PyString_Resize(&buf, ret) < 0)
+ if (ret != bufsiz && _PyBytes_Resize(&buf, ret) < 0)
return NULL;
return buf;
}
@@ -481,11 +481,11 @@
if (!PyArg_ParseTuple(args, "i:bio_read", &bufsiz))
return NULL;
- buf = PyString_FromStringAndSize(NULL, bufsiz);
+ buf = PyBytes_FromStringAndSize(NULL, bufsiz);
if (buf == NULL)
return NULL;
- ret = BIO_read(self->from_ssl, PyString_AsString(buf), bufsiz);
+ ret = BIO_read(self->from_ssl, PyBytes_AsString(buf), bufsiz);
if (PyErr_Occurred())
{
@@ -506,7 +506,7 @@
/*
* Shrink the string to match the number of bytes we actually read.
*/
- if (ret != bufsiz && _PyString_Resize(&buf, ret) < 0)
+ if (ret != bufsiz && _PyBytes_Resize(&buf, ret) < 0)
{
Py_DECREF(buf);
return NULL;
@@ -536,7 +536,7 @@
return NULL;
}
- return PyInt_FromLong((long)ret);
+ return PyLong_FromLong((long)ret);
}
static char ssl_Connection_do_handshake_doc[] = "\n\
@@ -589,7 +589,7 @@
if (!PyArg_ParseTuple(args, ":renegotiate_pending"))
return NULL;
- return PyInt_FromLong((long)SSL_renegotiate_pending(self->ssl));
+ return PyLong_FromLong((long)SSL_renegotiate_pending(self->ssl));
}
#endif
@@ -604,7 +604,7 @@
if (!PyArg_ParseTuple(args, ":total_renegotiations"))
return NULL;
- return PyInt_FromLong(SSL_total_renegotiations(self->ssl));
+ return PyLong_FromLong(SSL_total_renegotiations(self->ssl));
}
static char ssl_Connection_set_accept_state_doc[] = "\n\
@@ -686,11 +686,6 @@
ret = PyEval_CallObject(meth, args);
Py_DECREF(meth);
- if (ret == NULL)
- return NULL;
- if (PyInt_Check(ret) && PyInt_AsLong(ret) != 0)
- return ret;
-
return ret;
}
@@ -820,7 +815,7 @@
lst = PyList_New(0);
while ((ret = SSL_get_cipher_list(self->ssl, idx)) != NULL)
{
- item = PyString_FromString(ret);
+ item = PyText_FromString(ret);
PyList_Append(lst, item);
Py_DECREF(item);
idx++;
@@ -942,7 +937,7 @@
if (!PyArg_ParseTuple(args, ":get_shutdown"))
return NULL;
- return PyInt_FromLong((long)SSL_get_shutdown(self->ssl));
+ return PyLong_FromLong((long)SSL_get_shutdown(self->ssl));
}
static char ssl_Connection_set_shutdown_doc[] = "\n\
@@ -975,7 +970,7 @@
if (!PyArg_ParseTuple(args, ":state_string"))
return NULL;
- return PyString_FromString(SSL_state_string_long(self->ssl));
+ return PyText_FromString(SSL_state_string_long(self->ssl));
}
static char ssl_Connection_client_random_doc[] = "\n\
@@ -993,7 +988,7 @@
Py_INCREF(Py_None);
return Py_None;
}
- return PyString_FromStringAndSize( (const char *) self->ssl->s3->client_random, SSL3_RANDOM_SIZE);
+ return PyBytes_FromStringAndSize( (const char *) self->ssl->s3->client_random, SSL3_RANDOM_SIZE);
}
static char ssl_Connection_server_random_doc[] = "\n\
@@ -1011,7 +1006,7 @@
Py_INCREF(Py_None);
return Py_None;
}
- return PyString_FromStringAndSize( (const char *) self->ssl->s3->server_random, SSL3_RANDOM_SIZE);
+ return PyBytes_FromStringAndSize( (const char *) self->ssl->s3->server_random, SSL3_RANDOM_SIZE);
}
static char ssl_Connection_master_key_doc[] = "\n\
@@ -1029,7 +1024,7 @@
Py_INCREF(Py_None);
return Py_None;
}
- return PyString_FromStringAndSize( (const char *) self->ssl->session->master_key, self->ssl->session->master_key_length);
+ return PyBytes_FromStringAndSize( (const char *) self->ssl->session->master_key, self->ssl->session->master_key_length);
}
static char ssl_Connection_sock_shutdown_doc[] = "\n\
@@ -1086,7 +1081,7 @@
if (!PyArg_ParseTuple(args, ":want_read"))
return NULL;
- return PyInt_FromLong((long)SSL_want_read(self->ssl));
+ return PyLong_FromLong((long)SSL_want_read(self->ssl));
}
static char ssl_Connection_want_write_doc[] = "\n\
@@ -1101,7 +1096,7 @@
if (!PyArg_ParseTuple(args, ":want_write"))
return NULL;
- return PyInt_FromLong((long)SSL_want_write(self->ssl));
+ return PyLong_FromLong((long)SSL_want_write(self->ssl));
}
/*
@@ -1281,17 +1276,14 @@
* wrong
*/
static PyObject *
-ssl_Connection_getattr(ssl_ConnectionObj *self, char *name)
-{
+ssl_Connection_getattro(ssl_ConnectionObj *self, PyObject *nameobj) {
PyObject *meth;
-
- meth = Py_FindMethod(ssl_Connection_methods, (PyObject *)self, name);
- if (PyErr_Occurred() && PyErr_ExceptionMatches(PyExc_AttributeError))
- {
+ meth = PyObject_GenericGetAttr((PyObject*)self, nameobj);
+ if (PyErr_Occurred() && PyErr_ExceptionMatches(PyExc_AttributeError)) {
PyErr_Clear();
/* Try looking it up in the "socket" instead. */
- meth = PyObject_GetAttrString(self->socket, name);
+ meth = PyObject_GenericGetAttr(self->socket, nameobj);
}
return meth;
@@ -1357,14 +1349,13 @@
}
PyTypeObject ssl_Connection_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"OpenSSL.SSL.Connection",
sizeof(ssl_ConnectionObj),
0,
(destructor)ssl_Connection_dealloc,
NULL, /* print */
- (getattrfunc)ssl_Connection_getattr, /* tp_getattr */
+ NULL, /* tp_getattr */
NULL, /* setattr */
NULL, /* compare */
NULL, /* repr */
@@ -1374,7 +1365,7 @@
NULL, /* hash */
NULL, /* call */
NULL, /* str */
- NULL, /* getattro */
+ (getattrofunc)ssl_Connection_getattro, /* getattro */
NULL, /* setattro */
NULL, /* as_buffer */
Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC,
diff --git a/OpenSSL/ssl/context.c b/OpenSSL/ssl/context.c
index ef59961..69bc4e5 100644
--- a/OpenSSL/ssl/context.c
+++ b/OpenSSL/ssl/context.c
@@ -115,7 +115,7 @@
goto out;
}
- if (!PyString_Check(ret)) {
+ if (!PyBytes_Check(ret)) {
/*
* XXX Returned something that wasn't a string. This is bogus. We'll
* return 0 and OpenSSL will treat it as an error, resulting in an
@@ -125,7 +125,7 @@
goto out;
}
- len = PyString_Size(ret);
+ len = PyBytes_Size(ret);
if (len > maxlen) {
/*
* Returned more than we said they were allowed to return. Just
@@ -135,7 +135,7 @@
len = maxlen;
}
- str = PyString_AsString(ret);
+ str = PyBytes_AsString(ret);
strncpy(buf, str, len);
Py_XDECREF(ret);
@@ -368,8 +368,16 @@
Py_DECREF(type);
return NULL;
}
- right_name = (PyString_CheckExact(name_attr) &&
- strcmp(name, PyString_AsString(name_attr)) == 0);
+
+#ifdef PY3
+ {
+ PyObject* asciiname = PyUnicode_AsASCIIString(name_attr);
+ Py_DECREF(name_attr);
+ name_attr = asciiname;
+ }
+#endif
+ right_name = (PyBytes_CheckExact(name_attr) &&
