Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 0294e3de886135c19423cd3e6d05bc8d7b36aa71 / . / OpenSSL / ssl / context.c
blob: c8100b4ee1c3c083d7274ed734c384869d3b76f3 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1/*
2 * context.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -0400[diff] [blame]5 * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]6 *
7 * SSL Context objects and their methods.
8 * See the file RATIONALE for a short explanation of why this module was written.
9 *
10 * Reviewed 2001-07-23
11 */
12#include <Python.h>
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -0500[diff] [blame]13
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]14#if PY_VERSION_HEX >= 0x02050000
15# define PYARG_PARSETUPLE_FORMAT const char
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]16# define PYOBJECT_GETATTRSTRING_TYPE const char*
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]17#else
18# define PYARG_PARSETUPLE_FORMAT char
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]19# define PYOBJECT_GETATTRSTRING_TYPE char*
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]20#endif
21
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -0500[diff] [blame]22#ifndef MS_WINDOWS
23# include <sys/socket.h>
24# include <netinet/in.h>
25# if !(defined(__BEOS__) || defined(__CYGWIN__))
26# include <netinet/tcp.h>
27# endif
28#else
29# include <winsock.h>
30# include <wincrypt.h>
31#endif
32
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]33#define SSL_MODULE
34#include "ssl.h"
35
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]36/*
37 * CALLBACKS
38 *
39 * Callbacks work like this: We provide a "global" callback in C which
40 * transforms the arguments into a Python argument tuple and calls the
41 * corresponding Python callback, and then parsing the return value back into
42 * things the C function can return.
43 *
44 * Three caveats:
45 * + How do we find the Context object where the Python callbacks are stored?
46 * + What about multithreading and execution frames?
47 * + What about Python callbacks that raise exceptions?
48 *
49 * The solution to the first issue is trivial if the callback provides
50 * "userdata" functionality. Since the only callbacks that don't provide
51 * userdata do provide a pointer to an SSL structure, we can associate an SSL
52 * object and a Connection one-to-one via the SSL_set/get_app_data()
53 * functions.
54 *
55 * The solution to the other issue is to rewrite the Py_BEGIN_ALLOW_THREADS
56 * macro allowing it (or rather a new macro) to specify where to save the
57 * thread state (in our case, as a member of the Connection/Context object) so
58 * we can retrieve it again before calling the Python callback.
59 */
60
61/*
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]62 * Globally defined passphrase callback. This is called from OpenSSL
63 * internally. The GIL will not be held when this function is invoked. It
64 * must not be held when the function returns.
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]65 *
66 * Arguments: buf - Buffer to store the returned passphrase in
67 * maxlen - Maximum length of the passphrase
68 * verify - If true, the passphrase callback should ask for a
69 * password twice and verify they're equal. If false, only
70 * ask once.
71 * arg - User data, always a Context object
72 * Returns: The length of the password if successful, 0 otherwise
73 */
74static int
75global_passphrase_callback(char *buf, int maxlen, int verify, void *arg)
76{
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]77 /*
78 * Initialize len here because we're always going to return it, and we
79 * might jump to the return before it gets initialized in any other way.
80 */
81 int len = 0;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]82 char *str;
83 PyObject *argv, *ret = NULL;
84 ssl_ContextObj *ctx = (ssl_ContextObj *)arg;
85
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]86 /*
87 * GIL isn't held yet. First things first - acquire it, or any Python API
88 * we invoke might segfault or blow up the sun. The reverse will be done
89 * before returning.
90 */
91 MY_END_ALLOW_THREADS(ctx->tstate);
92
Jean-Paul Calderone5ef86512008-04-26 19:06:28 -0400[diff] [blame]93 /* The Python callback is called with a (maxlen,verify,userdata) tuple */
94 argv = Py_BuildValue("(iiO)", maxlen, verify, ctx->passphrase_userdata);
95
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]96 /*
97 * XXX Didn't check argv to see if it was NULL. -exarkun
98 */
99 ret = PyEval_CallObject(ctx->passphrase_callback, argv);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]100 Py_DECREF(argv);
101
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]102 if (ret == NULL) {
103 /*
Jean-Paul Calderonee1fc4ea2010-07-30 18:18:00 -0400[diff] [blame]104 * The callback raised an exception. It will be raised by whatever
105 * Python API triggered this callback.
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]106 */
107 goto out;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]108 }
109
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]110 if (!PyObject_IsTrue(ret)) {
111 /*
112 * Returned "", or None, or something. Treat it as no passphrase.
113 */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]114 Py_DECREF(ret);
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]115 goto out;
116 }
117
118 if (!PyString_Check(ret)) {
119 /*
Jean-Paul Calderonee1fc4ea2010-07-30 18:18:00 -0400[diff] [blame]120 * XXX Returned something that wasn't a string. This is bogus. We'll
121 * return 0 and OpenSSL will treat it as an error, resulting in an
122 * exception from whatever Python API triggered this callback.
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]123 */
124 Py_DECREF(ret);
125 goto out;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]126 }
127
128 len = PyString_Size(ret);
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]129 if (len > maxlen) {
130 /*
Jean-Paul Calderonee1fc4ea2010-07-30 18:18:00 -0400[diff] [blame]131 * Returned more than we said they were allowed to return. Just
132 * truncate it. Might be better to raise an exception,
133 * instead. -exarkun
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]134 */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]135 len = maxlen;
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]136 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]137
138 str = PyString_AsString(ret);
139 strncpy(buf, str, len);
140 Py_XDECREF(ret);
141
Jean-Paul Calderone828c9cb2008-04-26 18:06:54 -0400[diff] [blame]142 out:
143 /*
144 * This function is returning into OpenSSL. Release the GIL again.
