blob: 68dbe7e68d46539e6c9bea8d91a4a9a28a7fc124 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001/*
2 * connection.c
3 *
Jean-Paul Calderone8671c852011-03-02 19:26:20 -05004 * Copyright (C) AB Strakt
5 * Copyright (C) Jean-Paul Calderone
6 * See LICENSE for details.
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05007 *
8 * SSL Connection objects and methods.
9 * See the file RATIONALE for a short explanation of why this module was written.
10 *
11 * Reviewed 2001-07-23
12 */
13#include <Python.h>
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -050014
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050015#ifndef MS_WINDOWS
16# include <sys/socket.h>
17# include <netinet/in.h>
18# if !(defined(__BEOS__) || defined(__CYGWIN__))
19# include <netinet/tcp.h>
20# endif
21#else
22# include <winsock.h>
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -050023# include <wincrypt.h>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050024#endif
25
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -050026#define SSL_MODULE
Jean-Paul Calderone3ad85d42009-04-30 20:24:35 -040027#include <openssl/bio.h>
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -050028#include <openssl/err.h>
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -050029#include "ssl.h"
30
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050031/**
32 * If we are on UNIX, fine, just use PyErr_SetFromErrno. If we are on Windows,
33 * apply some black winsock voodoo. This is basically just copied from Python's
34 * socketmodule.c
35 *
36 * Arguments: None
37 * Returns: None
38 */
39static void
40syscall_from_errno(void)
41{
42#ifdef MS_WINDOWS
43 int errnum = WSAGetLastError();
44 if (errnum)
45 {
46 static struct { int num; const char *msg; } *msgp, msgs[] = {
47 { WSAEINTR, "Interrupted system call" },
48 { WSAEBADF, "Bad file descriptor" },
49 { WSAEACCES, "Permission denied" },
50 { WSAEFAULT, "Bad address" },
51 { WSAEINVAL, "Invalid argument" },
52 { WSAEMFILE, "Too many open files" },
53 { WSAEWOULDBLOCK, "The socket operation could not complete "
54 "without blocking" },
55 { WSAEINPROGRESS, "Operation now in progress" },
56 { WSAEALREADY, "Operation already in progress" },
57 { WSAENOTSOCK, "Socket operation on non-socket" },
58 { WSAEDESTADDRREQ, "Destination address required" },
59 { WSAEMSGSIZE, "Message too long" },
60 { WSAEPROTOTYPE, "Protocol wrong type for socket" },
61 { WSAENOPROTOOPT, "Protocol not available" },
62 { WSAEPROTONOSUPPORT, "Protocol not supported" },
63 { WSAESOCKTNOSUPPORT, "Socket type not supported" },
64 { WSAEOPNOTSUPP, "Operation not supported" },
65 { WSAEPFNOSUPPORT, "Protocol family not supported" },
66 { WSAEAFNOSUPPORT, "Address family not supported" },
67 { WSAEADDRINUSE, "Address already in use" },
68 { WSAEADDRNOTAVAIL, "Can't assign requested address" },
69 { WSAENETDOWN, "Network is down" },
70 { WSAENETUNREACH, "Network is unreachable" },
71 { WSAENETRESET, "Network dropped connection on reset" },
72 { WSAECONNABORTED, "Software caused connection abort" },
73 { WSAECONNRESET, "Connection reset by peer" },
74 { WSAENOBUFS, "No buffer space available" },
75 { WSAEISCONN, "Socket is already connected" },
76 { WSAENOTCONN, "Socket is not connected" },
77 { WSAESHUTDOWN, "Can't send after socket shutdown" },
78 { WSAETOOMANYREFS, "Too many references: can't splice" },
79 { WSAETIMEDOUT, "Operation timed out" },
80 { WSAECONNREFUSED, "Connection refused" },
81 { WSAELOOP, "Too many levels of symbolic links" },
82 { WSAENAMETOOLONG, "File name too long" },
83 { WSAEHOSTDOWN, "Host is down" },
84 { WSAEHOSTUNREACH, "No route to host" },
85 { WSAENOTEMPTY, "Directory not empty" },
86 { WSAEPROCLIM, "Too many processes" },
87 { WSAEUSERS, "Too many users" },
88 { WSAEDQUOT, "Disc quota exceeded" },
89 { WSAESTALE, "Stale NFS file handle" },
90 { WSAEREMOTE, "Too many levels of remote in path" },
91 { WSASYSNOTREADY, "Network subsystem is unvailable" },
92 { WSAVERNOTSUPPORTED, "WinSock version is not supported" },
93 { WSANOTINITIALISED, "Successful WSAStartup() not yet performed" },
94 { WSAEDISCON, "Graceful shutdown in progress" },
95 /* Resolver errors */
96 { WSAHOST_NOT_FOUND, "No such host is known" },
97 { WSATRY_AGAIN, "Host not found, or server failed" },
98 { WSANO_RECOVERY, "Unexpected server error encountered" },
99 { WSANO_DATA, "Valid name without requested data" },
100 { WSANO_ADDRESS, "No address, look for MX record" },
101 { 0, NULL }
102 };
103 PyObject *v;
104 const char *msg = "winsock error";
105
106 for (msgp = msgs; msgp->msg; msgp++)
107 {
108 if (errnum == msgp->num)
109 {
110 msg = msgp->msg;
111 break;
112 }
113 }
114
115 v = Py_BuildValue("(is)", errnum, msg);
116 if (v != NULL)
117 {
118 PyErr_SetObject(ssl_SysCallError, v);
119 Py_DECREF(v);
120 }
121 return;
122 }
123#else
124 PyErr_SetFromErrno(ssl_SysCallError);
125#endif
126}
127
128/*
Jean-Paul Calderoneaff0fc42009-04-27 17:13:34 -0400129 * Handle errors raised by BIO functions.
130 *
131 * Arguments: bio - The BIO object
132 * ret - The return value of the BIO_ function.
133 * Returns: None, the calling function should return NULL;
134 */
135static void
136handle_bio_errors(BIO* bio, int ret)
137{
138 if (BIO_should_retry(bio)) {
139 if (BIO_should_read(bio)) {
140 PyErr_SetNone(ssl_WantReadError);
141 } else if (BIO_should_write(bio)) {
142 PyErr_SetNone(ssl_WantWriteError);
143 } else if (BIO_should_io_special(bio)) {
144 /*
145 * It's somewhat unclear what this means. From the OpenSSL source,
146 * it seems like it should not be triggered by the memory BIO, so
147 * for the time being, this case shouldn't come up. The SSL BIO
148 * (which I think should be named the socket BIO) may trigger this
149 * case if its socket is not yet connected or it is busy doing
150 * something related to x509.
151 */
152 PyErr_SetString(PyExc_ValueError, "BIO_should_io_special");
153 } else {
154 /*
155 * I hope this is dead code. The BIO documentation suggests that
156 * one of the above three checks should always be true.
157 */
158 PyErr_SetString(PyExc_ValueError, "unknown bio failure");
159 }
160 } else {
161 /*
162 * If we aren't to retry, it's really an error, so fall back to the
163 * normal error reporting code. However, the BIO interface does not
164 * specify a uniform error reporting mechanism. We can only hope that
165 * the code which triggered the error also kindly pushed something onto
166 * the error stack.
167 */
Rick Deand369c932009-07-08 11:48:33 -0500168 exception_from_error_queue(ssl_Error);
Jean-Paul Calderoneaff0fc42009-04-27 17:13:34 -0400169 }
170}
171
172/*
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500173 * Handle errors raised by SSL I/O functions. NOTE: Not SSL_shutdown ;)
174 *
175 * Arguments: ssl - The SSL object
176 * err - The return code from SSL_get_error
177 * ret - The return code from the SSL I/O function
178 * Returns: None, the calling function should return NULL
179 */
180static void
181handle_ssl_errors(SSL *ssl, int err, int ret)
182{
183 switch (err)
184 {
185 /*
186 * Strange as it may seem, ZeroReturn is not an error per se. It means
187 * that the SSL Connection has been closed correctly (note, not the
188 * transport layer!), i.e. closure alerts have been exchanged. This is
189 * an exception since
190 * + There's an SSL "error" code for it
191 * + You have to deal with it in any case, close the transport layer
192 * etc
193 */
194 case SSL_ERROR_ZERO_RETURN:
195 PyErr_SetNone(ssl_ZeroReturnError);
196 break;
197
198 /*
199 * The WantXYZ exceptions don't mean that there's an error, just that
200 * nothing could be read/written just now, maybe because the transport
201 * layer would block on the operation, or that there's not enough data
202 * available to fill an entire SSL record.
