[pypy-commit] pypy stdlib-2.7.9: provide SSLContext.check_hostname
bdkearns
noreply at buildbot.pypy.org
Sun Dec 21 18:32:53 CET 2014
Author: Brian Kearns <bdkearns at gmail.com>
Branch: stdlib-2.7.9
Changeset: r75052:fcae7464203b
Date: 2014-12-21 12:32 -0500
http://bitbucket.org/pypy/pypy/changeset/fcae7464203b/
Log: provide SSLContext.check_hostname
diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -839,6 +839,7 @@
self = space.allocate_instance(_SSLContext, w_subtype)
self.ctx = ctx
+ self.check_hostname = False
options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
if protocol != PY_SSL_VERSION_SSL2:
options |= SSL_OP_NO_SSLv2
@@ -894,8 +895,23 @@
else:
raise oefmt(space.w_ValueError,
"invalid value for verify_mode")
+ if mode == SSL_VERIFY_NONE and self.check_hostname:
+ raise oefmt(space.w_ValueError,
+ "Cannot set verify_mode to CERT_NONE when "
+ "check_hostname is enabled.")
libssl_SSL_CTX_set_verify(self.ctx, mode, None)
+ def descr_get_check_hostname(self, space):
+ return space.newbool(self.check_hostname)
+
+ def descr_set_check_hostname(self, space, w_obj):
+ check_hostname = space.is_true(w_obj)
+ if check_hostname and libssl_SSL_CTX_get_verify_mode(self.ctx) == SSL_VERIFY_NONE:
+ raise oefmt(space.w_ValueError,
+ "check_hostname needs a SSL context with either "
+ "CERT_OPTIONAL or CERT_REQUIRED")
+ self.check_hostname = check_hostname
+
_SSLContext.typedef = TypeDef("_SSLContext",
__module__ = "_ssl",
__new__ = interp2app(_SSLContext.descr_new),
@@ -905,6 +921,8 @@
_SSLContext.descr_set_options),
verify_mode = GetSetProperty(_SSLContext.descr_get_verify_mode,
_SSLContext.descr_set_verify_mode),
+ check_hostname = GetSetProperty(_SSLContext.descr_get_check_hostname,
+ _SSLContext.descr_set_check_hostname),
)
diff --git a/pypy/module/_ssl/test/test_ssl.py b/pypy/module/_ssl/test/test_ssl.py
--- a/pypy/module/_ssl/test/test_ssl.py
+++ b/pypy/module/_ssl/test/test_ssl.py
@@ -120,12 +120,24 @@
assert not s.options & _ssl.OP_NO_SSLv2
raises(TypeError, "s.options = 2.5")
+ assert not s.check_hostname
+ exc = raises(ValueError, "s.check_hostname = True")
+ assert str(exc.value) == "check_hostname needs a SSL context with " \
+ "either CERT_OPTIONAL or CERT_REQUIRED"
+
assert s.verify_mode == _ssl.CERT_NONE
s.verify_mode = _ssl.CERT_REQUIRED
assert s.verify_mode == _ssl.CERT_REQUIRED
exc = raises(ValueError, "s.verify_mode = 1234")
assert str(exc.value) == "invalid value for verify_mode"
+ s.check_hostname = True
+ assert s.check_hostname
+
+ exc = raises(ValueError, "s.verify_mode = _ssl.CERT_NONE")
+ assert str(exc.value) == "Cannot set verify_mode to CERT_NONE " \
+ "when check_hostname is enabled."
+
class AppTestConnectedSSL:
spaceconfig = {
More information about the pypy-commit
mailing list