145 */
146 MY_BEGIN_ALLOW_THREADS(ctx->tstate);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]147 return len;
148}
149
150/*
151 * Globally defined verify callback
152 *
153 * Arguments: ok - True everything is OK "so far", false otherwise
154 * x509_ctx - Contains the certificate being checked, the current
155 * error number and depth, and the Connection we're
156 * dealing with
157 * Returns: True if everything is okay, false otherwise
158 */
159static int
160global_verify_callback(int ok, X509_STORE_CTX *x509_ctx)
161{
162 PyObject *argv, *ret;
163 SSL *ssl;
164 ssl_ConnectionObj *conn;
165 crypto_X509Obj *cert;
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]166 int errnum, errdepth, c_ret;
Jean-Paul Calderone5ef86512008-04-26 19:06:28 -0400[diff] [blame]167
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]168 // Get Connection object to check thread state
169 ssl = (SSL *)X509_STORE_CTX_get_app_data(x509_ctx);
170 conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
Jean-Paul Calderone5ef86512008-04-26 19:06:28 -0400[diff] [blame]171
Jean-Paul Calderone26aea022008-09-21 18:47:06 -0400[diff] [blame]172 MY_END_ALLOW_THREADS(conn->tstate);
Jean-Paul Calderone5ef86512008-04-26 19:06:28 -0400[diff] [blame]173
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]174 cert = crypto_X509_New(X509_STORE_CTX_get_current_cert(x509_ctx), 0);
175 errnum = X509_STORE_CTX_get_error(x509_ctx);
176 errdepth = X509_STORE_CTX_get_error_depth(x509_ctx);
Jean-Paul Calderone5ef86512008-04-26 19:06:28 -0400[diff] [blame]177
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]178 argv = Py_BuildValue("(OOiii)", (PyObject *)conn, (PyObject *)cert,
179 errnum, errdepth, ok);
180 Py_DECREF(cert);
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]181 ret = PyEval_CallObject(conn->context->verify_callback, argv);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]182 Py_DECREF(argv);
183
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]184 if (ret != NULL && PyObject_IsTrue(ret)) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]185 X509_STORE_CTX_set_error(x509_ctx, X509_V_OK);
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]186 Py_DECREF(ret);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]187 c_ret = 1;
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]188 } else {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]189 c_ret = 0;
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]190 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]191
Jean-Paul Calderone26aea022008-09-21 18:47:06 -0400[diff] [blame]192 MY_BEGIN_ALLOW_THREADS(conn->tstate);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]193 return c_ret;
194}
195
196/*
Jean-Paul Calderone5ef86512008-04-26 19:06:28 -0400[diff] [blame]197 * Globally defined info callback. This is called from OpenSSL internally.
198 * The GIL will not be held when this function is invoked. It must not be held
199 * when the function returns.
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]200 *
201 * Arguments: ssl - The Connection
202 * where - The part of the SSL code that called us
203 * _ret - The return code of the SSL function that called us
204 * Returns: None
205 */
206static void
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]207global_info_callback(const SSL *ssl, int where, int _ret)
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]208{
209 ssl_ConnectionObj *conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
210 PyObject *argv, *ret;
211
Jean-Paul Calderone5ef86512008-04-26 19:06:28 -0400[diff] [blame]212 /*
213 * GIL isn't held yet. First things first - acquire it, or any Python API
214 * we invoke might segfault or blow up the sun. The reverse will be done
215 * before returning.
216 */
217 MY_END_ALLOW_THREADS(conn->tstate);
218
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]219 argv = Py_BuildValue("(Oii)", (PyObject *)conn, where, _ret);
Jean-Paul Calderone5ef86512008-04-26 19:06:28 -0400[diff] [blame]220 ret = PyEval_CallObject(conn->context->info_callback, argv);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]221 Py_DECREF(argv);
222
Jean-Paul Calderone5ef86512008-04-26 19:06:28 -0400[diff] [blame]223 if (ret == NULL) {
224 /*
225 * XXX - This should be reported somehow. -exarkun
226 */
227 PyErr_Clear();
228 } else {
229 Py_DECREF(ret);
230 }
231
232 /*
233 * This function is returning into OpenSSL. Release the GIL again.
234 */
235 MY_BEGIN_ALLOW_THREADS(conn->tstate);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]236 return;
237}
238
239
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]240static char ssl_Context_doc[] = "\n\
241Context(method) -> Context instance\n\
242\n\
243OpenSSL.SSL.Context instances define the parameters for setting up new SSL\n\
244connections.\n\
245\n\
246@param method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or\n\
247 TLSv1_METHOD.\n\
248";
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]249
250static char ssl_Context_load_verify_locations_doc[] = "\n\
251Let SSL know where we can find trusted certificates for the certificate\n\
252chain\n\
253\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]254@param cafile: In which file we can find the certificates\n\
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]255@param capath: In which directory we can find the certificates\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]256@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]257";
258static PyObject *
Jean-Paul Calderone1cb5d022008-09-07 20:58:50 -0400[diff] [blame]259ssl_Context_load_verify_locations(ssl_ContextObj *self, PyObject *args) {
260 char *cafile = NULL;
261 char *capath = NULL;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]262
Jean-Paul Calderone1cb5d022008-09-07 20:58:50 -0400[diff] [blame]263 if (!PyArg_ParseTuple(args, "z|z:load_verify_locations", &cafile, &capath)) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]264 return NULL;
Jean-Paul Calderone1cb5d022008-09-07 20:58:50 -0400[diff] [blame]265 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]266
Jean-Paul Calderone1cb5d022008-09-07 20:58:50 -0400[diff] [blame]267 if (!SSL_CTX_load_verify_locations(self->ctx, cafile, capath))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]268 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]269 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]270 return NULL;
271 }
272 else
273 {
274 Py_INCREF(Py_None);
275 return Py_None;
276 }
277}
278
Jean-Paul Calderone1cb5d022008-09-07 20:58:50 -0400[diff] [blame]279static char ssl_Context_set_default_verify_paths_doc[] = "\n\
280Use the platform-specific CA certificate locations\n\
281\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]282@return: None\n\
Jean-Paul Calderone1cb5d022008-09-07 20:58:50 -0400[diff] [blame]283";
284static PyObject *
285ssl_Context_set_default_verify_paths(ssl_ContextObj *self, PyObject *args) {
Jean-Paul Calderone9eadb962008-09-07 21:20:44 -0400[diff] [blame]286 if (!PyArg_ParseTuple(args, ":set_default_verify_paths")) {
287 return NULL;
288 }
289
Jean-Paul Calderone286b1922008-09-07 21:35:38 -0400[diff] [blame]290 /*
291 * XXX Error handling for SSL_CTX_set_default_verify_paths is untested.