+ strcmp(name, PyBytes_AsString(name_attr)) == 0);
Py_DECREF(name_attr);
res = (PyTypeObject *)type;
if (!right_name || res->tp_basicsize != objsize) {
@@ -725,7 +733,7 @@
return NULL;
mode = SSL_CTX_get_verify_mode(self->ctx);
- return PyInt_FromLong((long)mode);
+ return PyLong_FromLong((long)mode);
}
static char ssl_Context_get_verify_depth_doc[] = "\n\
@@ -742,7 +750,7 @@
return NULL;
depth = SSL_CTX_get_verify_depth(self->ctx);
- return PyInt_FromLong((long)depth);
+ return PyLong_FromLong((long)depth);
}
static char ssl_Context_load_tmp_dh_doc[] = "\n\
@@ -1046,7 +1054,7 @@
if (!PyArg_ParseTuple(args, "l:set_options", &options))
return NULL;
- return PyInt_FromLong(SSL_CTX_set_options(self->ctx, options));
+ return PyLong_FromLong(SSL_CTX_set_options(self->ctx, options));
}
@@ -1247,8 +1255,7 @@
PyTypeObject ssl_Context_Type = {
- PyObject_HEAD_INIT(NULL)
- 0,
+ PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
"OpenSSL.SSL.Context",
sizeof(ssl_ContextObj),
0,
diff --git a/OpenSSL/ssl/ssl.c b/OpenSSL/ssl/ssl.c
index 94d4844..8ac4420 100644
--- a/OpenSSL/ssl/ssl.c
+++ b/OpenSSL/ssl/ssl.c
@@ -30,7 +30,9 @@
See the file RATIONALE for a short explanation of why this module was written.\n\
";
+#ifndef PY3
void **crypto_API;
+#endif
int _pyOpenSSL_tstate_key;
@@ -48,34 +50,51 @@
{ NULL, NULL }
};
+#ifdef PY3
+static struct PyModuleDef sslmodule = {
+ PyModuleDef_HEAD_INIT,
+ "SSL",
+ ssl_doc,
+ -1,
+ ssl_methods
+};
+#endif
+
/*
* Initialize SSL sub module
*
* Arguments: None
* Returns: None
*/
-void
-initSSL(void)
-{
+PyOpenSSL_MODINIT(SSL) {
+ PyObject *module;
+#ifndef PY3
static void *ssl_API[ssl_API_pointers];
PyObject *ssl_api_object;
- PyObject *module;
+
+ import_crypto();
+#endif
SSL_library_init();
ERR_load_SSL_strings();
- import_crypto();
-
- if ((module = Py_InitModule3("SSL", ssl_methods, ssl_doc)) == NULL) {
- return;
+#ifdef PY3
+ module = PyModule_Create(&sslmodule);
+#else
+ module = Py_InitModule3("SSL", ssl_methods, ssl_doc);
+#endif
+ if (module == NULL) {
+ PyOpenSSL_MODRETURN(NULL);
}
+#ifndef PY3
/* Initialize the C API pointer array */
ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New;
ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New;
ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL);
if (ssl_api_object != NULL)
PyModule_AddObject(module, "_C_API", ssl_api_object);
+#endif
/* Exceptions */
/*
@@ -177,6 +196,9 @@
_pyOpenSSL_tstate_key = PyThread_create_key();
#endif
- error:
+ PyOpenSSL_MODRETURN(module);
+
+error:
+ PyOpenSSL_MODRETURN(NULL);
;
}
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index 645f6cf..6b48282 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py
@@ -7,7 +7,7 @@
from unittest import main
import os, re
-from os import popen2
+from subprocess import PIPE, Popen
from datetime import datetime, timedelta
from OpenSSL.crypto import TYPE_RSA, TYPE_DSA, Error, PKey, PKeyType
@@ -23,10 +23,10 @@
from OpenSSL.crypto import CRL, Revoked, load_crl
from OpenSSL.crypto import NetscapeSPKI, NetscapeSPKIType
from OpenSSL.crypto import sign, verify
-from OpenSSL.test.util import TestCase
+from OpenSSL.test.util import TestCase, bytes, b
-root_cert_pem = """-----BEGIN CERTIFICATE-----
+root_cert_pem = b("""-----BEGIN CERTIFICATE-----
MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
@@ -44,9 +44,9 @@
hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
-----END CERTIFICATE-----
-"""
+""")
-root_key_pem = """-----BEGIN RSA PRIVATE KEY-----
+root_key_pem = b("""-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA
jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU
3claegwsrBA+sJEBbqx5RdXbIRGicPG/8qQ4Zm1SKOgotcbwiaor2yxZ2wIDAQAB
@@ -61,9 +61,9 @@
6AWSeGAdtRFHVzR7oHjVAkB4hutvxiOeiIVQNBhM6RSI9aBPMI21DoX2JRoxvNW2
cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA+sDq
-----END RSA PRIVATE KEY-----
-"""
+""")
-server_cert_pem = """-----BEGIN CERTIFICATE-----
+server_cert_pem = b("""-----BEGIN CERTIFICATE-----
MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
@@ -77,9 +77,9 @@
2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8
uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ==
-----END CERTIFICATE-----
-"""
+""")
-server_key_pem = """-----BEGIN RSA PRIVATE KEY-----
+server_key_pem = b("""-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC+pvhuud1dLaQQvzipdtlcTotgr5SuE2LvSx0gz/bg1U3u1eQ+
U5eqsxaEUceaX5p5Kk+QflvW8qdjVNxQuYS5uc0gK2+OZnlIYxCf4n5GYGzVIx3Q
SBj/TAEFB2WuVinZBiCbxgL7PFM1Kpa+EwVkCAduPpSflJJPwkYGrK2MHQIDAQAB
@@ -94,9 +94,9 @@
NaeNCFfH3aeTrX0LyQJAMBWjWmeKM2G2sCExheeQK0ROnaBC8itCECD4Jsve4nqf
r50+LF74iLXFwqysVCebPKMOpDWp/qQ1BbJQIPs7/A==
-----END RSA PRIVATE KEY-----
-"""
+""")
-client_cert_pem = """-----BEGIN CERTIFICATE-----
+client_cert_pem = b("""-----BEGIN CERTIFICATE-----
MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
@@ -110,9 +110,9 @@
9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ
PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ=
-----END CERTIFICATE-----
-"""
+""")
-client_key_pem = """-----BEGIN RSA PRIVATE KEY-----
+client_key_pem = b("""-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2rn+GrRHRiZ+xkCw/CGNh
btPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xKiku4G/KvnnmWdeJHqsiX
eUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7DtboCRajYyHfluARQIDAQAB
@@ -127,9 +127,9 @@
JJEQjOMCVsEJlRk54WWjAkEAzoZNH6UhDdBK5F38rVt/y4SEHgbSfJHIAmPS32Kq
f6GGcfNpip0Uk7q7udTKuX7Q/buZi/C4YW7u3VKAquv9NA==
-----END RSA PRIVATE KEY-----
-"""
+""")
-cleartextCertificatePEM = """-----BEGIN CERTIFICATE-----
+cleartextCertificatePEM = b("""-----BEGIN CERTIFICATE-----
MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
@@ -147,9 +147,9 @@
hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
-----END CERTIFICATE-----
-"""
+""")
-cleartextPrivateKeyPEM = """-----BEGIN RSA PRIVATE KEY-----
+cleartextPrivateKeyPEM = b("""-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA
jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU
3claegwsrBA+sJEBbqx5RdXbIRGicPG/8qQ4Zm1SKOgotcbwiaor2yxZ2wIDAQAB
@@ -164,22 +164,22 @@
6AWSeGAdtRFHVzR7oHjVAkB4hutvxiOeiIVQNBhM6RSI9aBPMI21DoX2JRoxvNW2
cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA+sDq
-----END RSA PRIVATE KEY-----
-"""
+""")
-cleartextCertificateRequestPEM = (
- "-----BEGIN CERTIFICATE REQUEST-----\n"
- "MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQH\n"
- "EwdDaGljYWdvMRcwFQYDVQQKEw5NeSBDb21wYW55IEx0ZDEXMBUGA1UEAxMORnJl\n"
- "ZGVyaWNrIERlYW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANp6Y17WzKSw\n"
- "BsUWkXdqg6tnXy8H8hA1msCMWpc+/2KJ4mbv5NyD6UD+/SqagQqulPbF/DFea9nA\n"
- "E0zhmHJELcM8gUTIlXv/cgDWnmK4xj8YkjVUiCdqKRAKeuzLG1pGmwwF5lGeJpXN\n"
- "xQn5ecR0UYSOWj6TTGXB9VyUMQzCClcBAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB\n"
- "gQAAJGuF/R/GGbeC7FbFW+aJgr9ee0Xbl6nlhu7pTe67k+iiKT2dsl2ti68MVTnu\n"
- "Vrb3HUNqOkiwsJf6kCtq5oPn3QVYzTa76Dt2y3Rtzv6boRSlmlfrgS92GNma8JfR\n"
- "oICQk3nAudi6zl1Dix3BCv1pUp5KMtGn3MeDEi6QFGy2rA==\n"
- "-----END CERTIFICATE REQUEST-----\n")
+cleartextCertificateRequestPEM = b("""-----BEGIN CERTIFICATE REQUEST-----
+MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQH
+EwdDaGljYWdvMRcwFQYDVQQKEw5NeSBDb21wYW55IEx0ZDEXMBUGA1UEAxMORnJl
+ZGVyaWNrIERlYW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANp6Y17WzKSw
+BsUWkXdqg6tnXy8H8hA1msCMWpc+/2KJ4mbv5NyD6UD+/SqagQqulPbF/DFea9nA
+E0zhmHJELcM8gUTIlXv/cgDWnmK4xj8YkjVUiCdqKRAKeuzLG1pGmwwF5lGeJpXN
+xQn5ecR0UYSOWj6TTGXB9VyUMQzCClcBAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB
+gQAAJGuF/R/GGbeC7FbFW+aJgr9ee0Xbl6nlhu7pTe67k+iiKT2dsl2ti68MVTnu
+Vrb3HUNqOkiwsJf6kCtq5oPn3QVYzTa76Dt2y3Rtzv6boRSlmlfrgS92GNma8JfR
+oICQk3nAudi6zl1Dix3BCv1pUp5KMtGn3MeDEi6QFGy2rA==
+-----END CERTIFICATE REQUEST-----
+""")
-encryptedPrivateKeyPEM = """-----BEGIN RSA PRIVATE KEY-----
+encryptedPrivateKeyPEM = b("""-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,9573604A18579E9E
@@ -197,15 +197,15 @@
MbzjS007Oe4qqBnCWaFPSnJX6uLApeTbqAxAeyCql56ULW5x6vDMNC3dwjvS/CEh
11n8RkgFIQA0AhuKSIg3CbuartRsJnWOLwgLTzsrKYL4yRog1RJrtw==
-----END RSA PRIVATE KEY-----
-"""
-encryptedPrivateKeyPEMPassphrase = "foobar"
+""")
+encryptedPrivateKeyPEMPassphrase = b("foobar")
# Some PKCS#7 stuff. Generated with the openssl command line:
#
# openssl crl2pkcs7 -inform pem -outform pem -certfile s.pem -nocrl
#
# with a certificate and key (but the key should be irrelevant) in s.pem
-pkcs7Data = """\
+pkcs7Data = b("""\
-----BEGIN PKCS7-----
MIIDNwYJKoZIhvcNAQcCoIIDKDCCAyQCAQExADALBgkqhkiG9w0BBwGgggMKMIID
BjCCAm+gAwIBAgIBATANBgkqhkiG9w0BAQQFADB7MQswCQYDVQQGEwJTRzERMA8G
@@ -226,9 +226,9 @@
/g5NDjxFZNDJP1dGiLAxPW6JXwov4v0FmdzfLOZ01jDcgQQZqEpYlgpuI5JEWUQ9
Ho4EzbYCOaEAMQA=
-----END PKCS7-----
-"""
+""")
-crlData ="""\
+crlData = b("""\
-----BEGIN X509 CRL-----
MIIBWzCBxTANBgkqhkiG9w0BAQQFADBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
SUwxEDAOBgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMT
@@ -239,7 +239,7 @@
0yp4HXRFFoRhhSE/hP+eteaPXRgrsNRLHe9ZDd69wmh7J1wMDb0m81RG7kqcbsid
vrzEeLDRiiPl92dyyWmu
-----END X509 CRL-----
-"""
+""")
class X509ExtTests(TestCase):
"""
@@ -263,8 +263,8 @@
self.subject.commonName = self.req.get_subject().commonName
self.x509.set_issuer(self.subject)
self.x509.set_pubkey(self.pkey)
- now = datetime.now().strftime("%Y%m%d%H%M%SZ")
- expire = (datetime.now() + timedelta(days=100)).strftime("%Y%m%d%H%M%SZ")
+ now = b(datetime.now().strftime("%Y%m%d%H%M%SZ"))
+ expire = b((datetime.now() + timedelta(days=100)).strftime("%Y%m%d%H%M%SZ"))
self.x509.set_notBefore(now)
self.x509.set_notAfter(expire)
@@ -277,7 +277,7 @@
# This isn't necessarily the best string representation. Perhaps it
# will be changed/improved in the future.
self.assertEquals(
- str(X509Extension('basicConstraints', True, 'CA:false')),
+ str(X509Extension(b('basicConstraints'), True, b('CA:false'))),
'CA:FALSE')
@@ -288,7 +288,8 @@
"""
self.assertIdentical(X509Extension, X509ExtensionType)
self.assertConsistentType(
- X509Extension, 'X509Extension', 'basicConstraints', True, 'CA:true')
+ X509Extension,
+ 'X509Extension', b('basicConstraints'), True, b('CA:true'))
def test_construction(self):
@@ -296,13 +297,14 @@
L{X509Extension} accepts an extension type name, a critical flag,
and an extension value and returns an L{X509ExtensionType} instance.
"""
- basic = X509Extension('basicConstraints', True, 'CA:true')
+ basic = X509Extension(b('basicConstraints'), True, b('CA:true'))
self.assertTrue(
isinstance(basic, X509ExtensionType),
"%r is of type %r, should be %r" % (
basic, type(basic), X509ExtensionType))
- comment = X509Extension('nsComment', False, 'pyOpenSSL unit test')
+ comment = X509Extension(
+ b('nsComment'), False, b('pyOpenSSL unit test'))
self.assertTrue(
isinstance(comment, X509ExtensionType),
"%r is of type %r, should be %r" % (
@@ -315,17 +317,17 @@
name or value.
"""
self.assertRaises(
- Error, X509Extension, 'thisIsMadeUp', False, 'hi')
+ Error, X509Extension, b('thisIsMadeUp'), False, b('hi'))
self.assertRaises(
- Error, X509Extension, 'basicConstraints', False, 'blah blah')
+ Error, X509Extension, b('basicConstraints'), False, b('blah blah'))
# Exercise a weird one (an extension which uses the r2i method). This
# exercises the codepath that requires a non-NULL ctx to be passed to
# X509V3_EXT_nconf. It can't work now because we provide no
# configuration database. It might be made to work in the future.
self.assertRaises(
- Error, X509Extension, 'proxyCertInfo', True,
- 'language:id-ppl-anyLanguage,pathlen:1,policy:text:AB')
+ Error, X509Extension, b('proxyCertInfo'), True,
+ b('language:id-ppl-anyLanguage,pathlen:1,policy:text:AB'))
def test_get_critical(self):
@@ -333,9 +335,9 @@
L{X509ExtensionType.get_critical} returns the value of the
extension's critical flag.
"""
- ext = X509Extension('basicConstraints', True, 'CA:true')
+ ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
self.assertTrue(ext.get_critical())
- ext = X509Extension('basicConstraints', False, 'CA:true')
+ ext = X509Extension(b('basicConstraints'), False, b('CA:true'))
self.assertFalse(ext.get_critical())
@@ -344,10 +346,10 @@
L{X509ExtensionType.get_short_name} returns a string giving the short
type name of the extension.