203 */
204 case SSL_ERROR_WANT_READ:
205 PyErr_SetNone(ssl_WantReadError);
206 break;
207
208 case SSL_ERROR_WANT_WRITE:
209 PyErr_SetNone(ssl_WantWriteError);
210 break;
211
212 case SSL_ERROR_WANT_X509_LOOKUP:
213 PyErr_SetNone(ssl_WantX509LookupError);
214 break;
215
216 case SSL_ERROR_SYSCALL:
217 if (ERR_peek_error() == 0)
218 {
219 if (ret < 0)
220 {
221 syscall_from_errno();
222 }
223 else
224 {
225 PyObject *v;
226
227 v = Py_BuildValue("(is)", -1, "Unexpected EOF");
228 if (v != NULL)
229 {
230 PyErr_SetObject(ssl_SysCallError, v);
231 Py_DECREF(v);
232 }
233 }
234 break;
235 }
236
237 /* NOTE: Fall-through here, we don't want to duplicate code, right? */
238
239 case SSL_ERROR_SSL:
240 ;
241 default:
Rick Deand369c932009-07-08 11:48:33 -0500242 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500243 break;
244 }
245}
246
247/*
248 * Here be member methods of the Connection "class"
249 */
250
251static char ssl_Connection_get_context_doc[] = "\n\
252Get session context\n\
253\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400254@return: A Context object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500255";
256static PyObject *
Jean-Paul Calderone1d69a722010-07-29 09:05:53 -0400257ssl_Connection_get_context(ssl_ConnectionObj *self, PyObject *args) {
258 if (!PyArg_ParseTuple(args, ":get_context")) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500259 return NULL;
Jean-Paul Calderone1d69a722010-07-29 09:05:53 -0400260 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500261
262 Py_INCREF(self->context);
263 return (PyObject *)self->context;
264}
265
Jean-Paul Calderone95613b72011-05-25 22:30:21 -0400266static char ssl_Connection_set_context_doc[] = "\n\
267Switch this connection to a new session context\n\
268\n\
269@param context: A L{Context} instance giving the new session context to use.\n\
270\n\
271";
272static PyObject *
273ssl_Connection_set_context(ssl_ConnectionObj *self, PyObject *args) {
274 ssl_ContextObj *ctx;
275 ssl_ContextObj *old;
276
277 if (!PyArg_ParseTuple(args, "O!:set_context", &ssl_Context_Type, &ctx)) {
278 return NULL;
279 }
280
281 /* This Connection will hold on to this context now. Make sure it stays
282 * alive.
283 */
284 Py_INCREF(ctx);
285
286 /* XXX The unit tests don't actually verify that this call is made.
287 * They're satisfied if self->context gets updated.
288 */
289 SSL_set_SSL_CTX(self->ssl, ctx->ctx);
290
291 /* Swap the old out and the new in.
292 */
293 old = self->context;
294 self->context = ctx;
295
296 /* XXX The unit tests don't verify that this reference is dropped.
297 */
298 Py_DECREF(old);
299
300 Py_INCREF(Py_None);
301 return Py_None;
302}
303
Jean-Paul Calderonec4cb6582011-05-26 18:47:00 -0400304static char ssl_Connection_get_servername_doc[] = "\n\
305Retrieve the servername extension value if provided in the client hello\n\
306message, or None if there wasn't one.\n\
307\n\
308@return: A byte string giving the server name or C{None}.\n\
309\n\
310";
311static PyObject *
312ssl_Connection_get_servername(ssl_ConnectionObj *self, PyObject *args) {
313 int type = TLSEXT_NAMETYPE_host_name;
314 const char *name;
315
316 /* XXX Argument parsing */
317
318 name = SSL_get_servername(self->ssl, type);
319
320 if (name == NULL) {
321 Py_INCREF(Py_None);
322 return Py_None;
323 } else {
324 return PyBytes_FromString(name);
325 }
326}
327
328
329static char ssl_Connection_set_tlsext_host_name_doc[] = "\n\
330Set the value of the servername extension to send in the client hello.\n\
331\n\
332@param name: A byte string giving the name.\n\
333\n\
334";
335static PyObject *
336ssl_Connection_set_tlsext_host_name(ssl_ConnectionObj *self, PyObject *args) {
337 char *buf;
338
339 if (!PyArg_ParseTuple(args, BYTESTRING_FMT ":set_tlsext_host_name", &buf)) {
340 return NULL;
341 }
342
343 /* XXX I guess this can fail sometimes? */
344 SSL_set_tlsext_host_name(self->ssl, buf);
345
346 Py_INCREF(Py_None);
347 return Py_None;
348}
349
350
Jean-Paul Calderone95613b72011-05-25 22:30:21 -0400351
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500352static char ssl_Connection_pending_doc[] = "\n\
353Get the number of bytes that can be safely read from the connection\n\
354\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400355@return: The number of bytes available in the receive buffer.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500356";
357static PyObject *
Jean-Paul Calderone1d69a722010-07-29 09:05:53 -0400358ssl_Connection_pending(ssl_ConnectionObj *self, PyObject *args) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500359 int ret;
360
Jean-Paul Calderone1d69a722010-07-29 09:05:53 -0400361 if (!PyArg_ParseTuple(args, ":pending")) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500362 return NULL;
Jean-Paul Calderone1d69a722010-07-29 09:05:53 -0400363 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500364
365 ret = SSL_pending(self->ssl);
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400366 return PyLong_FromLong((long)ret);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500367}
Jean-Paul Calderone1d69a722010-07-29 09:05:53 -0400368
Rick Deanb71c0d22009-04-01 14:09:23 -0500369static char ssl_Connection_bio_write_doc[] = "\n\
370When using non-socket connections this function sends\n\
371\"dirty\" data that would have traveled in on the network.\n\
372\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400373@param buf: The string to put into the memory BIO.\n\
374@return: The number of bytes written\n\
Rick Deanb71c0d22009-04-01 14:09:23 -0500375";
376static PyObject *
377ssl_Connection_bio_write(ssl_ConnectionObj *self, PyObject *args)
378{
379 char *buf;
Jean-Paul Calderoneaff0fc42009-04-27 17:13:34 -0400380 int len, ret;
Rick Deanb71c0d22009-04-01 14:09:23 -0500381
Jean-Paul Calderone07acf3f2009-05-05 13:23:28 -0400382 if (self->into_ssl == NULL)
Rick Deanb71c0d22009-04-01 14:09:23 -0500383 {
384 PyErr_SetString(PyExc_TypeError, "Connection sock was not None");
385 return NULL;
386 }
387
Jean-Paul Calderonefc4ed0f2009-04-27 11:51:27 -0400388 if (!PyArg_ParseTuple(args, "s#|i:bio_write", &buf, &len))
Rick Deanb71c0d22009-04-01 14:09:23 -0500389 return NULL;
390
391 ret = BIO_write(self->into_ssl, buf, len);
392
393 if (PyErr_Occurred())
394 {
395 flush_error_queue();
396 return NULL;
397 }
398
Jean-Paul Calderoneaff0fc42009-04-27 17:13:34 -0400399 if (ret <= 0) {
400 /*
401 * There was a problem with the BIO_write of some sort.
