[pypy-commit] pypy default: Fixed #2013 -- added constants to _ssl for TLS 1.1 and 1.2
alex_gaynor
noreply at buildbot.pypy.org
Fri Mar 27 12:39:18 CET 2015
Author: Alex Gaynor <alex.gaynor at gmail.com>
Branch:
Changeset: r76592:22eb203956f1
Date: 2015-03-27 07:39 -0400
http://bitbucket.org/pypy/pypy/changeset/22eb203956f1/
Log: Fixed #2013 -- added constants to _ssl for TLS 1.1 and 1.2
diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -33,7 +33,8 @@
PY_SSL_CLIENT, PY_SSL_SERVER = 0, 1
(PY_SSL_VERSION_SSL2, PY_SSL_VERSION_SSL3,
- PY_SSL_VERSION_SSL23, PY_SSL_VERSION_TLS1) = range(4)
+ PY_SSL_VERSION_SSL23, PY_SSL_VERSION_TLS1, PY_SSL_VERSION_TLS1_1,
+ PY_SSL_VERSION_TLS1_2) = range(6)
SOCKET_IS_NONBLOCKING, SOCKET_IS_BLOCKING = 0, 1
SOCKET_HAS_TIMED_OUT, SOCKET_HAS_BEEN_CLOSED = 2, 3
@@ -72,6 +73,9 @@
constants["PROTOCOL_SSLv3"] = PY_SSL_VERSION_SSL3
constants["PROTOCOL_SSLv23"] = PY_SSL_VERSION_SSL23
constants["PROTOCOL_TLSv1"] = PY_SSL_VERSION_TLS1
+if HAVE_TLSv1_2:
+ constants["PROTOCOL_TLSv1_1"] = PY_SSL_VERSION_TLS1_1
+ constants["PROTOCOL_TLSv1_2"] = PY_SSL_VERSION_TLS1_2
constants["OP_ALL"] = SSL_OP_ALL &~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
constants["OP_NO_SSLv2"] = SSL_OP_NO_SSLv2
@@ -140,7 +144,7 @@
def __del__(self):
rffi.free_nonmovingbuffer(
- self.protos, self.buf, self.pinned, self.is_raw)
+ self.protos, self.buf, self.pinned, self.is_raw)
@staticmethod
def advertiseNPN_cb(s, data_ptr, len_ptr, args):
@@ -162,7 +166,7 @@
client_len = len(npn.protos)
else:
client = lltype.nullptr(rffi.CCHARP.TO)
- client_len = 0
+ client_len = 0
libssl_SSL_select_next_proto(out_ptr, outlen_ptr,
server, server_len,
@@ -593,14 +597,14 @@
CB_MAXLEN = 128
with lltype.scoped_alloc(rffi.CCHARP.TO, CB_MAXLEN) as buf:
- if (libssl_SSL_session_reused(self.ssl) ^
+ if (libssl_SSL_session_reused(self.ssl) ^
(self.socket_type == PY_SSL_CLIENT)):
# if session is resumed XOR we are the client
length = libssl_SSL_get_finished(self.ssl, buf, CB_MAXLEN)
else:
# if a new session XOR we are the server
length = libssl_SSL_get_peer_finished(self.ssl, buf, CB_MAXLEN)
-
+
if length > 0:
return space.wrap(rffi.charpsize2str(buf, intmask(length)))
@@ -1107,7 +1111,7 @@
except OperationError as e:
if not e.match(space, space.w_TypeError):
raise
- raise oefmt(space.w_TypeError,
+ raise oefmt(space.w_TypeError,
"password callback must return a string")
except OperationError as e:
pw_info.operationerror = e
@@ -1196,6 +1200,10 @@
method = libssl_SSLv2_method()
elif protocol == PY_SSL_VERSION_SSL23:
method = libssl_SSLv23_method()
+ elif protocol == PY_SSL_VERSION_TLS1_1 and HAVE_TLSv1_2:
+ method = libssl_TLSv1_1_method()
+ elif protocol == PY_SSL_VERSION_TLS1_2 and HAVE_TLSv1_2:
+ method = libssl_TLSv1_2_method()
else:
raise oefmt(space.w_ValueError, "invalid protocol version")
ctx = libssl_SSL_CTX_new(method)
@@ -1348,7 +1356,7 @@
except OperationError as e:
if not e.match(space, space.w_TypeError):
raise
- raise oefmt(space.w_TypeError,
+ raise oefmt(space.w_TypeError,
"password should be a string or callable")
libssl_SSL_CTX_set_default_passwd_cb(
@@ -1452,7 +1460,7 @@
if cadata is not None:
with rffi.scoped_nonmovingbuffer(cadata) as buf:
self._add_ca_certs(space, buf, len(cadata), ca_file_type)
-
+
# load cafile or capath
if cafile is not None or capath is not None:
ret = libssl_SSL_CTX_load_verify_locations(
diff --git a/rpython/rlib/ropenssl.py b/rpython/rlib/ropenssl.py
--- a/rpython/rlib/ropenssl.py
+++ b/rpython/rlib/ropenssl.py
@@ -255,6 +255,8 @@
OPENSSL_VERSION_NUMBER != 0x00909000
if OPENSSL_VERSION_NUMBER < 0x0090800f and not OPENSSL_NO_ECDH:
OPENSSL_NO_ECDH = True
+HAVE_TLSv1_2 = OPENSSL_VERSION_NUMBER >= 0x10001000
+
def external(name, argtypes, restype, **kw):
kw['compilation_info'] = eci
@@ -284,6 +286,9 @@
ssl_external('SSL_get_SSL_CTX', [SSL], SSL_CTX)
ssl_external('SSL_set_SSL_CTX', [SSL, SSL_CTX], SSL_CTX)
ssl_external('TLSv1_method', [], SSL_METHOD)
+if HAVE_TLSv1_2:
+ ssl_external('TLSv1_1_method', [], SSL_METHOD)
+ ssl_external('TLSv1_2_method', [], SSL_METHOD)
ssl_external('SSLv2_method', [], SSL_METHOD)
ssl_external('SSLv3_method', [], SSL_METHOD)
ssl_external('SSLv23_method', [], SSL_METHOD)
More information about the pypy-commit
mailing list