"""
- ext = X509Extension('basicConstraints', True, 'CA:true')
- self.assertEqual(ext.get_short_name(), 'basicConstraints')
- ext = X509Extension('nsComment', True, 'foo bar')
- self.assertEqual(ext.get_short_name(), 'nsComment')
+ ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
+ self.assertEqual(ext.get_short_name(), b('basicConstraints'))
+ ext = X509Extension(b('nsComment'), True, b('foo bar'))
+ self.assertEqual(ext.get_short_name(), b('nsComment'))
def test_unused_subject(self):
@@ -355,13 +357,14 @@
The C{subject} parameter to L{X509Extension} may be provided for an
extension which does not use it and is ignored in this case.
"""
- ext1 = X509Extension('basicConstraints', False, 'CA:TRUE', subject=self.x509)
+ ext1 = X509Extension(
+ b('basicConstraints'), False, b('CA:TRUE'), subject=self.x509)
self.x509.add_extensions([ext1])
self.x509.sign(self.pkey, 'sha1')
# This is a little lame. Can we think of a better way?
text = dump_certificate(FILETYPE_TEXT, self.x509)
- self.assertTrue('X509v3 Basic Constraints:' in text)
- self.assertTrue('CA:TRUE' in text)
+ self.assertTrue(b('X509v3 Basic Constraints:') in text)
+ self.assertTrue(b('CA:TRUE') in text)
def test_subject(self):
@@ -369,11 +372,12 @@
If an extension requires a subject, the C{subject} parameter to
L{X509Extension} provides its value.
"""
- ext3 = X509Extension('subjectKeyIdentifier', False, 'hash', subject=self.x509)
+ ext3 = X509Extension(
+ b('subjectKeyIdentifier'), False, b('hash'), subject=self.x509)
self.x509.add_extensions([ext3])
self.x509.sign(self.pkey, 'sha1')
text = dump_certificate(FILETYPE_TEXT, self.x509)
- self.assertTrue('X509v3 Subject Key Identifier:' in text)
+ self.assertTrue(b('X509v3 Subject Key Identifier:') in text)
def test_missing_subject(self):
@@ -382,7 +386,7 @@
given no value, something happens.
"""
self.assertRaises(
- Error, X509Extension, 'subjectKeyIdentifier', False, 'hash')
+ Error, X509Extension, b('subjectKeyIdentifier'), False, b('hash'))
def test_invalid_subject(self):
@@ -402,12 +406,13 @@
The C{issuer} parameter to L{X509Extension} may be provided for an
extension which does not use it and is ignored in this case.
"""
- ext1 = X509Extension('basicConstraints', False, 'CA:TRUE', issuer=self.x509)
+ ext1 = X509Extension(
+ b('basicConstraints'), False, b('CA:TRUE'), issuer=self.x509)
self.x509.add_extensions([ext1])
self.x509.sign(self.pkey, 'sha1')
text = dump_certificate(FILETYPE_TEXT, self.x509)
- self.assertTrue('X509v3 Basic Constraints:' in text)
- self.assertTrue('CA:TRUE' in text)
+ self.assertTrue(b('X509v3 Basic Constraints:') in text)
+ self.assertTrue(b('CA:TRUE') in text)
def test_issuer(self):
@@ -416,13 +421,13 @@
L{X509Extension} provides its value.
"""
ext2 = X509Extension(
- 'authorityKeyIdentifier', False, 'issuer:always',
+ b('authorityKeyIdentifier'), False, b('issuer:always'),
issuer=self.x509)
self.x509.add_extensions([ext2])
self.x509.sign(self.pkey, 'sha1')
text = dump_certificate(FILETYPE_TEXT, self.x509)
- self.assertTrue('X509v3 Authority Key Identifier:' in text)
- self.assertTrue('DirName:/CN=Yoda root CA' in text)
+ self.assertTrue(b('X509v3 Authority Key Identifier:') in text)
+ self.assertTrue(b('DirName:/CN=Yoda root CA') in text)
def test_missing_issuer(self):
@@ -433,7 +438,8 @@
self.assertRaises(
Error,
X509Extension,
- 'authorityKeyIdentifier', False, 'keyid:always,issuer:always')
+ b('authorityKeyIdentifier'), False,
+ b('keyid:always,issuer:always'))
def test_invalid_issuer(self):
@@ -566,9 +572,11 @@
def _x509name(self, **attrs):
# XXX There's no other way to get a new X509Name yet.
name = X509().get_subject()
- attrs = attrs.items()
+ attrs = list(attrs.items())
# Make the order stable - order matters!
- attrs.sort(lambda (k1, v1), (k2, v2): cmp(v1, v2))
+ def key(attr):
+ return attr[1]
+ attrs.sort(key=key)
for k, v in attrs:
setattr(name, k, v)
return name
@@ -736,8 +744,8 @@
a = self._x509name(CN="foo", C="US")
self.assertEqual(
a.der(),
- '0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US'
- '1\x0c0\n\x06\x03U\x04\x03\x13\x03foo')
+ b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US'
+ '1\x0c0\n\x06\x03U\x04\x03\x13\x03foo'))
def test_get_components(self):
@@ -748,11 +756,11 @@
a = self._x509name()
self.assertEqual(a.get_components(), [])
a.CN = "foo"
- self.assertEqual(a.get_components(), [("CN", "foo")])
+ self.assertEqual(a.get_components(), [(b("CN"), b("foo"))])
a.organizationalUnitName = "bar"
self.assertEqual(
a.get_components(),
- [("CN", "foo"), ("OU", "bar")])
+ [(b("CN"), b("foo")), (b("OU"), b("bar"))])
class _PKeyInteractionTestsMixin:
@@ -913,7 +921,7 @@
"""
request = X509Req()
request.add_extensions([
- X509Extension('basicConstraints', True, 'CA:false')])
+ X509Extension(b('basicConstraints'), True, b('CA:false'))])
# XXX Add get_extensions so the rest of this unit test can be written.
@@ -1043,27 +1051,28 @@
self.assertEqual(get(), None)
# GMT (Or is it UTC?) -exarkun
- when = "20040203040506Z"
+ when = b("20040203040506Z")
set(when)
self.assertEqual(get(), when)
# A plus two hours and thirty minutes offset
- when = "20040203040506+0530"
+ when = b("20040203040506+0530")
set(when)
self.assertEqual(get(), when)
# A minus one hour fifteen minutes offset
- when = "20040203040506-0115"
+ when = b("20040203040506-0115")
set(when)
self.assertEqual(get(), when)
# An invalid string results in a ValueError
- self.assertRaises(ValueError, set, "foo bar")
+ self.assertRaises(ValueError, set, b("foo bar"))
# The wrong number of arguments results in a TypeError.
self.assertRaises(TypeError, set)
- self.assertRaises(TypeError, set, "20040203040506Z", "20040203040506Z")
- self.assertRaises(TypeError, get, "foo bar")
+ self.assertRaises(TypeError, set, b("20040203040506Z"), b("20040203040506Z"))
+ self.assertRaises(TypeError, get, b("foo bar"))
+
# XXX ASN1_TIME (not GENERALIZEDTIME)
@@ -1092,7 +1101,7 @@
internally.
"""
cert = load_certificate(FILETYPE_PEM, self.pemData)
- self.assertEqual(cert.get_notBefore(), "20090325123658Z")
+ self.assertEqual(cert.get_notBefore(), b("20090325123658Z"))
def test_get_notAfter(self):
@@ -1102,7 +1111,7 @@
internally.