292 * -exarkun
293 */
294 if (!SSL_CTX_set_default_verify_paths(self->ctx)) {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]295 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone286b1922008-09-07 21:35:38 -0400[diff] [blame]296 return NULL;
297 }
Jean-Paul Calderone1cb5d022008-09-07 20:58:50 -0400[diff] [blame]298 Py_INCREF(Py_None);
299 return Py_None;
300};
301
302
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]303static char ssl_Context_set_passwd_cb_doc[] = "\n\
304Set the passphrase callback\n\
305\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]306@param callback: The Python callback to use\n\
307@param userdata: (optional) A Python object which will be given as\n\
308 argument to the callback\n\
309@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]310";
311static PyObject *
312ssl_Context_set_passwd_cb(ssl_ContextObj *self, PyObject *args)
313{
314 PyObject *callback = NULL, *userdata = Py_None;
315
316 if (!PyArg_ParseTuple(args, "O|O:set_passwd_cb", &callback, &userdata))
317 return NULL;
318
319 if (!PyCallable_Check(callback))
320 {
321 PyErr_SetString(PyExc_TypeError, "expected PyCallable");
322 return NULL;
323 }
324
325 Py_DECREF(self->passphrase_callback);
326 Py_INCREF(callback);
327 self->passphrase_callback = callback;
328 SSL_CTX_set_default_passwd_cb(self->ctx, global_passphrase_callback);
329
330 Py_DECREF(self->passphrase_userdata);
331 Py_INCREF(userdata);
332 self->passphrase_userdata = userdata;
333 SSL_CTX_set_default_passwd_cb_userdata(self->ctx, (void *)self);
334
335 Py_INCREF(Py_None);
336 return Py_None;
337}
338
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]339static PyTypeObject *
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]340type_modified_error(const char *name) {
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]341 PyErr_Format(PyExc_RuntimeError,
342 "OpenSSL.crypto's '%s' attribute has been modified",
343 name);
344 return NULL;
345}
346
347static PyTypeObject *
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]348import_crypto_type(const char *name, size_t objsize) {
Ziga Seilnachtfdeadb12009-09-01 16:35:50 +0200[diff] [blame]349 PyObject *module, *type, *name_attr;
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]350 PyTypeObject *res;
Ziga Seilnachtfdeadb12009-09-01 16:35:50 +0200[diff] [blame]351 int right_name;
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]352
Ziga Seilnachtfdeadb12009-09-01 16:35:50 +0200[diff] [blame]353 module = PyImport_ImportModule("OpenSSL.crypto");
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]354 if (module == NULL) {
355 return NULL;
356 }
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]357 type = PyObject_GetAttrString(module, (PYOBJECT_GETATTRSTRING_TYPE)name);
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]358 Py_DECREF(module);
359 if (type == NULL) {
360 return NULL;
361 }
362 if (!(PyType_Check(type))) {
363 Py_DECREF(type);
364 return type_modified_error(name);
365 }
Ziga Seilnachtfdeadb12009-09-01 16:35:50 +0200[diff] [blame]366 name_attr = PyObject_GetAttrString(type, "__name__");
367 if (name_attr == NULL) {
368 Py_DECREF(type);
369 return NULL;
370 }
371 right_name = (PyString_CheckExact(name_attr) &&
372 strcmp(name, PyString_AsString(name_attr)) == 0);
373 Py_DECREF(name_attr);
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]374 res = (PyTypeObject *)type;
Ziga Seilnachtfdeadb12009-09-01 16:35:50 +0200[diff] [blame]375 if (!right_name || res->tp_basicsize != objsize) {
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]376 Py_DECREF(type);
377 return type_modified_error(name);
378 }
379 return res;
380}
381
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]382static crypto_X509Obj *
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]383parse_certificate_argument(const char* format, PyObject* args) {
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]384 static PyTypeObject *crypto_X509_type = NULL;
385 crypto_X509Obj *cert;
386
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]387 if (!crypto_X509_type) {
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]388 crypto_X509_type = import_crypto_type("X509", sizeof(crypto_X509Obj));
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]389 if (!crypto_X509_type) {
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]390 return NULL;
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]391 }
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]392 }
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]393 if (!PyArg_ParseTuple(args, (PYARG_PARSETUPLE_FORMAT *)format,
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400[diff] [blame]394 crypto_X509_type, &cert)) {
395 return NULL;
396 }
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]397 return cert;
398}
399
400static char ssl_Context_add_extra_chain_cert_doc[] = "\n\
401Add certificate to chain\n\
402\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]403@param certobj: The X509 certificate object to add to the chain\n\
404@return: None\n\
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]405";
406
407static PyObject *
408ssl_Context_add_extra_chain_cert(ssl_ContextObj *self, PyObject *args)
409{
Jean-Paul Calderone0ce98072008-02-18 23:22:29 -0500[diff] [blame]410 X509* cert_original;
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]411 crypto_X509Obj *cert = parse_certificate_argument(
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]412 "O!:add_extra_chain_cert", args);
Jean-Paul Calderone0ce98072008-02-18 23:22:29 -0500[diff] [blame]413 if (cert == NULL)
414 {
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]415 return NULL;
416 }
Jean-Paul Calderone0ce98072008-02-18 23:22:29 -0500[diff] [blame]417 if (!(cert_original = X509_dup(cert->x509)))
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]418 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]419 /* exception_from_error_queue(ssl_Error); */
Jean-Paul Calderone0ce98072008-02-18 23:22:29 -0500[diff] [blame]420 PyErr_SetString(PyExc_RuntimeError, "X509_dup failed");
421 return NULL;
422 }
423 if (!SSL_CTX_add_extra_chain_cert(self->ctx, cert_original))
424 {
425 X509_free(cert_original);