402 */
Jean-Paul Calderone3ad85d42009-04-30 20:24:35 -0400403 handle_bio_errors(self->into_ssl, ret);
Rick Deanb71c0d22009-04-01 14:09:23 -0500404 return NULL;
405 }
Jean-Paul Calderoneaff0fc42009-04-27 17:13:34 -0400406
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400407 return PyLong_FromLong((long)ret);
Rick Deanb71c0d22009-04-01 14:09:23 -0500408}
409
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500410static char ssl_Connection_send_doc[] = "\n\
411Send data on the connection. NOTE: If you get one of the WantRead,\n\
412WantWrite or WantX509Lookup exceptions on this, you have to call the\n\
413method again with the SAME buffer.\n\
414\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400415@param buf: The string to send\n\
Jean-Paul Calderone40b32a22010-01-27 16:56:44 -0500416@param flags: (optional) Included for compatibility with the socket\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400417 API, the value is ignored\n\
418@return: The number of bytes written\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500419";
420static PyObject *
Jean-Paul Calderonea5d6ea62011-01-05 19:57:08 -0500421ssl_Connection_send(ssl_ConnectionObj *self, PyObject *args) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500422 int len, ret, err, flags;
Jean-Paul Calderonea5d6ea62011-01-05 19:57:08 -0500423 char *buf;
424
Jean-Paul Calderone5163f572011-04-22 18:38:16 -0400425#if PY_VERSION_HEX >= 0x02060000
Jean-Paul Calderonea5d6ea62011-01-05 19:57:08 -0500426 Py_buffer pbuf;
427
428 if (!PyArg_ParseTuple(args, "s*|i:send", &pbuf, &flags))
429 return NULL;
430
431 buf = pbuf.buf;
432 len = pbuf.len;
433#else
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500434
435 if (!PyArg_ParseTuple(args, "s#|i:send", &buf, &len, &flags))
436 return NULL;
Jean-Paul Calderonea5d6ea62011-01-05 19:57:08 -0500437#endif
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500438
439 MY_BEGIN_ALLOW_THREADS(self->tstate)
440 ret = SSL_write(self->ssl, buf, len);
441 MY_END_ALLOW_THREADS(self->tstate)
442
Jean-Paul Calderone5163f572011-04-22 18:38:16 -0400443#if PY_VERSION_HEX >= 0x02060000
Jean-Paul Calderonea5d6ea62011-01-05 19:57:08 -0500444 PyBuffer_Release(&pbuf);
445#endif
446
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500447 if (PyErr_Occurred())
448 {
449 flush_error_queue();
450 return NULL;
451 }
452
453 err = SSL_get_error(self->ssl, ret);
454 if (err == SSL_ERROR_NONE)
455 {
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400456 return PyLong_FromLong((long)ret);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500457 }
458 else
459 {
460 handle_ssl_errors(self->ssl, err, ret);
461 return NULL;
462 }
463}
464
465static char ssl_Connection_sendall_doc[] = "\n\
466Send \"all\" data on the connection. This calls send() repeatedly until\n\
467all data is sent. If an error occurs, it's impossible to tell how much data\n\
468has been sent.\n\
469\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400470@param buf: The string to send\n\
Jean-Paul Calderone40b32a22010-01-27 16:56:44 -0500471@param flags: (optional) Included for compatibility with the socket\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400472 API, the value is ignored\n\
473@return: The number of bytes written\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500474";
475static PyObject *
476ssl_Connection_sendall(ssl_ConnectionObj *self, PyObject *args)
477{
478 char *buf;
479 int len, ret, err, flags;
480 PyObject *pyret = Py_None;
481
Jean-Paul Calderone5163f572011-04-22 18:38:16 -0400482#if PY_VERSION_HEX >= 0x02060000
Jean-Paul Calderone691e6c92011-01-21 22:04:35 -0500483 Py_buffer pbuf;
484
485 if (!PyArg_ParseTuple(args, "s*|i:sendall", &pbuf, &flags))
486 return NULL;
487
488 buf = pbuf.buf;
489 len = pbuf.len;
490#else
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500491 if (!PyArg_ParseTuple(args, "s#|i:sendall", &buf, &len, &flags))
492 return NULL;
Jean-Paul Calderone691e6c92011-01-21 22:04:35 -0500493#endif
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500494
495 do {
496 MY_BEGIN_ALLOW_THREADS(self->tstate)
497 ret = SSL_write(self->ssl, buf, len);
498 MY_END_ALLOW_THREADS(self->tstate)
499 if (PyErr_Occurred())
500 {
501 flush_error_queue();
502 pyret = NULL;
503 break;
504 }
505 err = SSL_get_error(self->ssl, ret);
506 if (err == SSL_ERROR_NONE)
507 {
508 buf += ret;
509 len -= ret;
510 }
511 else if (err == SSL_ERROR_SSL || err == SSL_ERROR_SYSCALL ||
512 err == SSL_ERROR_ZERO_RETURN)
513 {
514 handle_ssl_errors(self->ssl, err, ret);
515 pyret = NULL;
516 break;
Jean-Paul Calderone691e6c92011-01-21 22:04:35 -0500517 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500518 } while (len > 0);
519
Jean-Paul Calderone5163f572011-04-22 18:38:16 -0400520#if PY_VERSION_HEX >= 0x02060000
Jean-Paul Calderone691e6c92011-01-21 22:04:35 -0500521 PyBuffer_Release(&pbuf);
522#endif
523
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500524 Py_XINCREF(pyret);
525 return pyret;
526}
527
528static char ssl_Connection_recv_doc[] = "\n\
529Receive data on the connection. NOTE: If you get one of the WantRead,\n\
530WantWrite or WantX509Lookup exceptions on this, you have to call the\n\
531method again with the SAME buffer.\n\
532\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400533@param bufsiz: The maximum number of bytes to read\n\
Jean-Paul Calderone40b32a22010-01-27 16:56:44 -0500534@param flags: (optional) Included for compatibility with the socket\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400535 API, the value is ignored\n\
536@return: The string read from the Connection\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500537";
538static PyObject *
539ssl_Connection_recv(ssl_ConnectionObj *self, PyObject *args)
540{
541 int bufsiz, ret, err, flags;
542 PyObject *buf;
543
544 if (!PyArg_ParseTuple(args, "i|i:recv", &bufsiz, &flags))
545 return NULL;
546
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400547 buf = PyBytes_FromStringAndSize(NULL, bufsiz);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500548 if (buf == NULL)
549 return NULL;
550
551 MY_BEGIN_ALLOW_THREADS(self->tstate)
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400552 ret = SSL_read(self->ssl, PyBytes_AsString(buf), bufsiz);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500553 MY_END_ALLOW_THREADS(self->tstate)
554
555 if (PyErr_Occurred())
556 {
557 Py_DECREF(buf);
558 flush_error_queue();
559 return NULL;
560 }
561
562 err = SSL_get_error(self->ssl, ret);
563 if (err == SSL_ERROR_NONE)
564 {
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400565 if (ret != bufsiz && _PyBytes_Resize(&buf, ret) < 0)
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500566 return NULL;
567 return buf;
568 }
569 else
570 {
571 handle_ssl_errors(self->ssl, err, ret);
572 Py_DECREF(buf);
573 return NULL;
574 }
575}
576
Rick Deanb71c0d22009-04-01 14:09:23 -0500577static char ssl_Connection_bio_read_doc[] = "\n\
578When using non-socket connections this function reads\n\
579the \"dirty\" data that would have traveled away on the network.\n\
580\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400581@param bufsiz: The maximum number of bytes to read\n\
582@return: The string read.\n\
Rick Deanb71c0d22009-04-01 14:09:23 -0500583";
584static PyObject *
585ssl_Connection_bio_read(ssl_ConnectionObj *self, PyObject *args)
586{
Jean-Paul Calderoneaff0fc42009-04-27 17:13:34 -0400587 int bufsiz, ret;
Rick Deanb71c0d22009-04-01 14:09:23 -0500588 PyObject *buf;
589
Jean-Paul Calderone07acf3f2009-05-05 13:23:28 -0400590 if (self->from_ssl == NULL)
Rick Deanb71c0d22009-04-01 14:09:23 -0500591 {
592 PyErr_SetString(PyExc_TypeError, "Connection sock was not None");
593 return NULL;
594 }
595
596 if (!PyArg_ParseTuple(args, "i:bio_read", &bufsiz))
597 return NULL;
598
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400599 buf = PyBytes_FromStringAndSize(NULL, bufsiz);
Rick Deanb71c0d22009-04-01 14:09:23 -0500600 if (buf == NULL)
601 return NULL;
602
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400603 ret = BIO_read(self->from_ssl, PyBytes_AsString(buf), bufsiz);
Rick Deanb71c0d22009-04-01 14:09:23 -0500604
605 if (PyErr_Occurred())
606 {
607 Py_DECREF(buf);
608 flush_error_queue();
609 return NULL;
610 }
611
Jean-Paul Calderoneaff0fc42009-04-27 17:13:34 -0400612 if (ret <= 0) {
613 /*
614 * There was a problem with the BIO_read of some sort.