"""
cert = load_certificate(FILETYPE_PEM, self.pemData)
- self.assertEqual(cert.get_notAfter(), "20170611123658Z")
+ self.assertEqual(cert.get_notAfter(), b("20170611123658Z"))
def test_gmtime_adj_notBefore_wrong_args(self):
@@ -1124,7 +1133,7 @@
cert = load_certificate(FILETYPE_PEM, self.pemData)
now = datetime.utcnow() + timedelta(seconds=100)
cert.gmtime_adj_notBefore(100)
- self.assertEqual(cert.get_notBefore(), now.strftime("%Y%m%d%H%M%SZ"))
+ self.assertEqual(cert.get_notBefore(), b(now.strftime("%Y%m%d%H%M%SZ")))
def test_gmtime_adj_notAfter_wrong_args(self):
@@ -1146,7 +1155,7 @@
cert = load_certificate(FILETYPE_PEM, self.pemData)
now = datetime.utcnow() + timedelta(seconds=100)
cert.gmtime_adj_notAfter(100)
- self.assertEqual(cert.get_notAfter(), now.strftime("%Y%m%d%H%M%SZ"))
+ self.assertEqual(cert.get_notAfter(), b(now.strftime("%Y%m%d%H%M%SZ")))
def test_has_expired_wrong_args(self):
@@ -1186,7 +1195,7 @@
cert = X509()
self.assertEqual(
cert.digest("md5"),
- "A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15")
+ b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
def test_invalid_digest_algorithm(self):
@@ -1215,8 +1224,8 @@
self.assertTrue(isinstance(subj, X509Name))
self.assertEquals(
subj.get_components(),
- [('C', 'US'), ('ST', 'IL'), ('L', 'Chicago'),
- ('O', 'Testing'), ('CN', 'Testing Root CA')])
+ [(b('C'), b('US')), (b('ST'), b('IL')), (b('L'), b('Chicago')),
+ (b('O'), b('Testing')), (b('CN'), b('Testing Root CA'))])
def test_set_subject_wrong_args(self):
@@ -1242,7 +1251,7 @@
cert.set_subject(name)
self.assertEquals(
cert.get_subject().get_components(),
- [('C', 'AU'), ('O', 'Unit Tests')])
+ [(b('C'), b('AU')), (b('O'), b('Unit Tests'))])
def test_get_issuer_wrong_args(self):
@@ -1260,10 +1269,11 @@
cert = load_certificate(FILETYPE_PEM, self.pemData)
subj = cert.get_issuer()
self.assertTrue(isinstance(subj, X509Name))
+ comp = subj.get_components()
self.assertEquals(
- subj.get_components(),
- [('C', 'US'), ('ST', 'IL'), ('L', 'Chicago'),
- ('O', 'Testing'), ('CN', 'Testing Root CA')])
+ comp,
+ [(b('C'), b('US')), (b('ST'), b('IL')), (b('L'), b('Chicago')),
+ (b('O'), b('Testing')), (b('CN'), b('Testing Root CA'))])
def test_set_issuer_wrong_args(self):
@@ -1289,7 +1299,7 @@
cert.set_issuer(name)
self.assertEquals(
cert.get_issuer().get_components(),
- [('C', 'AU'), ('O', 'Unit Tests')])
+ [(b('C'), b('AU')), (b('O'), b('Unit Tests'))])
def test_get_pubkey_uninitialized(self):
@@ -1499,8 +1509,8 @@
"""
passwd = 'whatever'
e = self.assertRaises(Error, load_pkcs12, 'fruit loops', passwd)
- self.assertEqual( e[0][0][0], 'asn1 encoding routines')
- self.assertEqual( len(e[0][0]), 3)
+ self.assertEqual( e.args[0][0][0], 'asn1 encoding routines')
+ self.assertEqual( len(e.args[0][0]), 3)
def test_replace(self):
@@ -1531,7 +1541,7 @@
"""
passwd = 'Dogmeat[]{}!@#$%^&*()~`?/.,<>-_+=";:'
p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
- for friendly_name in ['Serverlicious', None, '###']:
+ for friendly_name in [b('Serverlicious'), None, b('###')]:
p12.set_friendlyname(friendly_name)
self.assertEqual(p12.get_friendlyname(), friendly_name)
dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
@@ -1684,13 +1694,14 @@
the given PEM to its stdin. Not safe for quotes.
"""
if os.name == 'posix':
- command = "openssl " + " ".join(["'%s'" % (arg.replace("'", "'\\''"),) for arg in args])
+ command = "openssl " + " ".join([
+ "'%s'" % (arg.replace("'", "'\\''"),) for arg in args])
else:
command = "openssl " + quoteArguments(args)
- write, read = popen2(command, "b")
- write.write(pem)
- write.close()
- return read.read()
+ proc = Popen(command, shell=True, stdin=PIPE, stdout=PIPE)
+ proc.stdin.write(pem)
+ proc.stdin.close()
+ return proc.stdout.read()
@@ -1732,7 +1743,7 @@
"""
self.assertRaises(
Error,
- load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, "quack")
+ load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, b("quack"))
def test_load_privatekey_passphrase(self):
@@ -1839,10 +1850,10 @@
"""
L{dump_privatekey} writes an encrypted PEM when given a passphrase.
"""
- passphrase = "foo"
+ passphrase = b("foo")
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)
- self.assertTrue(isinstance(pem, str))
+ self.assertTrue(isinstance(pem, bytes))
loadedKey = load_privatekey(FILETYPE_PEM, pem, passphrase)
self.assertTrue(isinstance(loadedKey, PKeyType))
self.assertEqual(loadedKey.type(), key.type())
@@ -1911,14 +1922,14 @@
L{dump_privatekey} writes an encrypted PEM when given a callback which
returns the correct passphrase.
"""
- passphrase = "foo"
+ passphrase = b("foo")
called = []
def cb(writing):
called.append(writing)
return passphrase
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", cb)
- self.assertTrue(isinstance(pem, str))
+ self.assertTrue(isinstance(pem, bytes))
self.assertEqual(called, [True])
loadedKey = load_privatekey(FILETYPE_PEM, pem, passphrase)
self.assertTrue(isinstance(loadedKey, PKeyType))
@@ -2039,7 +2050,7 @@
L{PKCS7Type.get_type_name} returns a C{str} giving the type name.
"""
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
- self.assertEquals(pkcs7.get_type_name(), 'pkcs7-signedData')
+ self.assertEquals(pkcs7.get_type_name(), b('pkcs7-signedData'))
def test_attribute(self):
@@ -2095,7 +2106,7 @@
"""
nspki = NetscapeSPKI()
blob = nspki.b64_encode()
- self.assertTrue(isinstance(blob, str))
+ self.assertTrue(isinstance(blob, bytes))
@@ -2109,11 +2120,11 @@
that it is empty.
"""
revoked = Revoked()
- self.assertTrue( isinstance(revoked, Revoked) )
- self.assertEqual( type(revoked), Revoked )
- self.assertEqual( revoked.get_serial(), '00' )
- self.assertEqual( revoked.get_rev_date(), None )
- self.assertEqual( revoked.get_reason(), None )
+ self.assertTrue(isinstance(revoked, Revoked))
+ self.assertEquals(type(revoked), Revoked)
+ self.assertEquals(revoked.get_serial(), b('00'))
+ self.assertEquals(revoked.get_rev_date(), None)
+ self.assertEquals(revoked.get_reason(), None)
def test_construction_wrong_args(self):
@@ -2133,16 +2144,16 @@
with grace.