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]426 exception_from_error_queue(ssl_Error);
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]427 return NULL;
428 }
429 else
430 {
431 Py_INCREF(Py_None);
432 return Py_None;
433 }
434}
435
436
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]437static char ssl_Context_use_certificate_chain_file_doc[] = "\n\
438Load a certificate chain from a file\n\
439\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]440@param certfile: The name of the certificate chain file\n\
441@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]442";
443static PyObject *
444ssl_Context_use_certificate_chain_file(ssl_ContextObj *self, PyObject *args)
445{
446 char *certfile;
447
448 if (!PyArg_ParseTuple(args, "s:use_certificate_chain_file", &certfile))
449 return NULL;
450
451 if (!SSL_CTX_use_certificate_chain_file(self->ctx, certfile))
452 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]453 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]454 return NULL;
455 }
456 else
457 {
458 Py_INCREF(Py_None);
459 return Py_None;
460 }
461}
462
463
464static char ssl_Context_use_certificate_file_doc[] = "\n\
465Load a certificate from a file\n\
466\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]467@param certfile: The name of the certificate file\n\
468@param filetype: (optional) The encoding of the file, default is PEM\n\
469@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]470";
471static PyObject *
472ssl_Context_use_certificate_file(ssl_ContextObj *self, PyObject *args)
473{
474 char *certfile;
475 int filetype = SSL_FILETYPE_PEM;
476
477 if (!PyArg_ParseTuple(args, "s|i:use_certificate_file", &certfile, &filetype))
478 return NULL;
479
480 if (!SSL_CTX_use_certificate_file(self->ctx, certfile, filetype))
481 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]482 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]483 return NULL;
484 }
485 else
486 {
487 Py_INCREF(Py_None);
488 return Py_None;
489 }
490}
491
492static char ssl_Context_use_certificate_doc[] = "\n\
493Load a certificate from a X509 object\n\
494\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]495@param cert: The X509 object\n\
496@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]497";
498static PyObject *
499ssl_Context_use_certificate(ssl_ContextObj *self, PyObject *args)
500{
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]501 crypto_X509Obj *cert = parse_certificate_argument(
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]502 "O!:use_certificate", args);
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]503 if (cert == NULL) {
504 return NULL;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]505 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]506
507 if (!SSL_CTX_use_certificate(self->ctx, cert->x509))
508 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]509 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]510 return NULL;
511 }
512 else
513 {
514 Py_INCREF(Py_None);
515 return Py_None;
516 }
517}
518
519static char ssl_Context_use_privatekey_file_doc[] = "\n\
520Load a private key from a file\n\
521\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]522@param keyfile: The name of the key file\n\
523@param filetype: (optional) The encoding of the file, default is PEM\n\
524@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]525";
526static PyObject *
527ssl_Context_use_privatekey_file(ssl_ContextObj *self, PyObject *args)
528{
529 char *keyfile;
530 int filetype = SSL_FILETYPE_PEM, ret;
531
532 if (!PyArg_ParseTuple(args, "s|i:use_privatekey_file", &keyfile, &filetype))
533 return NULL;
534
535 MY_BEGIN_ALLOW_THREADS(self->tstate);
536 ret = SSL_CTX_use_PrivateKey_file(self->ctx, keyfile, filetype);
537 MY_END_ALLOW_THREADS(self->tstate);
538
539 if (PyErr_Occurred())
540 {
541 flush_error_queue();
542 return NULL;
543 }
544
545 if (!ret)
546 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]547 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]548 return NULL;
549 }
550 else
551 {
552 Py_INCREF(Py_None);
553 return Py_None;
554 }
555}
556
557static char ssl_Context_use_privatekey_doc[] = "\n\
558Load a private key from a PKey object\n\
559\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]560@param pkey: The PKey object\n\
561@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]562";
563static PyObject *
Jean-Paul Calderonef606a842009-10-24 14:08:29 -0400[diff] [blame]564ssl_Context_use_privatekey(ssl_ContextObj *self, PyObject *args) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]565 static PyTypeObject *crypto_PKey_type = NULL;
566 crypto_PKeyObj *pkey;
567
Jean-Paul Calderonef606a842009-10-24 14:08:29 -0400[diff] [blame]568 if (!crypto_PKey_type) {
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]569 crypto_PKey_type = import_crypto_type("PKey", sizeof(crypto_PKeyObj));
Jean-Paul Calderonef606a842009-10-24 14:08:29 -0400[diff] [blame]570 if (!crypto_PKey_type) {
Ziga Seilnacht6079e372009-08-31 20:52:30 +0200[diff] [blame]571 return NULL;
Jean-Paul Calderonef606a842009-10-24 14:08:29 -0400[diff] [blame]572 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]573 }
Jean-Paul Calderonef606a842009-10-24 14:08:29 -0400[diff] [blame]574 if (!PyArg_ParseTuple(args, "O!:use_privatekey", crypto_PKey_type, &pkey)) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]575 return NULL;
Jean-Paul Calderonef606a842009-10-24 14:08:29 -0400[diff] [blame]576 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]577
Jean-Paul Calderonef606a842009-10-24 14:08:29 -0400[diff] [blame]578 if (!SSL_CTX_use_PrivateKey(self->ctx, pkey->pkey)) {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]579 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]580 return NULL;
Jean-Paul Calderonef606a842009-10-24 14:08:29 -0400[diff] [blame]581 } else {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]582 Py_INCREF(Py_None);
583 return Py_None;
584 }
585}
586
587static char ssl_Context_check_privatekey_doc[] = "\n\
588Check that the private key and certificate match up\n\
589\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]590@return: None (raises an exception if something's wrong)\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]591";
