blob: 2b8402dc82a32f5fa87f1222c530e8e4a589dc1f [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001/*
2 * ssl.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -04005 * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05006 *
7 * Main file of the SSL sub module.
8 * See the file RATIONALE for a short explanation of why this module was written.
9 *
10 * Reviewed 2001-07-23
11 */
12#include <Python.h>
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -050013
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -050014#ifndef MS_WINDOWS
15# include <sys/socket.h>
16# include <netinet/in.h>
17# if !(defined(__BEOS__) || defined(__CYGWIN__))
18# include <netinet/tcp.h>
19# endif
20#else
21# include <winsock.h>
22# include <wincrypt.h>
23#endif
24
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050025#define SSL_MODULE
26#include "ssl.h"
27
28static char ssl_doc[] = "\n\
29Main file of the SSL sub module.\n\
Jean-Paul Calderone5aa15c72008-03-04 22:20:17 -050030See the file RATIONALE for a short explanation of why this module was written.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050031";
32
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050033void **crypto_API;
34
Jean-Paul Calderone00db9da2008-09-21 17:42:34 -040035int _pyOpenSSL_tstate_key;
36
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050037/* Exceptions defined by the SSL submodule */
38PyObject *ssl_Error, /* Base class */
39 *ssl_ZeroReturnError, /* Used with SSL_get_error */
40 *ssl_WantReadError, /* ... */
41 *ssl_WantWriteError, /* ... */
42 *ssl_WantX509LookupError, /* ... */
43 *ssl_SysCallError; /* Uses (errno,errstr) */
44
45static char ssl_Context_doc[] = "\n\
46The factory function inserted in the module dictionary to create Context\n\
47objects\n\
48\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -040049@param method: The SSL method to use\n\
50@return: The Context object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050051";
52
53static PyObject *
54ssl_Context(PyObject *spam, PyObject *args)
55{
56 int method;
57
58 if (!PyArg_ParseTuple(args, "i:Context", &method))
59 return NULL;
60
61 return (PyObject *)ssl_Context_New(method);
62}
63
64static char ssl_Connection_doc[] = "\n\
65The factory function inserted in the module dictionary to create Connection\n\
66objects\n\
67\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -040068@param ctx: An SSL Context to use for this connection\n\
69@param sock: The socket to use for transport layer\n\
70@return: The Connection object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050071";
72
73static PyObject *
74ssl_Connection(PyObject *spam, PyObject *args)
75{
76 ssl_ContextObj *ctx;
77 PyObject *sock;
78
79 if (!PyArg_ParseTuple(args, "O!O:Connection", &ssl_Context_Type, &ctx, &sock))
80 return NULL;
81
82 return (PyObject *)ssl_Connection_New(ctx, sock);
83}
84
85
86/* Methods in the OpenSSL.SSL module */
87static PyMethodDef ssl_methods[] = {
88 { "Context", ssl_Context, METH_VARARGS, ssl_Context_doc },
89 { "Connection", ssl_Connection, METH_VARARGS, ssl_Connection_doc },
90 { NULL, NULL }
91};
92
93/*
94 * Initialize SSL sub module
95 *
96 * Arguments: None
97 * Returns: None
98 */
99void
100initSSL(void)
101{
102 static void *ssl_API[ssl_API_pointers];
103 PyObject *ssl_api_object;
104 PyObject *module, *dict;
105
106 SSL_library_init();
107 ERR_load_SSL_strings();
108
109 import_crypto();
110
111 if ((module = Py_InitModule3("SSL", ssl_methods, ssl_doc)) == NULL)
112 return;
113
114 /* Initialize the C API pointer array */
115 ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New;
116 ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New;
117 ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL);
118 if (ssl_api_object != NULL)
119 PyModule_AddObject(module, "_C_API", ssl_api_object);
120
121 /* Exceptions */
122/*
123 * ADD_EXCEPTION(dict,name,base) expands to a correct Exception declaration,
124 * inserting OpenSSL.SSL.name into dict, derviving the exception from base.