615 */
616 handle_bio_errors(self->from_ssl, ret);
Rick Deanb71c0d22009-04-01 14:09:23 -0500617 Py_DECREF(buf);
618 return NULL;
619 }
Jean-Paul Calderoneaff0fc42009-04-27 17:13:34 -0400620
621 /*
622 * Shrink the string to match the number of bytes we actually read.
623 */
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400624 if (ret != bufsiz && _PyBytes_Resize(&buf, ret) < 0)
Jean-Paul Calderoneaff0fc42009-04-27 17:13:34 -0400625 {
626 Py_DECREF(buf);
627 return NULL;
628 }
629 return buf;
Rick Deanb71c0d22009-04-01 14:09:23 -0500630}
631
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500632static char ssl_Connection_renegotiate_doc[] = "\n\
633Renegotiate the session\n\
634\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400635@return: True if the renegotiation can be started, false otherwise\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500636";
637static PyObject *
Jean-Paul Calderone8ea22522010-07-29 09:39:39 -0400638ssl_Connection_renegotiate(ssl_ConnectionObj *self, PyObject *args) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500639 int ret;
640
Jean-Paul Calderone8ea22522010-07-29 09:39:39 -0400641 if (!PyArg_ParseTuple(args, ":renegotiate")) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500642 return NULL;
Jean-Paul Calderone8ea22522010-07-29 09:39:39 -0400643 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500644
645 MY_BEGIN_ALLOW_THREADS(self->tstate);
646 ret = SSL_renegotiate(self->ssl);
647 MY_END_ALLOW_THREADS(self->tstate);
648
Jean-Paul Calderone8ea22522010-07-29 09:39:39 -0400649 if (PyErr_Occurred()) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500650 flush_error_queue();
651 return NULL;
652 }
653
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400654 return PyLong_FromLong((long)ret);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500655}
656
657static char ssl_Connection_do_handshake_doc[] = "\n\
658Perform an SSL handshake (usually called after renegotiate() or one of\n\
659set_*_state()). This can raise the same exceptions as send and recv.\n\
660\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400661@return: None.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500662";
663static PyObject *
664ssl_Connection_do_handshake(ssl_ConnectionObj *self, PyObject *args)
665{
666 int ret, err;
667
668 if (!PyArg_ParseTuple(args, ":do_handshake"))
669 return NULL;
670
671 MY_BEGIN_ALLOW_THREADS(self->tstate);
672 ret = SSL_do_handshake(self->ssl);
673 MY_END_ALLOW_THREADS(self->tstate);
674
675 if (PyErr_Occurred())
676 {
677 flush_error_queue();
678 return NULL;
679 }
680
681 err = SSL_get_error(self->ssl, ret);
682 if (err == SSL_ERROR_NONE)
683 {
684 Py_INCREF(Py_None);
685 return Py_None;
686 }
687 else
688 {
689 handle_ssl_errors(self->ssl, err, ret);
690 return NULL;
691 }
692}
693
694#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00907000L
695static char ssl_Connection_renegotiate_pending_doc[] = "\n\
696Check if there's a renegotiation in progress, it will return false once\n\
697a renegotiation is finished.\n\
698\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400699@return: Whether there's a renegotiation in progress\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500700";
701static PyObject *
702ssl_Connection_renegotiate_pending(ssl_ConnectionObj *self, PyObject *args)
703{
704 if (!PyArg_ParseTuple(args, ":renegotiate_pending"))
705 return NULL;
706
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400707 return PyLong_FromLong((long)SSL_renegotiate_pending(self->ssl));
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500708}
709#endif
710
711static char ssl_Connection_total_renegotiations_doc[] = "\n\
712Find out the total number of renegotiations.\n\
713\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400714@return: The number of renegotiations.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500715";
716static PyObject *
717ssl_Connection_total_renegotiations(ssl_ConnectionObj *self, PyObject *args)
718{
719 if (!PyArg_ParseTuple(args, ":total_renegotiations"))
720 return NULL;
721
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400722 return PyLong_FromLong(SSL_total_renegotiations(self->ssl));
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500723}
724
725static char ssl_Connection_set_accept_state_doc[] = "\n\
726Set the connection to work in server mode. The handshake will be handled\n\
727automatically by read/write.\n\
728\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400729@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500730";
731static PyObject *
732ssl_Connection_set_accept_state(ssl_ConnectionObj *self, PyObject *args)
733{
734 if (!PyArg_ParseTuple(args, ":set_accept_state"))
735 return NULL;
736
737 SSL_set_accept_state(self->ssl);
738
739 Py_INCREF(Py_None);
740 return Py_None;
741}
742
743static char ssl_Connection_set_connect_state_doc[] = "\n\
744Set the connection to work in client mode. The handshake will be handled\n\
745automatically by read/write.\n\
746\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400747@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500748";
749static PyObject *
750ssl_Connection_set_connect_state(ssl_ConnectionObj *self, PyObject *args)
751{
752 if (!PyArg_ParseTuple(args, ":set_connect_state"))
753 return NULL;
754
755 SSL_set_connect_state(self->ssl);
756
757 Py_INCREF(Py_None);
758 return Py_None;
759}
760
761static char ssl_Connection_connect_doc[] = "\n\
762Connect to remote host and set up client-side SSL\n\
763\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400764@param addr: A remote address\n\
765@return: What the socket's connect method returns\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500766";
767static PyObject *
768ssl_Connection_connect(ssl_ConnectionObj *self, PyObject *args)
769{
770 PyObject *meth, *ret;
771
772 if ((meth = PyObject_GetAttrString(self->socket, "connect")) == NULL)
773 return NULL;
774
775 SSL_set_connect_state(self->ssl);
776
777 ret = PyEval_CallObject(meth, args);
778 Py_DECREF(meth);
779 if (ret == NULL)
780 return NULL;
781
782 return ret;
783}
784
785static char ssl_Connection_connect_ex_doc[] = "\n\
786Connect to remote host and set up client-side SSL. Note that if the socket's\n\
787connect_ex method doesn't return 0, SSL won't be initialized.\n\
788\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400789@param addr: A remove address\n\
790@return: What the socket's connect_ex method returns\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500791";
792static PyObject *
793ssl_Connection_connect_ex(ssl_ConnectionObj *self, PyObject *args)
794{
795 PyObject *meth, *ret;
796
797 if ((meth = PyObject_GetAttrString(self->socket, "connect_ex")) == NULL)
798 return NULL;
799
800 SSL_set_connect_state(self->ssl);
801
802 ret = PyEval_CallObject(meth, args);
803 Py_DECREF(meth);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500804 return ret;