592static PyObject *
593ssl_Context_check_privatekey(ssl_ContextObj *self, PyObject *args)
594{
595 if (!PyArg_ParseTuple(args, ":check_privatekey"))
596 return NULL;
597
598 if (!SSL_CTX_check_private_key(self->ctx))
599 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]600 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]601 return NULL;
602 }
603 else
604 {
605 Py_INCREF(Py_None);
606 return Py_None;
607 }
608}
609
610static char ssl_Context_load_client_ca_doc[] = "\n\
Jean-Paul Calderone0294e3d2010-09-09 18:17:48 -0400[diff] [blame^]611Load the trusted certificates that will be sent to the client (basically\n \
612telling the client \"These are the guys I trust\"). Does not actually\n\
613imply any of the certificates are trusted; that must be configured\n\
614separately.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]615\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]616@param cafile: The name of the certificates file\n\
617@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]618";
619static PyObject *
620ssl_Context_load_client_ca(ssl_ContextObj *self, PyObject *args)
621{
622 char *cafile;
623
624 if (!PyArg_ParseTuple(args, "s:load_client_ca", &cafile))
625 return NULL;
626
627 SSL_CTX_set_client_CA_list(self->ctx, SSL_load_client_CA_file(cafile));
628
629 Py_INCREF(Py_None);
630 return Py_None;
631}
632
633static char ssl_Context_set_session_id_doc[] = "\n\
634Set the session identifier, this is needed if you want to do session\n\
635resumption (which, ironically, isn't implemented yet)\n\
636\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]637@param buf: A Python object that can be safely converted to a string\n\
638@returns: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]639";
640static PyObject *
641ssl_Context_set_session_id(ssl_ContextObj *self, PyObject *args)
642{
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]643 unsigned char *buf;
644 unsigned int len;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]645
646 if (!PyArg_ParseTuple(args, "s#:set_session_id", &buf, &len))
647 return NULL;
648
649 if (!SSL_CTX_set_session_id_context(self->ctx, buf, len))
650 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]651 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]652 return NULL;
653 }
654 else
655 {
656 Py_INCREF(Py_None);
657 return Py_None;
658 }
659}
660
661static char ssl_Context_set_verify_doc[] = "\n\
662Set the verify mode and verify callback\n\
663\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]664@param mode: The verify mode, this is either VERIFY_NONE or\n\
665 VERIFY_PEER combined with possible other flags\n\
666@param callback: The Python callback to use\n\
667@return: None\n\
Jean-Paul Calderone24aedf42008-03-06 22:01:16 -0500[diff] [blame]668\n\
669See SSL_CTX_set_verify(3SSL) for further details.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]670";
671static PyObject *
672ssl_Context_set_verify(ssl_ContextObj *self, PyObject *args)
673{
674 int mode;
675 PyObject *callback = NULL;
676
677 if (!PyArg_ParseTuple(args, "iO:set_verify", &mode, &callback))
678 return NULL;
679
680 if (!PyCallable_Check(callback))
681 {
682 PyErr_SetString(PyExc_TypeError, "expected PyCallable");
683 return NULL;
684 }
685
686 Py_DECREF(self->verify_callback);
687 Py_INCREF(callback);
688 self->verify_callback = callback;
689 SSL_CTX_set_verify(self->ctx, mode, global_verify_callback);
690
691 Py_INCREF(Py_None);
692 return Py_None;
693}
694
695static char ssl_Context_set_verify_depth_doc[] = "\n\
696Set the verify depth\n\
697\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]698@param depth: An integer specifying the verify depth\n\
699@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]700";
701static PyObject *
702ssl_Context_set_verify_depth(ssl_ContextObj *self, PyObject *args)
703{
704 int depth;
705
706 if (!PyArg_ParseTuple(args, "i:set_verify_depth", &depth))
707 return NULL;
708
709 SSL_CTX_set_verify_depth(self->ctx, depth);
710 Py_INCREF(Py_None);
711 return Py_None;
712}
713
714static char ssl_Context_get_verify_mode_doc[] = "\n\
715Get the verify mode\n\
716\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]717@return: The verify mode\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]718";
719static PyObject *
720ssl_Context_get_verify_mode(ssl_ContextObj *self, PyObject *args)
721{
722 int mode;
723
724 if (!PyArg_ParseTuple(args, ":get_verify_mode"))
725 return NULL;
726
727 mode = SSL_CTX_get_verify_mode(self->ctx);
728 return PyInt_FromLong((long)mode);
729}
730
731static char ssl_Context_get_verify_depth_doc[] = "\n\
732Get the verify depth\n\
733\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]734@return: The verify depth\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]735";
736static PyObject *
737ssl_Context_get_verify_depth(ssl_ContextObj *self, PyObject *args)
738{
739 int depth;
740
741 if (!PyArg_ParseTuple(args, ":get_verify_depth"))
742 return NULL;
743
744 depth = SSL_CTX_get_verify_depth(self->ctx);
745 return PyInt_FromLong((long)depth);
746}
747
748static char ssl_Context_load_tmp_dh_doc[] = "\n\
749Load parameters for Ephemeral Diffie-Hellman\n\
750\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]751@param dhfile: The file to load EDH parameters from\n\
752@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]753";
754static PyObject *
755ssl_Context_load_tmp_dh(ssl_ContextObj *self, PyObject *args)
756{
757 char *dhfile;
758 BIO *bio;
759 DH *dh;
760
761 if (!PyArg_ParseTuple(args, "s:load_tmp_dh", &dhfile))
762 return NULL;
763
764 bio = BIO_new_file(dhfile, "r");
765 if (bio == NULL)
766 return PyErr_NoMemory();
767
768 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
769 SSL_CTX_set_tmp_dh(self->ctx, dh);
770 DH_free(dh);
771 BIO_free(bio);
772
773 Py_INCREF(Py_None);
774 return Py_None;
775}
776
777static char ssl_Context_set_cipher_list_doc[] = "\n\
778Change the cipher list\n\
779\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]780@param cipher_list: A cipher list, see ciphers(1)\n\
781@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]782";
783static PyObject *
784ssl_Context_set_cipher_list(ssl_ContextObj *self, PyObject *args)