125 */
126#define ADD_EXCEPTION(_name, _base) \
127do { \
128 ssl_##_name = PyErr_NewException("OpenSSL.SSL."#_name, _base, NULL);\
129 if (ssl_##_name == NULL) \
130 goto error; \
131 if (PyModule_AddObject(module, #_name, ssl_##_name) != 0) \
132 goto error; \
133} while (0)
134
135 ssl_Error = PyErr_NewException("OpenSSL.SSL.Error", NULL, NULL);
136 if (ssl_Error == NULL)
137 goto error;
138 if (PyModule_AddObject(module, "Error", ssl_Error) != 0)
139 goto error;
140
141 ADD_EXCEPTION(ZeroReturnError, ssl_Error);
142 ADD_EXCEPTION(WantReadError, ssl_Error);
143 ADD_EXCEPTION(WantWriteError, ssl_Error);
144 ADD_EXCEPTION(WantX509LookupError, ssl_Error);
145 ADD_EXCEPTION(SysCallError, ssl_Error);
146#undef ADD_EXCEPTION
147
148 /* Method constants */
149 PyModule_AddIntConstant(module, "SSLv2_METHOD", ssl_SSLv2_METHOD);
150 PyModule_AddIntConstant(module, "SSLv3_METHOD", ssl_SSLv3_METHOD);
151 PyModule_AddIntConstant(module, "SSLv23_METHOD", ssl_SSLv23_METHOD);
152 PyModule_AddIntConstant(module, "TLSv1_METHOD", ssl_TLSv1_METHOD);
153
154 /* Verify constants */
155 PyModule_AddIntConstant(module, "VERIFY_NONE", SSL_VERIFY_NONE);
156 PyModule_AddIntConstant(module, "VERIFY_PEER", SSL_VERIFY_PEER);
157 PyModule_AddIntConstant(module, "VERIFY_FAIL_IF_NO_PEER_CERT",
158 SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
159 PyModule_AddIntConstant(module, "VERIFY_CLIENT_ONCE",
160 SSL_VERIFY_CLIENT_ONCE);
161
162 /* File type constants */
163 PyModule_AddIntConstant(module, "FILETYPE_PEM", SSL_FILETYPE_PEM);
164 PyModule_AddIntConstant(module, "FILETYPE_ASN1", SSL_FILETYPE_ASN1);
165
166 /* SSL option constants */
167 PyModule_AddIntConstant(module, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE);
168 PyModule_AddIntConstant(module, "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA);
169 PyModule_AddIntConstant(module, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
170 PyModule_AddIntConstant(module, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
171 PyModule_AddIntConstant(module, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
172
173 /* More SSL option constants */
174 PyModule_AddIntConstant(module, "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG);
175 PyModule_AddIntConstant(module, "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG);
176 PyModule_AddIntConstant(module, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
177 PyModule_AddIntConstant(module, "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
178 PyModule_AddIntConstant(module, "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
179 PyModule_AddIntConstant(module, "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING);
180 PyModule_AddIntConstant(module, "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
181 PyModule_AddIntConstant(module, "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG);
182 PyModule_AddIntConstant(module, "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG);
183 PyModule_AddIntConstant(module, "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
184 PyModule_AddIntConstant(module, "OP_ALL", SSL_OP_ALL);
185 PyModule_AddIntConstant(module, "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE);
186 PyModule_AddIntConstant(module, "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG);
187 PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1);
188 PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2);
189 PyModule_AddIntConstant(module, "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG);
190 PyModule_AddIntConstant(module, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
191
Jean-Paul Calderoneb43c3912008-12-28 22:30:56 -0500192 /* DTLS related options. The first two of these were introduced in
193 * 2005, the third in 2007. To accomodate systems which are still using
194 * older versions, make them optional. */
195#ifdef SSL_OP_NO_QUERY_MTU
Jean-Paul Calderone327d8f92008-12-28 21:55:56 -0500196 PyModule_AddIntConstant(module, "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU);
Jean-Paul Calderoneb43c3912008-12-28 22:30:56 -0500197#endif
198#ifdef SSL_OP_COOKIE_EXCHANGE
Jean-Paul Calderone327d8f92008-12-28 21:55:56 -0500199 PyModule_AddIntConstant(module, "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE);
Jean-Paul Calderoneb43c3912008-12-28 22:30:56 -0500200#endif
Jean-Paul Calderone327d8f92008-12-28 21:55:56 -0500201#ifdef SSL_OP_NO_TICKET
202 PyModule_AddIntConstant(module, "OP_NO_TICKET", SSL_OP_NO_TICKET);
203#endif
204
205 /* For SSL_set_shutdown */
Jean-Paul Calderone72b8f0f2008-02-21 23:57:40 -0500206 PyModule_AddIntConstant(module, "SENT_SHUTDOWN", SSL_SENT_SHUTDOWN);
207 PyModule_AddIntConstant(module, "RECEIVED_SHUTDOWN", SSL_RECEIVED_SHUTDOWN);
208
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500209 dict = PyModule_GetDict(module);
210 if (!init_ssl_context(dict))
211 goto error;
212 if (!init_ssl_connection(dict))
213 goto error;
214
Jean-Paul Calderone00db9da2008-09-21 17:42:34 -0400215#ifdef WITH_THREAD
216 /*
217 * Initialize this module's threading support structures.
218 */
219 _pyOpenSSL_tstate_key = PyThread_create_key();
220#endif
221
222 error:
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500223 ;
224}