805}
806
807static char ssl_Connection_accept_doc[] = "\n\
808Accept incoming connection and set up SSL on it\n\
809\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400810@return: A (conn,addr) pair where conn is a Connection and addr is an\n\
811 address\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500812";
813static PyObject *
814ssl_Connection_accept(ssl_ConnectionObj *self, PyObject *args)
815{
816 PyObject *tuple, *socket, *address, *meth;
817 ssl_ConnectionObj *conn;
818
819 if ((meth = PyObject_GetAttrString(self->socket, "accept")) == NULL)
820 return NULL;
821 tuple = PyEval_CallObject(meth, args);
822 Py_DECREF(meth);
823 if (tuple == NULL)
824 return NULL;
825
826 socket = PyTuple_GetItem(tuple, 0);
827 Py_INCREF(socket);
828 address = PyTuple_GetItem(tuple, 1);
829 Py_INCREF(address);
830 Py_DECREF(tuple);
831
832 conn = ssl_Connection_New(self->context, socket);
833 Py_DECREF(socket);
834 if (conn == NULL)
835 {
836 Py_DECREF(address);
837 return NULL;
838 }
839
840 SSL_set_accept_state(conn->ssl);
841
842 tuple = Py_BuildValue("(OO)", conn, address);
843
844 Py_DECREF(conn);
845 Py_DECREF(address);
846
847 return tuple;
848}
849
Jean-Paul Calderone3ad85d42009-04-30 20:24:35 -0400850static char ssl_Connection_bio_shutdown_doc[] = "\n\
851When using non-socket connections this function signals end of\n\
852data on the input for this connection.\n\
853\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400854@return: None\n\
Jean-Paul Calderone3ad85d42009-04-30 20:24:35 -0400855";
856
857static PyObject *
858ssl_Connection_bio_shutdown(ssl_ConnectionObj *self, PyObject *args)
859{
Jean-Paul Calderone07acf3f2009-05-05 13:23:28 -0400860 if (self->from_ssl == NULL)
861 {
862 PyErr_SetString(PyExc_TypeError, "Connection sock was not None");
863 return NULL;
864 }
865
Jean-Paul Calderone3ad85d42009-04-30 20:24:35 -0400866 BIO_set_mem_eof_return(self->into_ssl, 0);
867 Py_INCREF(Py_None);
868 return Py_None;
869}
870
871
872
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500873static char ssl_Connection_shutdown_doc[] = "\n\
874Send closure alert\n\
875\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400876@return: True if the shutdown completed successfully (i.e. both sides\n\
877 have sent closure alerts), false otherwise (i.e. you have to\n\
878 wait for a ZeroReturnError on a recv() method call\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500879";
880static PyObject *
881ssl_Connection_shutdown(ssl_ConnectionObj *self, PyObject *args)
882{
883 int ret;
884
885 if (!PyArg_ParseTuple(args, ":shutdown"))
886 return NULL;
887
888 MY_BEGIN_ALLOW_THREADS(self->tstate)
889 ret = SSL_shutdown(self->ssl);
890 MY_END_ALLOW_THREADS(self->tstate)
891
892 if (PyErr_Occurred())
893 {
894 flush_error_queue();
895 return NULL;
896 }
897
898 if (ret < 0)
899 {
Rick Deand369c932009-07-08 11:48:33 -0500900 exception_from_error_queue(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500901 return NULL;
902 }
903 else if (ret > 0)
904 {
905 Py_INCREF(Py_True);
906 return Py_True;
907 }
908 else
909 {
910 Py_INCREF(Py_False);
911 return Py_False;
912 }
913}
914
915static char ssl_Connection_get_cipher_list_doc[] = "\n\
916Get the session cipher list\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500917\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400918@return: A list of cipher strings\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500919";
920static PyObject *
921ssl_Connection_get_cipher_list(ssl_ConnectionObj *self, PyObject *args)
922{
923 int idx = 0;
924 const char *ret;
925 PyObject *lst, *item;
926
927 if (!PyArg_ParseTuple(args, ":get_cipher_list"))
928 return NULL;
929
930 lst = PyList_New(0);
931 while ((ret = SSL_get_cipher_list(self->ssl, idx)) != NULL)
932 {
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400933 item = PyText_FromString(ret);
Ziga Seilnachtfdeadb12009-09-01 16:35:50 +0200934 PyList_Append(lst, item);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500935 Py_DECREF(item);
936 idx++;
937 }
938 return lst;
939}
940
Ziga Seilnachtf93bf102009-10-23 09:51:07 +0200941static char ssl_Connection_get_client_ca_list_doc[] = "\n\
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200942Get CAs whose certificates are suggested for client authentication.\n\
943\n\
Jean-Paul Calderone35788902009-10-24 13:48:08 -0400944@return: If this is a server connection, a list of X509Names representing\n\
945 the acceptable CAs as set by L{OpenSSL.SSL.Context.set_client_ca_list} or\n\
946 L{OpenSSL.SSL.Context.add_client_ca}. If this is a client connection,\n\
947 the list of such X509Names sent by the server, or an empty list if that\n\
948 has not yet happened.\n\
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200949";
950
951static PyObject *
Jean-Paul Calderone6e2b6852009-10-24 14:04:30 -0400952ssl_Connection_get_client_ca_list(ssl_ConnectionObj *self, PyObject *args) {
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200953 STACK_OF(X509_NAME) *CANames;
954 PyObject *CAList;
955 int i, n;
956
Ziga Seilnachtf93bf102009-10-23 09:51:07 +0200957 if (!PyArg_ParseTuple(args, ":get_client_ca_list")) {
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200958 return NULL;
959 }
960 CANames = SSL_get_client_CA_list(self->ssl);
961 if (CANames == NULL) {
962 return PyList_New(0);
963 }
964 n = sk_X509_NAME_num(CANames);
965 CAList = PyList_New(n);
966 if (CAList == NULL) {
967 return NULL;
968 }
969 for (i = 0; i < n; i++) {
970 X509_NAME *CAName;
971 PyObject *CA;
972
973 CAName = X509_NAME_dup(sk_X509_NAME_value(CANames, i));
974 if (CAName == NULL) {
975 Py_DECREF(CAList);
976 exception_from_error_queue(ssl_Error);
977 return NULL;
978 }
Jean-Paul Calderone305626a2010-10-31 20:51:17 -0400979 CA = (PyObject *)new_x509name(CAName, 1);
Ziga Seilnacht679c4262009-09-01 01:32:29 +0200980 if (CA == NULL) {
981 X509_NAME_free(CAName);
982 Py_DECREF(CAList);
983 return NULL;
984 }
985 if (PyList_SetItem(CAList, i, CA)) {
986 Py_DECREF(CA);
987 Py_DECREF(CAList);
988 return NULL;
989 }
990 }
991 return CAList;
992}
993
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500994static char ssl_Connection_makefile_doc[] = "\n\
995The makefile() method is not implemented, since there is no dup semantics\n\
996for SSL connections\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500997\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400998@raise NotImplementedError\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500999";
1000static PyObject *
1001ssl_Connection_makefile(ssl_ConnectionObj *self, PyObject *args)
1002{
1003 PyErr_SetString(PyExc_NotImplementedError, "Cannot make file object of SSL.Connection");
1004 return NULL;
1005}
1006
1007static char ssl_Connection_get_app_data_doc[] = "\n\
1008Get application data\n\
1009\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001010@return: The application data\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001011";