785{
786 char *cipher_list;
787
788 if (!PyArg_ParseTuple(args, "s:set_cipher_list", &cipher_list))
789 return NULL;
790
791 if (!SSL_CTX_set_cipher_list(self->ctx, cipher_list))
792 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]793 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]794 return NULL;
795 }
796 else
797 {
798 Py_INCREF(Py_None);
799 return Py_None;
800 }
801}
802
Ziga Seilnachtf93bf102009-10-23 09:51:07 +0200[diff] [blame]803static char ssl_Context_set_client_ca_list_doc[] = "\n\
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200[diff] [blame]804Set the list of preferred client certificate signers for this server context.\n\
805\n\
806This list of certificate authorities will be sent to the client when the\n\
807server requests a client certificate.\n\
808\n\
809@param certificate_authorities: a sequence of X509Names.\n\
810@return: None\n\
811";
812
813static PyObject *
Ziga Seilnachtf93bf102009-10-23 09:51:07 +0200[diff] [blame]814ssl_Context_set_client_ca_list(ssl_ContextObj *self, PyObject *args)
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200[diff] [blame]815{
816 static PyTypeObject *X509NameType;
817 PyObject *sequence, *tuple, *item;
818 crypto_X509NameObj *name;
819 X509_NAME *sslname;
820 STACK_OF(X509_NAME) *CANames;
821 Py_ssize_t length;
822 int i;
823
824 if (X509NameType == NULL) {
825 X509NameType = import_crypto_type("X509Name", sizeof(crypto_X509NameObj));
826 if (X509NameType == NULL) {
827 return NULL;
828 }
829 }
Ziga Seilnachtf93bf102009-10-23 09:51:07 +0200[diff] [blame]830 if (!PyArg_ParseTuple(args, "O:set_client_ca_list", &sequence)) {
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200[diff] [blame]831 return NULL;
832 }
833 tuple = PySequence_Tuple(sequence);
834 if (tuple == NULL) {
835 return NULL;
836 }
837 length = PyTuple_Size(tuple);
838 if (length >= INT_MAX) {
839 PyErr_SetString(PyExc_ValueError, "client CA list is too long");
840 Py_DECREF(tuple);
841 return NULL;
842 }
843 CANames = sk_X509_NAME_new_null();
844 if (CANames == NULL) {
845 Py_DECREF(tuple);
846 exception_from_error_queue(ssl_Error);
847 return NULL;
848 }
849 for (i = 0; i < length; i++) {
850 item = PyTuple_GetItem(tuple, i);
851 if (item->ob_type != X509NameType) {
852 PyErr_Format(PyExc_TypeError,
853 "client CAs must be X509Name objects, not %s objects",
854 item->ob_type->tp_name);
855 sk_X509_NAME_free(CANames);
856 Py_DECREF(tuple);
857 return NULL;
858 }
859 name = (crypto_X509NameObj *)item;
860 sslname = X509_NAME_dup(name->x509_name);
861 if (sslname == NULL) {
862 sk_X509_NAME_free(CANames);
863 Py_DECREF(tuple);
864 exception_from_error_queue(ssl_Error);
865 return NULL;
866 }
867 if (!sk_X509_NAME_push(CANames, sslname)) {
868 X509_NAME_free(sslname);
869 sk_X509_NAME_free(CANames);
870 Py_DECREF(tuple);
871 exception_from_error_queue(ssl_Error);
872 return NULL;
873 }
874 }
875 Py_DECREF(tuple);
876 SSL_CTX_set_client_CA_list(self->ctx, CANames);
877 Py_INCREF(Py_None);
878 return Py_None;
879}
880
Ziga Seilnachtf93bf102009-10-23 09:51:07 +0200[diff] [blame]881static char ssl_Context_add_client_ca_doc[] = "\n\
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200[diff] [blame]882Add the CA certificate to the list of preferred signers for this context.\n\
883\n\
884The list of certificate authorities will be sent to the client when the\n\
885server requests a client certificate.\n\
886\n\
887@param certificate_authority: certificate authority's X509 certificate.\n\
888@return: None\n\
889";
890
891static PyObject *
Ziga Seilnachtf93bf102009-10-23 09:51:07 +0200[diff] [blame]892ssl_Context_add_client_ca(ssl_ContextObj *self, PyObject *args)
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200[diff] [blame]893{
894 crypto_X509Obj *cert;
895
Ziga Seilnachtf93bf102009-10-23 09:51:07 +0200[diff] [blame]896 cert = parse_certificate_argument("O!:add_client_ca", args);
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200[diff] [blame]897 if (cert == NULL) {
898 return NULL;
899 }
900 if (!SSL_CTX_add_client_CA(self->ctx, cert->x509)) {
901 exception_from_error_queue(ssl_Error);
902 return NULL;
903 }
904 Py_INCREF(Py_None);
905 return Py_None;
906}
907
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]908static char ssl_Context_set_timeout_doc[] = "\n\
909Set session timeout\n\
910\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]911@param timeout: The timeout in seconds\n\
912@return: The previous session timeout\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]913";
914static PyObject *
915ssl_Context_set_timeout(ssl_ContextObj *self, PyObject *args)
916{
917 long t, ret;
918
919 if (!PyArg_ParseTuple(args, "l:set_timeout", &t))
920 return NULL;
921
922 ret = SSL_CTX_set_timeout(self->ctx, t);
923 return PyLong_FromLong(ret);
924}
925
926static char ssl_Context_get_timeout_doc[] = "\n\
927Get the session timeout\n\
928\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]929@return: The session timeout\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]930";
931static PyObject *
932ssl_Context_get_timeout(ssl_ContextObj *self, PyObject *args)
933{
934 long ret;
935
936 if (!PyArg_ParseTuple(args, ":get_timeout"))
937 return NULL;
938
939 ret = SSL_CTX_get_timeout(self->ctx);
940 return PyLong_FromLong(ret);
941}
942
943static char ssl_Context_set_info_callback_doc[] = "\n\
944Set the info callback\n\
945\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]946@param callback: The Python callback to use\n\
947@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]948";
949static PyObject *
950ssl_Context_set_info_callback(ssl_ContextObj *self, PyObject *args)
951{
952 PyObject *callback;
953
954 if (!PyArg_ParseTuple(args, "O:set_info_callback", &callback))
955 return NULL;
956
957 if (!PyCallable_Check(callback))
958 {
959 PyErr_SetString(PyExc_TypeError, "expected PyCallable");
960 return NULL;
961 }
962
963 Py_DECREF(self->info_callback);
964 Py_INCREF(callback);
965 self->info_callback = callback;
966 SSL_CTX_set_info_callback(self->ctx, global_info_callback);
967
968 Py_INCREF(Py_None);
969 return Py_None;
970}
971
972static char ssl_Context_get_app_data_doc[] = "\n\
973Get the application data (supplied via set_app_data())\n\