"""
revoked = Revoked()
- ret = revoked.set_serial('10b')
- self.assertEqual( ret, None )
+ ret = revoked.set_serial(b('10b'))
+ self.assertEquals(ret, None)
ser = revoked.get_serial()
- self.assertEqual( ser, '010B' )
+ self.assertEquals(ser, b('010B'))
- revoked.set_serial('31ppp') # a type error would be nice
+ revoked.set_serial(b('31ppp')) # a type error would be nice
ser = revoked.get_serial()
- self.assertEqual( ser, '31' )
+ self.assertEquals(ser, b('31'))
- self.assertRaises(ValueError, revoked.set_serial, 'pqrst')
+ self.assertRaises(ValueError, revoked.set_serial, b('pqrst'))
self.assertRaises(TypeError, revoked.set_serial, 100)
self.assertRaises(TypeError, revoked.get_serial, 1)
self.assertRaises(TypeError, revoked.get_serial, None)
@@ -2157,13 +2168,13 @@
"""
revoked = Revoked()
date = revoked.get_rev_date()
- self.assertEqual( date, None )
+ self.assertEquals(date, None)
- now = datetime.now().strftime("%Y%m%d%H%M%SZ")
+ now = b(datetime.now().strftime("%Y%m%d%H%M%SZ"))
ret = revoked.set_rev_date(now)
- self.assertEqual( ret, None )
+ self.assertEqual(ret, None)
date = revoked.get_rev_date()
- self.assertEqual( date, now )
+ self.assertEqual(date, now)
def test_reason(self):
@@ -2174,12 +2185,13 @@
"""
revoked = Revoked()
for r in revoked.all_reasons():
- for x in xrange(2):
+ for x in range(2):
ret = revoked.set_reason(r)
- self.assertEqual( ret, None )
+ self.assertEquals(ret, None)
reason = revoked.get_reason()
- self.assertEqual( reason.lower().replace(' ',''),
- r.lower().replace(' ','') )
+ self.assertEquals(
+ reason.lower().replace(b(' '), b('')),
+ r.lower().replace(b(' '), b('')))
r = reason # again with the resp of get
revoked.set_reason(None)
@@ -2194,7 +2206,7 @@
"""
revoked = Revoked()
self.assertRaises(TypeError, revoked.set_reason, 100)
- self.assertRaises(ValueError, revoked.set_reason, 'blue')
+ self.assertRaises(ValueError, revoked.set_reason, b('blue'))
def test_get_reason_wrong_arguments(self):
@@ -2244,25 +2256,25 @@
"""
crl = CRL()
revoked = Revoked()
- now = datetime.now().strftime("%Y%m%d%H%M%SZ")
+ now = b(datetime.now().strftime("%Y%m%d%H%M%SZ"))
revoked.set_rev_date(now)
- revoked.set_serial('3ab')
- revoked.set_reason('sUpErSeDEd')
+ revoked.set_serial(b('3ab'))
+ revoked.set_reason(b('sUpErSeDEd'))
crl.add_revoked(revoked)
# PEM format
dumped_crl = crl.export(self.cert, self.pkey, days=20)
text = _runopenssl(dumped_crl, "crl", "-noout", "-text")
- text.index('Serial Number: 03AB')
- text.index('Superseded')
- text.index('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA')
+ text.index(b('Serial Number: 03AB'))
+ text.index(b('Superseded'))
+ text.index(b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'))
# DER format
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
text = _runopenssl(dumped_crl, "crl", "-noout", "-text", "-inform", "DER")
- text.index('Serial Number: 03AB')
- text.index('Superseded')
- text.index('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA')
+ text.index(b('Serial Number: 03AB'))
+ text.index(b('Superseded'))
+ text.index(b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'))
# text format
dumped_text = crl.export(self.cert, self.pkey, type=FILETYPE_TEXT)
@@ -2317,20 +2329,20 @@
crl = CRL()
revoked = Revoked()
- now = datetime.now().strftime("%Y%m%d%H%M%SZ")
+ now = b(datetime.now().strftime("%Y%m%d%H%M%SZ"))
revoked.set_rev_date(now)
- revoked.set_serial('3ab')
+ revoked.set_serial(b('3ab'))
crl.add_revoked(revoked)
- revoked.set_serial('100')
- revoked.set_reason('sUpErSeDEd')
+ revoked.set_serial(b('100'))
+ revoked.set_reason(b('sUpErSeDEd'))
crl.add_revoked(revoked)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(type(revs[0]), Revoked)
self.assertEqual(type(revs[1]), Revoked)
- self.assertEqual(revs[0].get_serial(), '03AB')
- self.assertEqual(revs[1].get_serial(), '0100')
+ self.assertEqual(revs[0].get_serial(), b('03AB'))
+ self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[0].get_rev_date(), now)
self.assertEqual(revs[1].get_rev_date(), now)
@@ -2366,19 +2378,19 @@
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
- self.assertEqual(revs[0].get_serial(), '03AB')
+ self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
- self.assertEqual(revs[1].get_serial(), '0100')
- self.assertEqual(revs[1].get_reason(), 'Superseded')
+ self.assertEqual(revs[1].get_serial(), b('0100'))
+ self.assertEqual(revs[1].get_reason(), b('Superseded'))
der = _runopenssl(crlData, "crl", "-outform", "DER")
crl = load_crl(FILETYPE_ASN1, der)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
- self.assertEqual(revs[0].get_serial(), '03AB')
+ self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
- self.assertEqual(revs[1].get_serial(), '0100')
- self.assertEqual(revs[1].get_reason(), 'Superseded')
+ self.assertEqual(revs[1].get_serial(), b('0100'))
+ self.assertEqual(revs[1].get_reason(), b('Superseded'))
def test_load_crl_wrong_args(self):
@@ -2415,7 +2427,7 @@
"""
L{sign} generates a cryptographic signature which L{verify} can check.
"""
- content = (
+ content = b(
"It was a bright cold day in April, and the clocks were striking "
"thirteen. Winston Smith, his chin nuzzled into his breast in an "
"effort to escape the vile wind, slipped quickly through the "
@@ -2429,7 +2441,7 @@
# certificate unrelated to priv_key, used to trigger an error
bad_cert = load_certificate(FILETYPE_PEM, server_cert_pem)
- for digest in ('md5', 'sha1'):
+ for digest in (b('md5'), b('sha1')):
sig = sign(priv_key, content, digest)
# Verify the signature of content, will throw an exception if error.
@@ -2441,11 +2453,15 @@
# This should fail because we've "tainted" the content after
# signing it.
- self.assertRaises(Error, verify, good_cert, sig, content+"tainted", digest)
+ self.assertRaises(
+ Error, verify,
+ good_cert, sig, content + b("tainted"), digest)
# test that unknown digest types fail
- self.assertRaises(ValueError, sign, priv_key, content, "strange-digest")
- self.assertRaises(ValueError, verify, good_cert, sig, content, "strange-digest")
+ self.assertRaises(
+ ValueError, sign, priv_key, content, b("strange-digest"))
+ self.assertRaises(
+ ValueError, verify, good_cert, sig, content, b("strange-digest"))
if __name__ == '__main__':
diff --git a/OpenSSL/test/test_rand.py b/OpenSSL/test/test_rand.py
index 2849f38..a785168 100644
--- a/OpenSSL/test/test_rand.py
+++ b/OpenSSL/test/test_rand.py
@@ -8,7 +8,7 @@
import os
import stat
-from OpenSSL.test.util import TestCase
+from OpenSSL.test.util import TestCase, b
from OpenSSL import rand
@@ -46,16 +46,16 @@
type C{str} and C{int}, L{OpenSSL.rand.add} raises L{TypeError}.
"""
self.assertRaises(TypeError, rand.add)
- self.assertRaises(TypeError, rand.add, "foo", None)
+ self.assertRaises(TypeError, rand.add, b("foo"), None)
self.assertRaises(TypeError, rand.add, None, 3)
- self.assertRaises(TypeError, rand.add, "foo", 3, None)
+ self.assertRaises(TypeError, rand.add, b("foo"), 3, None)
def test_add(self):
"""
L{OpenSSL.rand.add} adds entropy to the PRNG.
"""
- rand.add('hamburger', 3)
+ rand.add(b('hamburger'), 3)
def test_seed_wrong_args(self):
@@ -65,14 +65,14 @@
"""
self.assertRaises(TypeError, rand.seed)
self.assertRaises(TypeError, rand.seed, None)
- self.assertRaises(TypeError, rand.seed, "foo", None)
+ self.assertRaises(TypeError, rand.seed, b("foo"), None)
def test_seed(self):
"""
L{OpenSSL.rand.seed} adds entropy to the PRNG.