1012static PyObject *
1013ssl_Connection_get_app_data(ssl_ConnectionObj *self, PyObject *args)
1014{
1015 if (!PyArg_ParseTuple(args, ":get_app_data"))
1016 return NULL;
1017
1018 Py_INCREF(self->app_data);
1019 return self->app_data;
1020}
1021
1022static char ssl_Connection_set_app_data_doc[] = "\n\
1023Set application data\n\
1024\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001025@param data - The application data\n\
1026@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001027";
1028static PyObject *
1029ssl_Connection_set_app_data(ssl_ConnectionObj *self, PyObject *args)
1030{
1031 PyObject *data;
1032
1033 if (!PyArg_ParseTuple(args, "O:set_app_data", &data))
1034 return NULL;
1035
1036 Py_DECREF(self->app_data);
1037 Py_INCREF(data);
1038 self->app_data = data;
1039
1040 Py_INCREF(Py_None);
1041 return Py_None;
1042}
1043
Jean-Paul Calderone72b8f0f2008-02-21 23:57:40 -05001044static char ssl_Connection_get_shutdown_doc[] = "\n\
1045Get shutdown state\n\
1046\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001047@return: The shutdown state, a bitvector of SENT_SHUTDOWN, RECEIVED_SHUTDOWN.\n\
Jean-Paul Calderone72b8f0f2008-02-21 23:57:40 -05001048";
1049static PyObject *
1050ssl_Connection_get_shutdown(ssl_ConnectionObj *self, PyObject *args)
1051{
1052 if (!PyArg_ParseTuple(args, ":get_shutdown"))
1053 return NULL;
1054
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -04001055 return PyLong_FromLong((long)SSL_get_shutdown(self->ssl));
Jean-Paul Calderone72b8f0f2008-02-21 23:57:40 -05001056}
1057
1058static char ssl_Connection_set_shutdown_doc[] = "\n\
1059Set shutdown state\n\
1060\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001061@param state - bitvector of SENT_SHUTDOWN, RECEIVED_SHUTDOWN.\n\
1062@return: None\n\
Jean-Paul Calderone72b8f0f2008-02-21 23:57:40 -05001063";
1064static PyObject *
1065ssl_Connection_set_shutdown(ssl_ConnectionObj *self, PyObject *args)
1066{
1067 int shutdown;
1068
1069 if (!PyArg_ParseTuple(args, "i:set_shutdown", &shutdown))
1070 return NULL;
1071
1072 SSL_set_shutdown(self->ssl, shutdown);
1073 Py_INCREF(Py_None);
1074 return Py_None;
1075}
1076
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001077static char ssl_Connection_state_string_doc[] = "\n\
1078Get a verbose state description\n\
1079\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001080@return: A string representing the state\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001081";
1082static PyObject *
1083ssl_Connection_state_string(ssl_ConnectionObj *self, PyObject *args)
1084{
1085 if (!PyArg_ParseTuple(args, ":state_string"))
1086 return NULL;
1087
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -04001088 return PyText_FromString(SSL_state_string_long(self->ssl));
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001089}
1090
Rick Deanb71c0d22009-04-01 14:09:23 -05001091static char ssl_Connection_client_random_doc[] = "\n\
1092Get a copy of the client hello nonce.\n\
1093\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001094@return: A string representing the state\n\
Rick Deanb71c0d22009-04-01 14:09:23 -05001095";
1096static PyObject *
1097ssl_Connection_client_random(ssl_ConnectionObj *self, PyObject *args)
1098{
1099 if (!PyArg_ParseTuple(args, ":client_random"))
1100 return NULL;
1101
Jean-Paul Calderone07acf3f2009-05-05 13:23:28 -04001102 if (self->ssl->session == NULL) {
Rick Deanb71c0d22009-04-01 14:09:23 -05001103 Py_INCREF(Py_None);
1104 return Py_None;
1105 }
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -04001106 return PyBytes_FromStringAndSize( (const char *) self->ssl->s3->client_random, SSL3_RANDOM_SIZE);
Rick Deanb71c0d22009-04-01 14:09:23 -05001107}
1108
1109static char ssl_Connection_server_random_doc[] = "\n\
1110Get a copy of the server hello nonce.\n\
1111\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001112@return: A string representing the state\n\
Rick Deanb71c0d22009-04-01 14:09:23 -05001113";
1114static PyObject *
1115ssl_Connection_server_random(ssl_ConnectionObj *self, PyObject *args)
1116{
1117 if (!PyArg_ParseTuple(args, ":server_random"))
1118 return NULL;
1119
Jean-Paul Calderone07acf3f2009-05-05 13:23:28 -04001120 if (self->ssl->session == NULL) {
Rick Deanb71c0d22009-04-01 14:09:23 -05001121 Py_INCREF(Py_None);
1122 return Py_None;
1123 }
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -04001124 return PyBytes_FromStringAndSize( (const char *) self->ssl->s3->server_random, SSL3_RANDOM_SIZE);
Rick Deanb71c0d22009-04-01 14:09:23 -05001125}
1126
1127static char ssl_Connection_master_key_doc[] = "\n\
1128Get a copy of the master key.\n\
1129\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001130@return: A string representing the state\n\
Rick Deanb71c0d22009-04-01 14:09:23 -05001131";
1132static PyObject *
1133ssl_Connection_master_key(ssl_ConnectionObj *self, PyObject *args)
1134{
1135 if (!PyArg_ParseTuple(args, ":master_key"))
1136 return NULL;
1137
Jean-Paul Calderone07acf3f2009-05-05 13:23:28 -04001138 if (self->ssl->session == NULL) {
Rick Deanb71c0d22009-04-01 14:09:23 -05001139 Py_INCREF(Py_None);
1140 return Py_None;
1141 }
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -04001142 return PyBytes_FromStringAndSize( (const char *) self->ssl->session->master_key, self->ssl->session->master_key_length);
Rick Deanb71c0d22009-04-01 14:09:23 -05001143}
1144
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001145static char ssl_Connection_sock_shutdown_doc[] = "\n\
1146See shutdown(2)\n\
1147\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001148@return: What the socket's shutdown() method returns\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001149";
1150static PyObject *
1151ssl_Connection_sock_shutdown(ssl_ConnectionObj *self, PyObject *args)
1152{
1153 PyObject *meth, *ret;
1154
1155 if ((meth = PyObject_GetAttrString(self->socket, "shutdown")) == NULL)
1156 return NULL;
1157 ret = PyEval_CallObject(meth, args);
1158 Py_DECREF(meth);
1159 return ret;
1160}
1161
1162static char ssl_Connection_get_peer_certificate_doc[] = "\n\
1163Retrieve the other side's certificate (if any)\n\
1164\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001165@return: The peer's certificate\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001166";
1167static PyObject *
1168ssl_Connection_get_peer_certificate(ssl_ConnectionObj *self, PyObject *args)
1169{
1170 X509 *cert;
1171
1172 if (!PyArg_ParseTuple(args, ":get_peer_certificate"))
1173 return NULL;
1174
1175 cert = SSL_get_peer_certificate(self->ssl);
1176 if (cert != NULL)
1177 {
Jean-Paul Calderone5c0f1f62010-10-31 21:36:43 -04001178 return (PyObject *)new_x509(cert, 1);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001179 }
1180 else
1181 {
1182 Py_INCREF(Py_None);
1183 return Py_None;
1184 }
1185}
1186