974\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]975@return: The application data\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]976";
977static PyObject *
978ssl_Context_get_app_data(ssl_ContextObj *self, PyObject *args)
979{
980 if (!PyArg_ParseTuple(args, ":get_app_data"))
981 return NULL;
982
983 Py_INCREF(self->app_data);
984 return self->app_data;
985}
986
987static char ssl_Context_set_app_data_doc[] = "\n\
988Set the application data (will be returned from get_app_data())\n\
989\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]990@param data: Any Python object\n\
991@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]992";
993static PyObject *
994ssl_Context_set_app_data(ssl_ContextObj *self, PyObject *args)
995{
996 PyObject *data;
997
998 if (!PyArg_ParseTuple(args, "O:set_app_data", &data))
999 return NULL;
1000
1001 Py_DECREF(self->app_data);
1002 Py_INCREF(data);
1003 self->app_data = data;
1004
1005 Py_INCREF(Py_None);
1006 return Py_None;
1007}
1008
1009static char ssl_Context_get_cert_store_doc[] = "\n\
1010Get the certificate store for the context\n\
1011\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]1012@return: A X509Store object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1013";
1014static PyObject *
1015ssl_Context_get_cert_store(ssl_ContextObj *self, PyObject *args)
1016{
1017 X509_STORE *store;
1018
1019 if (!PyArg_ParseTuple(args, ":get_cert_store"))
1020 return NULL;
1021
1022 if ((store = SSL_CTX_get_cert_store(self->ctx)) == NULL)
1023 {
1024 Py_INCREF(Py_None);
1025 return Py_None;
1026 }
1027 else
1028 {
1029 return (PyObject *)crypto_X509Store_New(store, 0);
1030 }
1031}
1032
1033static char ssl_Context_set_options_doc[] = "\n\
1034Add options. Options set before are not cleared!\n\
1035\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]1036@param options: The options to add.\n\
1037@return: The new option bitmask.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1038";
1039static PyObject *
1040ssl_Context_set_options(ssl_ContextObj *self, PyObject *args)
1041{
1042 long options;
1043
1044 if (!PyArg_ParseTuple(args, "l:set_options", &options))
1045 return NULL;
1046
1047 return PyInt_FromLong(SSL_CTX_set_options(self->ctx, options));
1048}
1049
1050
1051/*
1052 * Member methods in the Context object
1053 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
1054 * { 'name', (PyCFunction)ssl_Context_name, METH_VARARGS }
1055 * for convenience
1056 * ADD_ALIAS(name,real) creates an "alias" of the ssl_Context_real
1057 * function with the name 'name'
1058 */
1059#define ADD_METHOD(name) { #name, (PyCFunction)ssl_Context_##name, METH_VARARGS, ssl_Context_##name##_doc }
1060static PyMethodDef ssl_Context_methods[] = {
1061 ADD_METHOD(load_verify_locations),
1062 ADD_METHOD(set_passwd_cb),
Jean-Paul Calderone1cb5d022008-09-07 20:58:50 -0400[diff] [blame]1063 ADD_METHOD(set_default_verify_paths),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1064 ADD_METHOD(use_certificate_chain_file),
1065 ADD_METHOD(use_certificate_file),
1066 ADD_METHOD(use_certificate),
Jean-Paul Calderoned3ada852008-02-18 21:17:29 -0500[diff] [blame]1067 ADD_METHOD(add_extra_chain_cert),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1068 ADD_METHOD(use_privatekey_file),
1069 ADD_METHOD(use_privatekey),
1070 ADD_METHOD(check_privatekey),
1071 ADD_METHOD(load_client_ca),
1072 ADD_METHOD(set_session_id),
1073 ADD_METHOD(set_verify),
1074 ADD_METHOD(set_verify_depth),
1075 ADD_METHOD(get_verify_mode),
1076 ADD_METHOD(get_verify_depth),
1077 ADD_METHOD(load_tmp_dh),
1078 ADD_METHOD(set_cipher_list),
Ziga Seilnachtf93bf102009-10-23 09:51:07 +0200[diff] [blame]1079 ADD_METHOD(set_client_ca_list),
1080 ADD_METHOD(add_client_ca),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1081 ADD_METHOD(set_timeout),
1082 ADD_METHOD(get_timeout),
1083 ADD_METHOD(set_info_callback),
1084 ADD_METHOD(get_app_data),
1085 ADD_METHOD(set_app_data),
1086 ADD_METHOD(get_cert_store),
1087 ADD_METHOD(set_options),
1088 { NULL, NULL }
1089};
1090#undef ADD_METHOD
1091
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1092/*
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1093 * Despite the name which might suggest otherwise, this is not the tp_init for
1094 * the Context type. It's just the common initialization code shared by the
1095 * two _{Nn}ew functions below.
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1096 */
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1097static ssl_ContextObj*
1098ssl_Context_init(ssl_ContextObj *self, int i_method) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1099 SSL_METHOD *method;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1100
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1101 switch (i_method) {
1102 case ssl_SSLv2_METHOD:
1103 method = SSLv2_method();
1104 break;
1105 case ssl_SSLv23_METHOD:
1106 method = SSLv23_method();
1107 break;
1108 case ssl_SSLv3_METHOD:
1109 method = SSLv3_method();
1110 break;
1111 case ssl_TLSv1_METHOD:
1112 method = TLSv1_method();
1113 break;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1114 default:
1115 PyErr_SetString(PyExc_ValueError, "No such protocol");
1116 return NULL;
1117 }
1118
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1119 self->ctx = SSL_CTX_new(method);
1120 Py_INCREF(Py_None);
1121 self->passphrase_callback = Py_None;
1122 Py_INCREF(Py_None);
1123 self->verify_callback = Py_None;
1124 Py_INCREF(Py_None);
1125 self->info_callback = Py_None;
1126
1127 Py_INCREF(Py_None);
1128 self->passphrase_userdata = Py_None;
1129
1130 Py_INCREF(Py_None);
1131 self->app_data = Py_None;
1132
1133 /* Some initialization that's required to operate smoothly in Python */
1134 SSL_CTX_set_app_data(self->ctx, self);
1135 SSL_CTX_set_mode(self->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE |
1136 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
1137 SSL_MODE_AUTO_RETRY);
1138
1139 self->tstate = NULL;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1140
1141 return self;
1142}
1143
1144/*
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1145 * This one is exposed in the CObject API. I want to deprecate it.