"""
- rand.seed('milk shake')
+ rand.seed(b('milk shake'))
def test_status_wrong_args(self):
@@ -162,7 +162,7 @@
# Write random bytes to a file
tmpfile = self.mktemp()
# Make sure it exists (so cleanup definitely succeeds)
- fObj = file(tmpfile, 'w')
+ fObj = open(tmpfile, 'w')
fObj.close()
try:
rand.write_file(tmpfile)
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index 1ba80ab..6c8579b 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -23,7 +23,7 @@
from OpenSSL.SSL import Error, SysCallError, WantReadError, ZeroReturnError
from OpenSSL.SSL import Context, ContextType, Connection, ConnectionType
-from OpenSSL.test.util import TestCase
+from OpenSSL.test.util import TestCase, bytes, b
from OpenSSL.test.test_crypto import cleartextCertificatePEM, cleartextPrivateKeyPEM
from OpenSSL.test.test_crypto import client_cert_pem, client_key_pem
from OpenSSL.test.test_crypto import server_cert_pem, server_key_pem, root_cert_pem
@@ -52,7 +52,6 @@
def verify_cb(conn, cert, errnum, depth, ok):
- # print conn, cert, X509_verify_cert_error_string(errnum), depth, ok
return ok
def socket_pair():
@@ -72,10 +71,10 @@
# Let's pass some unencrypted data to make sure our socket connection is
# fine. Just one byte, so we don't have to worry about buffers getting
# filled up or fragmentation.
- server.send("x")
- assert client.recv(1024) == "x"
- client.send("y")
- assert server.recv(1024) == "y"
+ server.send(b("x"))
+ assert client.recv(1024) == b("x")
+ client.send(b("y"))
+ assert server.recv(1024) == b("y")
# Most of our callers want non-blocking sockets, make it easy for them.
server.setblocking(False)
@@ -85,6 +84,18 @@
+def handshake(client, server):
+ conns = [client, server]
+ while conns:
+ for conn in conns:
+ try:
+ conn.do_handshake()
+ except WantReadError:
+ pass
+ else:
+ conns.remove(conn)
+
+
class _LoopbackMixin:
"""
Helper mixin which defines methods for creating a connected socket pair and
@@ -101,12 +112,7 @@
client = Connection(Context(TLSv1_METHOD), client)
client.set_connect_state()
- for i in range(3):
- for conn in [client, server]:
- try:
- conn.do_handshake()
- except WantReadError:
- pass
+ handshake(client, server)
server.setblocking(True)
client.setblocking(True)
@@ -305,8 +311,9 @@
key = PKey()
key.generate_key(TYPE_RSA, 128)
pemFile = self.mktemp()
- fObj = file(pemFile, 'w')
- fObj.write(dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase))
+ fObj = open(pemFile, 'w')
+ pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)
+ fObj.write(pem.decode('ascii'))
fObj.close()
return pemFile
@@ -327,7 +334,7 @@
L{Context.set_passwd_cb} accepts a callable which will be invoked when
a private key is loaded from an encrypted PEM.
"""
- passphrase = "foobar"
+ passphrase = b("foobar")
pemFile = self._write_encrypted_pem(passphrase)
calledWith = []
def passphraseCallback(maxlen, verify, extra):
@@ -347,7 +354,7 @@
L{Context.use_privatekey_file} propagates any exception raised by the
passphrase callback.
"""
- pemFile = self._write_encrypted_pem("monkeys are nice")
+ pemFile = self._write_encrypted_pem(b("monkeys are nice"))
def passphraseCallback(maxlen, verify, extra):
raise RuntimeError("Sorry, I am a fail.")
@@ -361,7 +368,7 @@
L{Context.use_privatekey_file} raises L{OpenSSL.SSL.Error} if the
passphrase callback returns a false value.
"""
- pemFile = self._write_encrypted_pem("monkeys are nice")
+ pemFile = self._write_encrypted_pem(b("monkeys are nice"))
def passphraseCallback(maxlen, verify, extra):
return None
@@ -375,7 +382,7 @@
L{Context.use_privatekey_file} raises L{OpenSSL.SSL.Error} if the
passphrase callback returns a true non-string value.
"""
- pemFile = self._write_encrypted_pem("monkeys are nice")
+ pemFile = self._write_encrypted_pem(b("monkeys are nice"))
def passphraseCallback(maxlen, verify, extra):
return 10
@@ -390,11 +397,11 @@
longer than the indicated maximum length, it is truncated.
"""
# A priori knowledge!
- passphrase = "x" * 1024
+ passphrase = b("x") * 1024
pemFile = self._write_encrypted_pem(passphrase)
def passphraseCallback(maxlen, verify, extra):
assert maxlen == 1024
- return passphrase + "y"
+ return passphrase + b("y")
context = Context(TLSv1_METHOD)
context.set_passwd_cb(passphraseCallback)
@@ -465,16 +472,11 @@
serverSSL = Connection(serverContext, server)
serverSSL.set_accept_state()
- for i in range(3):
- for ssl in clientSSL, serverSSL:
- try:
- # Without load_verify_locations above, the handshake
- # will fail:
- # Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
- # 'certificate verify failed')]
- ssl.do_handshake()
- except WantReadError:
- pass
+ # Without load_verify_locations above, the handshake
+ # will fail:
+ # Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
+ # 'certificate verify failed')]
+ handshake(clientSSL, serverSSL)
cert = clientSSL.get_peer_certificate()
self.assertEqual(cert.get_subject().CN, 'Testing Root CA')
@@ -486,8 +488,8 @@
certificates within for verification purposes.
"""
cafile = self.mktemp()
- fObj = file(cafile, 'w')
- fObj.write(cleartextCertificatePEM)
+ fObj = open(cafile, 'w')
+ fObj.write(cleartextCertificatePEM.decode('ascii'))
fObj.close()
self._load_verify_locations_test(cafile)
@@ -513,8 +515,8 @@
# Hash value computed manually with c_rehash to avoid depending on
# c_rehash in the test suite.
cafile = join(capath, 'c7adac82.0')
- fObj = file(cafile, 'w')
- fObj.write(cleartextCertificatePEM)
+ fObj = open(cafile, 'w')
+ fObj.write(cleartextCertificatePEM.decode('ascii'))
fObj.close()
self._load_verify_locations_test(None, capath)
@@ -596,7 +598,7 @@
2. A new intermediate certificate signed by cacert (icert)
3. A new server certificate signed by icert (scert)
"""
- caext = X509Extension('basicConstraints', False, 'CA:true')
+ caext = X509Extension(b('basicConstraints'), False, b('CA:true'))
# Step 1
cakey = PKey()
@@ -605,8 +607,8 @@
cacert.get_subject().commonName = "Authority Certificate"
cacert.set_issuer(cacert.get_subject())
cacert.set_pubkey(cakey)
- cacert.set_notBefore("20000101000000Z")
- cacert.set_notAfter("20200101000000Z")
+ cacert.set_notBefore(b("20000101000000Z"))
+ cacert.set_notAfter(b("20200101000000Z"))
cacert.add_extensions([caext])
cacert.set_serial_number(0)
cacert.sign(cakey, "sha1")
@@ -618,8 +620,8 @@
icert.get_subject().commonName = "Intermediate Certificate"
icert.set_issuer(cacert.get_subject())
icert.set_pubkey(ikey)
- icert.set_notBefore("20000101000000Z")
- icert.set_notAfter("20200101000000Z")
+ icert.set_notBefore(b("20000101000000Z"))
+ icert.set_notAfter(b("20200101000000Z"))
icert.add_extensions([caext])
icert.set_serial_number(0)
icert.sign(cakey, "sha1")
@@ -631,9 +633,10 @@
scert.get_subject().commonName = "Server Certificate"
scert.set_issuer(icert.get_subject())
scert.set_pubkey(skey)
- scert.set_notBefore("20000101000000Z")
- scert.set_notAfter("20200101000000Z")
- scert.add_extensions([X509Extension('basicConstraints', True, 'CA:false')])
+ scert.set_notBefore(b("20000101000000Z"))
+ scert.set_notAfter(b("20200101000000Z"))
+ scert.add_extensions([
+ X509Extension(b('basicConstraints'), True, b('CA:false'))])
scert.set_serial_number(0)
scert.sign(ikey, "sha1")
@@ -681,16 +684,13 @@
# Dump the CA certificate to a file because that's the only way to load
# it as a trusted CA in the client context.
for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:
- fObj = file(name, 'w')
- fObj.write(dump_certificate(FILETYPE_PEM, cert))
- fObj.close()
- fObj = file(name.replace('pem', 'asn1'), 'w')
- fObj.write(dump_certificate(FILETYPE_ASN1, cert))
+ fObj = open(name, 'w')
+ fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))
fObj.close()
for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:
- fObj = file(name, 'w')
- fObj.write(dump_privatekey(FILETYPE_PEM, key))
+ fObj = open(name, 'w')
+ fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))
fObj.close()
# Create the server context
@@ -724,19 +724,19 @@
# Write out the chain file.
chainFile = self.mktemp()
- fObj = file(chainFile, 'w')
+ fObj = open(chainFile, 'w')
# Most specific to least general.
- fObj.write(dump_certificate(FILETYPE_PEM, scert))
- fObj.write(dump_certificate(FILETYPE_PEM, icert))
- fObj.write(dump_certificate(FILETYPE_PEM, cacert))
+ fObj.write(dump_certificate(FILETYPE_PEM, scert).decode('ascii'))
+ fObj.write(dump_certificate(FILETYPE_PEM, icert).decode('ascii'))
+ fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))
fObj.close()
serverContext = Context(TLSv1_METHOD)
serverContext.use_certificate_chain_file(chainFile)
serverContext.use_privatekey(skey)
- fObj = file('ca.pem', 'w')
- fObj.write(dump_certificate(FILETYPE_PEM, cacert))
+ fObj = open('ca.pem', 'w')
+ fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))
fObj.close()
clientContext = Context(TLSv1_METHOD)
@@ -921,21 +921,24 @@
# XXX An assertion? Or something?
- def test_connect_ex(self):
- """
- If there is a connection error, L{Connection.connect_ex} returns the
- errno instead of raising an exception.