Jean-Paul Calderone95b92c72011-05-17 15:45:21 -04001187static char ssl_Connection_get_peer_cert_chain_doc[] = "\n\
1188Retrieve the other side's certificate (if any)\n\
1189\n\
Jean-Paul Calderone0a7e06a2011-05-19 18:49:35 -04001190@return: A list of X509 instances giving the peer's certificate chain,\n\
1191 or None if it does not have one.\n\
Jean-Paul Calderone95b92c72011-05-17 15:45:21 -04001192";
1193static PyObject *
Jean-Paul Calderonefcced2a2011-05-19 18:02:11 -04001194ssl_Connection_get_peer_cert_chain(ssl_ConnectionObj *self, PyObject *args) {
Jean-Paul Calderone95b92c72011-05-17 15:45:21 -04001195 STACK_OF(X509) *sk;
Jean-Paul Calderone0a7e06a2011-05-19 18:49:35 -04001196 PyObject *chain;
1197 crypto_X509Obj *cert;
Jean-Paul Calderone95b92c72011-05-17 15:45:21 -04001198 Py_ssize_t i;
1199
Jean-Paul Calderonefcced2a2011-05-19 18:02:11 -04001200 if (!PyArg_ParseTuple(args, ":get_peer_cert_chain")) {
Jean-Paul Calderone95b92c72011-05-17 15:45:21 -04001201 return NULL;
Jean-Paul Calderonefcced2a2011-05-19 18:02:11 -04001202 }
Jean-Paul Calderone95b92c72011-05-17 15:45:21 -04001203
1204 sk = SSL_get_peer_cert_chain(self->ssl);
Jean-Paul Calderonefcced2a2011-05-19 18:02:11 -04001205 if (sk != NULL) {
Jean-Paul Calderone0a7e06a2011-05-19 18:49:35 -04001206 chain = PyList_New(sk_X509_num(sk));
Jean-Paul Calderonefcced2a2011-05-19 18:02:11 -04001207 for (i = 0; i < sk_X509_num(sk); i++) {
Jean-Paul Calderone13d190b2011-05-20 19:14:50 -04001208 cert = new_x509(sk_X509_value(sk, i), 1);
Jean-Paul Calderone0a7e06a2011-05-19 18:49:35 -04001209 if (!cert) {
1210 /* XXX Untested */
1211 Py_DECREF(chain);
1212 return NULL;
1213 }
1214 CRYPTO_add(&cert->x509->references, 1, CRYPTO_LOCK_X509);
1215 PyList_SET_ITEM(chain, i, (PyObject *)cert);
Jean-Paul Calderone95b92c72011-05-17 15:45:21 -04001216 }
Jean-Paul Calderone0a7e06a2011-05-19 18:49:35 -04001217 return chain;
Jean-Paul Calderonefcced2a2011-05-19 18:02:11 -04001218 } else {
Jean-Paul Calderone95b92c72011-05-17 15:45:21 -04001219 Py_INCREF(Py_None);
1220 return Py_None;
1221 }
1222
1223}
1224
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001225static char ssl_Connection_want_read_doc[] = "\n\
1226Checks if more data has to be read from the transport layer to complete an\n\
1227operation.\n\
1228\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001229@return: True iff more data has to be read\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001230";
1231static PyObject *
1232ssl_Connection_want_read(ssl_ConnectionObj *self, PyObject *args)
1233{
1234 if (!PyArg_ParseTuple(args, ":want_read"))
1235 return NULL;
1236
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -04001237 return PyLong_FromLong((long)SSL_want_read(self->ssl));
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001238}
1239
1240static char ssl_Connection_want_write_doc[] = "\n\
1241Checks if there is data to write to the transport layer to complete an\n\
1242operation.\n\
1243\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -04001244@return: True iff there is data to write\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001245";
1246static PyObject *
1247ssl_Connection_want_write(ssl_ConnectionObj *self, PyObject *args)
1248{
1249 if (!PyArg_ParseTuple(args, ":want_write"))
1250 return NULL;
1251
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -04001252 return PyLong_FromLong((long)SSL_want_write(self->ssl));
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001253}
1254
1255/*
1256 * Member methods in the Connection object
1257 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
1258 * { 'name', (PyCFunction)ssl_Connection_name, METH_VARARGS }
1259 * for convenience
1260 * ADD_ALIAS(name,real) creates an "alias" of the ssl_Connection_real
1261 * function with the name 'name'
1262 */
1263#define ADD_METHOD(name) \
1264 { #name, (PyCFunction)ssl_Connection_##name, METH_VARARGS, ssl_Connection_##name##_doc }
1265#define ADD_ALIAS(name,real) \
1266 { #name, (PyCFunction)ssl_Connection_##real, METH_VARARGS, ssl_Connection_##real##_doc }
1267static PyMethodDef ssl_Connection_methods[] =
1268{
1269 ADD_METHOD(get_context),
Jean-Paul Calderone95613b72011-05-25 22:30:21 -04001270 ADD_METHOD(set_context),
Jean-Paul Calderonec4cb6582011-05-26 18:47:00 -04001271 ADD_METHOD(get_servername),
1272 ADD_METHOD(set_tlsext_host_name),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001273 ADD_METHOD(pending),
1274 ADD_METHOD(send),
1275 ADD_ALIAS (write, send),
1276 ADD_METHOD(sendall),
1277 ADD_METHOD(recv),
1278 ADD_ALIAS (read, recv),
Rick Deanb71c0d22009-04-01 14:09:23 -05001279 ADD_METHOD(bio_read),
1280 ADD_METHOD(bio_write),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001281 ADD_METHOD(renegotiate),
1282 ADD_METHOD(do_handshake),
1283#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00907000L
1284 ADD_METHOD(renegotiate_pending),
1285#endif
1286 ADD_METHOD(total_renegotiations),
1287 ADD_METHOD(connect),
1288 ADD_METHOD(connect_ex),
1289 ADD_METHOD(accept),
Jean-Paul Calderone3ad85d42009-04-30 20:24:35 -04001290 ADD_METHOD(bio_shutdown),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001291 ADD_METHOD(shutdown),
1292 ADD_METHOD(get_cipher_list),
Ziga Seilnachtf93bf102009-10-23 09:51:07 +02001293 ADD_METHOD(get_client_ca_list),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001294 ADD_METHOD(makefile),
1295 ADD_METHOD(get_app_data),
1296 ADD_METHOD(set_app_data),
Jean-Paul Calderone72b8f0f2008-02-21 23:57:40 -05001297 ADD_METHOD(get_shutdown),
1298 ADD_METHOD(set_shutdown),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001299 ADD_METHOD(state_string),
Rick Deanb71c0d22009-04-01 14:09:23 -05001300 ADD_METHOD(server_random),
1301 ADD_METHOD(client_random),
1302 ADD_METHOD(master_key),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001303 ADD_METHOD(sock_shutdown),
1304 ADD_METHOD(get_peer_certificate),
Jean-Paul Calderone95b92c72011-05-17 15:45:21 -04001305 ADD_METHOD(get_peer_cert_chain),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001306 ADD_METHOD(want_read),
1307 ADD_METHOD(want_write),
1308 ADD_METHOD(set_accept_state),
1309 ADD_METHOD(set_connect_state),
1310 { NULL, NULL }
1311};
1312#undef ADD_ALIAS
1313#undef ADD_METHOD
1314
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001315static char ssl_Connection_doc[] = "\n\
1316Connection(context, socket) -> Connection instance\n\
1317\n\
1318Create a new Connection object, using the given OpenSSL.SSL.Context instance\n\
1319and socket.\n\
1320\n\
1321@param context: An SSL Context to use for this connection\n\
1322@param socket: The socket to use for transport layer\n\
1323";
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001324
1325/*
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001326 * Initializer used by ssl_Connection_new and ssl_Connection_New. *Not*
1327 * tp_init. This takes an already allocated ssl_ConnectionObj, a context, and
1328 * a optionally a socket, and glues them all together.