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1146 */
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1147ssl_ContextObj*
1148ssl_Context_New(int i_method) {
1149 ssl_ContextObj *self;
1150
1151 self = PyObject_GC_New(ssl_ContextObj, &ssl_Context_Type);
1152 if (self == NULL) {
1153 return (ssl_ContextObj *)PyErr_NoMemory();
1154 }
1155 self = ssl_Context_init(self, i_method);
1156 PyObject_GC_Track((PyObject *)self);
1157 return self;
1158}
1159
1160
1161/*
1162 * This one is the tp_new of the Context type. It's great.
1163 */
1164static PyObject*
1165ssl_Context_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
1166 int i_method;
1167 ssl_ContextObj *self;
1168 static char *kwlist[] = {"method", NULL};
1169
1170 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "i:Context", kwlist, &i_method)) {
1171 return NULL;
1172 }
1173
1174 self = (ssl_ContextObj *)subtype->tp_alloc(subtype, 1);
1175 if (self == NULL) {
1176 return NULL;
1177 }
1178
1179 return (PyObject *)ssl_Context_init(self, i_method);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1180}
1181
1182/*
1183 * Call the visitproc on all contained objects.
1184 *
1185 * Arguments: self - The Context object
1186 * visit - Function to call
1187 * arg - Extra argument to visit
1188 * Returns: 0 if all goes well, otherwise the return code from the first
1189 * call that gave non-zero result.
1190 */
1191static int
1192ssl_Context_traverse(ssl_ContextObj *self, visitproc visit, void *arg)
1193{
1194 int ret = 0;
1195
1196 if (ret == 0 && self->passphrase_callback != NULL)
1197 ret = visit((PyObject *)self->passphrase_callback, arg);
1198 if (ret == 0 && self->passphrase_userdata != NULL)
1199 ret = visit((PyObject *)self->passphrase_userdata, arg);
1200 if (ret == 0 && self->verify_callback != NULL)
1201 ret = visit((PyObject *)self->verify_callback, arg);
1202 if (ret == 0 && self->info_callback != NULL)
1203 ret = visit((PyObject *)self->info_callback, arg);
1204 if (ret == 0 && self->app_data != NULL)
1205 ret = visit(self->app_data, arg);
1206 return ret;
1207}
1208
1209/*
1210 * Decref all contained objects and zero the pointers.
1211 *
1212 * Arguments: self - The Context object
1213 * Returns: Always 0.
1214 */
1215static int
1216ssl_Context_clear(ssl_ContextObj *self)
1217{
1218 Py_XDECREF(self->passphrase_callback);
1219 self->passphrase_callback = NULL;
1220 Py_XDECREF(self->passphrase_userdata);
1221 self->passphrase_userdata = NULL;
1222 Py_XDECREF(self->verify_callback);
1223 self->verify_callback = NULL;
1224 Py_XDECREF(self->info_callback);
1225 self->info_callback = NULL;
1226 Py_XDECREF(self->app_data);
1227 self->app_data = NULL;
1228 return 0;
1229}
1230
1231/*
1232 * Deallocate the memory used by the Context object
1233 *
1234 * Arguments: self - The Context object
1235 * Returns: None
1236 */
1237static void
1238ssl_Context_dealloc(ssl_ContextObj *self)
1239{
1240 PyObject_GC_UnTrack((PyObject *)self);
1241 SSL_CTX_free(self->ctx);
1242 ssl_Context_clear(self);
1243 PyObject_GC_Del(self);
1244}
1245
1246
1247PyTypeObject ssl_Context_Type = {
1248 PyObject_HEAD_INIT(NULL)
1249 0,
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1250 "OpenSSL.SSL.Context",
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1251 sizeof(ssl_ContextObj),
1252 0,
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1253 (destructor)ssl_Context_dealloc, /* tp_dealloc */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1254 NULL, /* print */
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1255 NULL, /* tp_getattr */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1256 NULL, /* setattr */
1257 NULL, /* compare */
1258 NULL, /* repr */
1259 NULL, /* as_number */
1260 NULL, /* as_sequence */
1261 NULL, /* as_mapping */
1262 NULL, /* hash */
1263 NULL, /* call */
1264 NULL, /* str */
1265 NULL, /* getattro */
1266 NULL, /* setattro */
1267 NULL, /* as_buffer */
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1268 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE, /* tp_flags */
1269 ssl_Context_doc, /* tp_doc */
1270 (traverseproc)ssl_Context_traverse, /* tp_traverse */
1271 (inquiry)ssl_Context_clear, /* tp_clear */
1272 NULL, /* tp_richcompare */
1273 0, /* tp_weaklistoffset */
1274 NULL, /* tp_iter */
1275 NULL, /* tp_iternext */
1276 ssl_Context_methods, /* tp_methods */
1277 NULL, /* tp_members */
1278 NULL, /* tp_getset */
1279 NULL, /* tp_base */
1280 NULL, /* tp_dict */
1281 NULL, /* tp_descr_get */
1282 NULL, /* tp_descr_set */
1283 0, /* tp_dictoffset */
1284 NULL, /* tp_init */
1285 NULL, /* tp_alloc */
1286 ssl_Context_new, /* tp_new */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1287};
1288
1289
1290/*
1291 * Initialize the Context part of the SSL sub module
1292 *
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1293 * Arguments: dict - The OpenSSL.SSL module
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1294 * Returns: 1 for success, 0 otherwise
1295 */
1296int
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1297init_ssl_context(PyObject *module) {
1298
1299 if (PyType_Ready(&ssl_Context_Type) < 0) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1300 return 0;
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]1301 }
1302
1303 if (PyModule_AddObject(module, "Context", (PyObject *)&ssl_Context_Type) < 0) {
1304 return 0;
1305 }
1306
1307 if (PyModule_AddObject(module, "ContextType", (PyObject *)&ssl_Context_Type) < 0) {
1308 return 0;
1309 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1310
1311 return 1;
1312}
1313