- """
- port = socket()
- port.bind(('', 0))
- port.listen(3)
+ if platform == "darwin":
+ "connect_ex sometimes causes a kernel panic on OS X 10.6.4"
+ else:
+ def test_connect_ex(self):
+ """
+ If there is a connection error, L{Connection.connect_ex} returns the
+ errno instead of raising an exception.
+ """
+ port = socket()
+ port.bind(('', 0))
+ port.listen(3)
- clientSSL = Connection(Context(TLSv1_METHOD), socket())
- clientSSL.setblocking(False)
- result = clientSSL.connect_ex(port.getsockname())
- expected = (EINPROGRESS, EWOULDBLOCK)
- self.assertTrue(
- result in expected, "%r not in %r" % (result, expected))
+ clientSSL = Connection(Context(TLSv1_METHOD), socket())
+ clientSSL.setblocking(False)
+ result = clientSSL.connect_ex(port.getsockname())
+ expected = (EINPROGRESS, EWOULDBLOCK)
+ self.assertTrue(
+ result in expected, "%r not in %r" % (result, expected))
def test_accept_wrong_args(self):
@@ -1092,8 +1095,8 @@
it.
"""
server, client = self._loopback()
- server.sendall('x')
- self.assertEquals(client.recv(1), 'x')
+ server.sendall(b('x'))
+ self.assertEquals(client.recv(1), b('x'))
def test_long(self):
@@ -1105,15 +1108,15 @@
# Should be enough, underlying SSL_write should only do 16k at a time.
# On Windows, after 32k of bytes the write will block (forever - because
# no one is yet reading).
- message ='x' * (1024 * 32 - 1) + 'y'
+ message = b('x') * (1024 * 32 - 1) + b('y')
server.sendall(message)
accum = []
received = 0
while received < len(message):
- bytes = client.recv(1024)
- accum.append(bytes)
- received += len(bytes)
- self.assertEquals(message, ''.join(accum))
+ data = client.recv(1024)
+ accum.append(data)
+ received += len(data)
+ self.assertEquals(message, b('').join(accum))
def test_closed(self):
@@ -1122,8 +1125,7 @@
write error from the low level write call.
"""
server, client = self._loopback()
- client.close()
- server.sendall("hello, world")
+ server.sock_shutdown(2)
self.assertRaises(SysCallError, server.sendall, "hello, world")
@@ -1314,7 +1316,7 @@
self.assertNotEquals(client_conn.client_random(), client_conn.server_random())
# Here are the bytes we'll try to send.
- important_message = 'One if by land, two if by sea.'
+ important_message = b('One if by land, two if by sea.')
server_conn.write(important_message)
self.assertEquals(
@@ -1337,26 +1339,9 @@
code, as no memory BIO is involved here). Even though this isn't a
memory BIO test, it's convenient to have it here.
"""
- (server, client) = socket_pair()
+ server_conn, client_conn = self._loopback()
- # Let the encryption begin...
- client_conn = self._client(client)
- server_conn = self._server(server)
-
- # Establish the connection
- established = False
- while not established:
- established = True # assume the best
- for ssl in client_conn, server_conn:
- try:
- # Generally a recv() or send() could also work instead
- # of do_handshake(), and we would stop on the first
- # non-exception.
- ssl.do_handshake()
- except WantReadError:
- established = False
-
- important_message = "Help me Obi Wan Kenobi, you're my only hope."
+ important_message = b("Help me Obi Wan Kenobi, you're my only hope.")
client_conn.send(important_message)
msg = server_conn.recv(1024)
self.assertEqual(msg, important_message)
diff --git a/OpenSSL/test/util.py b/OpenSSL/test/util.py
index 34585ee..61246a6 100644
--- a/OpenSSL/test/util.py
+++ b/OpenSSL/test/util.py
@@ -16,6 +16,17 @@
from OpenSSL.crypto import Error, _exception_from_error_queue
+try:
+ bytes = bytes
+except NameError:
+ def b(s):
+ return s
+ bytes = str
+else:
+ def b(s):
+ return s.encode("ascii")
+
+
class TestCase(TestCase):
"""
L{TestCase} adds useful testing functionality beyond what is available
@@ -35,7 +46,8 @@
os.unlink(temp)
try:
_exception_from_error_queue()
- except Error, e:
+ except Error:
+ e = sys.exc_info()[1]
if e.args != ([],):
self.fail("Left over errors in OpenSSL error queue: " + repr(e))
@@ -86,7 +98,8 @@
"""
try:
result = f(*args, **kwargs)
- except exception, inst:
+ except exception:
+ inst = sys.exc_info()[1]
return inst
except:
raise self.failureException('%s raised instead of %s'
diff --git a/OpenSSL/tsafe.py b/OpenSSL/tsafe.py
index 2b5f1a2..fe4b75f 100644
--- a/OpenSSL/tsafe.py
+++ b/OpenSSL/tsafe.py
@@ -19,10 +19,10 @@
'sock_shutdown', 'get_peer_certificate', 'want_read',
'want_write', 'set_connect_state', 'set_accept_state',
'connect_ex', 'sendall'):
- exec """def %s(self, *args):
+ exec("""def %s(self, *args):
self._lock.acquire()
try:
- return apply(self._ssl_conn.%s, args)
+ return self._ssl_conn.%s(*args)
finally:
- self._lock.release()\n""" % (f, f)
+ self._lock.release()\n""" % (f, f))
diff --git a/OpenSSL/util.c b/OpenSSL/util.c
index ae6ee5e..3859cb8 100644
--- a/OpenSSL/util.c
+++ b/OpenSSL/util.c
@@ -59,3 +59,37 @@
PyObject *list = error_queue_to_list();
Py_DECREF(list);
}
+
+#if (PY_VERSION_HEX < 0x02600000)
+PyObject* PyOpenSSL_LongToHex(PyObject *o) {
+ PyObject *hex = NULL;
+ PyObject *format = NULL;
+ PyObject *format_args = NULL;
+
+ if ((format_args = Py_BuildValue("(O)", o)) == NULL) {
+ goto err;
+ }
+
+ if ((format = PyString_FromString("%x")) == NULL) {
+ goto err;
+ }
+
+ if ((hex = PyString_Format(format, format_args)) == NULL) {
+ goto err;
+ }
+
+ return hex;
+
+ err:
+ if (format_args) {
+ Py_DECREF(format_args);
+ }
+ if (format) {
+ Py_DECREF(format);
+ }
+ if (hex) {
+ Py_DECREF(hex);
+ }
+ return NULL;
+}
+#endif
diff --git a/OpenSSL/util.h b/OpenSSL/util.h
index d1157a7..bfbbb6c 100644
--- a/OpenSSL/util.h
+++ b/OpenSSL/util.h
@@ -22,6 +22,12 @@
*/
#include "pymemcompat.h"
+/*
+ * py3k defines macros that help with Python 2.x/3.x compatibility.
+ */
+#include "py3k.h"
+
+
extern PyObject *error_queue_to_list(void);
extern void exception_from_error_queue(PyObject *the_Error);
extern void flush_error_queue(void);
@@ -125,4 +131,10 @@
#define PY_SSIZE_T_MIN INT_MIN
#endif
+#if (PY_VERSION_HEX < 0x02600000)
+extern PyObject* PyOpenSSL_LongToHex(PyObject *o);
+#else
+#define PyOpenSSL_LongToHex(o) PyNumber_ToBase(o, 16)
+#endif
+
#endif