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001329 */
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001330static ssl_ConnectionObj*
1331ssl_Connection_init(ssl_ConnectionObj *self, ssl_ContextObj *ctx, PyObject *sock) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001332 int fd;
1333
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001334 Py_INCREF(ctx);
1335 self->context = ctx;
1336
1337 Py_INCREF(sock);
1338 self->socket = sock;
1339
1340 self->ssl = NULL;
Jean-Paul Calderonefc4ed0f2009-04-27 11:51:27 -04001341 self->from_ssl = NULL;
1342 self->into_ssl = NULL;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001343
1344 Py_INCREF(Py_None);
1345 self->app_data = Py_None;
1346
1347 self->tstate = NULL;
1348
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001349 self->ssl = SSL_new(self->context->ctx);
1350 SSL_set_app_data(self->ssl, self);
Rick Deanb71c0d22009-04-01 14:09:23 -05001351
Jean-Paul Calderone07acf3f2009-05-05 13:23:28 -04001352 if (self->socket == Py_None)
Rick Deanb71c0d22009-04-01 14:09:23 -05001353 {
1354 /* If it's not a socket or file, treat it like a memory buffer,
1355 * so crazy people can do things like EAP-TLS. */
1356 self->into_ssl = BIO_new(BIO_s_mem());
1357 self->from_ssl = BIO_new(BIO_s_mem());
Jean-Paul Calderone07acf3f2009-05-05 13:23:28 -04001358 if (self->into_ssl == NULL || self->from_ssl == NULL)
Rick Deanb71c0d22009-04-01 14:09:23 -05001359 goto error;
1360 SSL_set_bio(self->ssl, self->into_ssl, self->from_ssl);
1361 }
1362 else
1363 {
1364 fd = PyObject_AsFileDescriptor(self->socket);
1365 if (fd < 0)
1366 {
1367 Py_DECREF(self);
1368 return NULL;
1369 }
1370 else
1371 {
1372 SSL_set_fd(self->ssl, (SOCKET_T)fd);
1373 }
1374 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001375 return self;
Rick Deanb71c0d22009-04-01 14:09:23 -05001376
1377error:
1378 BIO_free(self->into_ssl); /* NULL safe */
1379 BIO_free(self->from_ssl); /* NULL safe */
1380 Py_DECREF(self);
1381 return NULL;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001382}
1383
1384/*
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001385 * Constructor for Connection objects
1386 *
1387 * Arguments: ctx - An SSL Context to use for this connection
1388 * sock - The socket to use for transport layer
1389 * Returns: The newly created Connection object
1390 */
1391ssl_ConnectionObj *
1392ssl_Connection_New(ssl_ContextObj *ctx, PyObject *sock) {
1393 ssl_ConnectionObj *self;
1394
1395 self = PyObject_GC_New(ssl_ConnectionObj, &ssl_Connection_Type);
1396 if (self == NULL) {
1397 return NULL;
1398 }
1399 self = ssl_Connection_init(self, ctx, sock);
1400 if (self == NULL) {
1401 return NULL;
1402 }
1403 PyObject_GC_Track((PyObject *)self);
1404 return self;
1405}
1406
1407static PyObject*
1408ssl_Connection_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
1409 ssl_ConnectionObj *self;
1410 ssl_ContextObj *ctx;
1411 PyObject *sock;
1412 static char *kwlist[] = {"context", "socket", NULL};
1413
1414 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O!O:Connection", kwlist,
1415 &ssl_Context_Type, &ctx, &sock)) {
1416 return NULL;
1417 }
1418
1419 self = (ssl_ConnectionObj *)subtype->tp_alloc(subtype, 1);
1420 if (self == NULL) {
1421 return NULL;
1422 }
1423
1424 return (PyObject *)ssl_Connection_init(self, ctx, sock);
1425}
1426
1427/*
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001428 * Find attribute
1429 *
1430 * Arguments: self - The Connection object
1431 * name - The attribute name
1432 * Returns: A Python object for the attribute, or NULL if something went
1433 * wrong
1434 */
1435static PyObject *
Jean-Paul Calderone997be7e2010-08-11 22:40:07 -04001436ssl_Connection_getattro(ssl_ConnectionObj *self, PyObject *nameobj) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001437 PyObject *meth;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001438
Jean-Paul Calderone997be7e2010-08-11 22:40:07 -04001439 meth = PyObject_GenericGetAttr((PyObject*)self, nameobj);
1440 if (PyErr_Occurred() && PyErr_ExceptionMatches(PyExc_AttributeError)) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001441 PyErr_Clear();
1442 /* Try looking it up in the "socket" instead. */
Jean-Paul Calderone997be7e2010-08-11 22:40:07 -04001443 meth = PyObject_GenericGetAttr(self->socket, nameobj);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001444 }
1445
1446 return meth;
1447}
1448
1449/*
1450 * Call the visitproc on all contained objects.
1451 *
1452 * Arguments: self - The Connection object
1453 * visit - Function to call
1454 * arg - Extra argument to visit
1455 * Returns: 0 if all goes well, otherwise the return code from the first
1456 * call that gave non-zero result.
1457 */
1458static int
1459ssl_Connection_traverse(ssl_ConnectionObj *self, visitproc visit, void *arg)
1460{
1461 int ret = 0;
1462
1463 if (ret == 0 && self->context != NULL)
1464 ret = visit((PyObject *)self->context, arg);
1465 if (ret == 0 && self->socket != NULL)
1466 ret = visit(self->socket, arg);
1467 if (ret == 0 && self->app_data != NULL)
1468 ret = visit(self->app_data, arg);
1469 return ret;
1470}
1471
1472/*
1473 * Decref all contained objects and zero the pointers.
1474 *
1475 * Arguments: self - The Connection object
1476 * Returns: Always 0.
1477 */
1478static int
1479ssl_Connection_clear(ssl_ConnectionObj *self)
1480{
1481 Py_XDECREF(self->context);
1482 self->context = NULL;
1483 Py_XDECREF(self->socket);
1484 self->socket = NULL;
1485 Py_XDECREF(self->app_data);
1486 self->app_data = NULL;
Rick Deanb71c0d22009-04-01 14:09:23 -05001487 self->into_ssl = NULL; /* was cleaned up by SSL_free() */
1488 self->from_ssl = NULL; /* was cleaned up by SSL_free() */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001489 return 0;
1490}
1491
1492/*
1493 * Deallocate the memory used by the Connection object
1494 *
1495 * Arguments: self - The Connection object
1496 * Returns: None
1497 */
1498static void
1499ssl_Connection_dealloc(ssl_ConnectionObj *self)
1500{
1501 PyObject_GC_UnTrack(self);
1502 if (self->ssl != NULL)
1503 SSL_free(self->ssl);
1504 ssl_Connection_clear(self);
1505 PyObject_GC_Del(self);
1506}
1507
1508PyTypeObject ssl_Connection_Type = {
Jean-Paul Calderoneb6d75252010-08-11 23:55:45 -04001509 PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001510 "OpenSSL.SSL.Connection",
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001511 sizeof(ssl_ConnectionObj),
1512 0,
1513 (destructor)ssl_Connection_dealloc,
1514 NULL, /* print */
Jean-Paul Calderone997be7e2010-08-11 22:40:07 -04001515 NULL, /* tp_getattr */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001516 NULL, /* setattr */
1517 NULL, /* compare */
1518 NULL, /* repr */
1519 NULL, /* as_number */
1520 NULL, /* as_sequence */
1521 NULL, /* as_mapping */
1522 NULL, /* hash */
1523 NULL, /* call */
1524 NULL, /* str */
Jean-Paul Calderone997be7e2010-08-11 22:40:07 -04001525 (getattrofunc)ssl_Connection_getattro, /* getattro */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001526 NULL, /* setattro */
1527 NULL, /* as_buffer */
1528 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC,
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001529 ssl_Connection_doc, /* doc */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001530 (traverseproc)ssl_Connection_traverse,
1531 (inquiry)ssl_Connection_clear,
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001532 NULL, /* tp_richcompare */
1533 0, /* tp_weaklistoffset */
1534 NULL, /* tp_iter */
1535 NULL, /* tp_iternext */
1536 ssl_Connection_methods, /* tp_methods */
1537 NULL, /* tp_members */
1538 NULL, /* tp_getset */
1539 NULL, /* tp_base */
1540 NULL, /* tp_dict */
1541 NULL, /* tp_descr_get */
1542 NULL, /* tp_descr_set */
1543 0, /* tp_dictoffset */
1544 NULL, /* tp_init */
1545 NULL, /* tp_alloc */
1546 ssl_Connection_new, /* tp_new */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001547};
1548
1549
1550/*
1551 * Initiailze the Connection part of the SSL sub module
1552 *
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001553 * Arguments: dict - The OpenSSL.SSL module
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001554 * Returns: 1 for success, 0 otherwise
1555 */
1556int
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001557init_ssl_connection(PyObject *module) {
1558
1559 if (PyType_Ready(&ssl_Connection_Type) < 0) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001560 return 0;
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001561 }
1562
Jean-Paul Calderone86ad7112010-05-11 16:08:45 -04001563 /* PyModule_AddObject steals a reference.
1564 */
1565 Py_INCREF((PyObject *)&ssl_Connection_Type);
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001566 if (PyModule_AddObject(module, "Connection", (PyObject *)&ssl_Connection_Type) != 0) {
1567 return 0;
1568 }
1569
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -05001570 /* PyModule_AddObject steals a reference.
1571 */
1572 Py_INCREF((PyObject *)&ssl_Connection_Type);
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -04001573 if (PyModule_AddObject(module, "ConnectionType", (PyObject *)&ssl_Connection_Type) != 0) {
1574 return 0;
1575 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001576
1577 return 1;
1578}
1579