[pypy-commit] pypy py3.5-ssl: updated hgignore to not displya cffi built stdlib modules
plan_rich
pypy.commits at gmail.com
Wed Nov 16 05:07:10 EST 2016
Author: Richard Plangger <planrichi at gmail.com>
Branch: py3.5-ssl
Changeset: r88407:afa55ff3c551
Date: 2016-11-16 11:06 +0100
http://bitbucket.org/pypy/pypy/changeset/afa55ff3c551/
Log: updated hgignore to not displya cffi built stdlib modules added new
files in lib_pypy/openssl/*
diff --git a/.hgignore b/.hgignore
--- a/.hgignore
+++ b/.hgignore
@@ -78,3 +78,9 @@
^.hypothesis/
^release/
^rpython/_cache$
+^lib_pypy/_.*cffi.*.c$
+^lib_pypy/_.*cffi.*.o$
+^lib_pypy/_.*cffi.*.so$
+^lib_pypy/_openssl.c$
+^lib_pypy/_openssl.o$
+^lib_pypy/_openssl.*.so$
diff --git a/lib-python/3/test/wrongcert.pem b/lib-python/3/test/wrongcert.pem
new file mode 100644
--- /dev/null
+++ b/lib-python/3/test/wrongcert.pem
@@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC89ZNxjTgWgq7Z1g0tJ65w+k7lNAj5IgjLb155UkUrz0XsHDnH
+FlbsVUg2Xtk6+bo2UEYIzN7cIm5ImpmyW/2z0J1IDVDlvR2xJ659xrE0v5c2cB6T
+f9lnNTwpSoeK24Nd7Jwq4j9vk95fLrdqsBq0/KVlsCXeixS/CaqqduXfvwIDAQAB
+AoGAQFko4uyCgzfxr4Ezb4Mp5pN3Npqny5+Jey3r8EjSAX9Ogn+CNYgoBcdtFgbq
+1yif/0sK7ohGBJU9FUCAwrqNBI9ZHB6rcy7dx+gULOmRBGckln1o5S1+smVdmOsW
+7zUVLBVByKuNWqTYFlzfVd6s4iiXtAE2iHn3GCyYdlICwrECQQDhMQVxHd3EFbzg
+SFmJBTARlZ2GKA3c1g/h9/XbkEPQ9/RwI3vnjJ2RaSnjlfoLl8TOcf0uOGbOEyFe
+19RvCLXjAkEA1s+UE5ziF+YVkW3WolDCQ2kQ5WG9+ccfNebfh6b67B7Ln5iG0Sbg
+ky9cjsO3jbMJQtlzAQnH1850oRD5Gi51dQJAIbHCDLDZU9Ok1TI+I2BhVuA6F666
+lEZ7TeZaJSYq34OaUYUdrwG9OdqwZ9sy9LUav4ESzu2lhEQchCJrKMn23QJAReqs
+ZLHUeTjfXkVk7dHhWPWSlUZ6AhmIlA/AQ7Payg2/8wM/JkZEJEPvGVykms9iPUrv
+frADRr+hAGe43IewnQJBAJWKZllPgKuEBPwoEldHNS8nRu61D7HzxEzQ2xnfj+Nk
+2fgf1MAzzTRsikfGENhVsVWeqOcijWb6g5gsyCmlRpc=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICsDCCAhmgAwIBAgIJAOqYOYFJfEEoMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMDgwNjI2MTgxNTUyWhcNMDkwNjI2MTgxNTUyWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQC89ZNxjTgWgq7Z1g0tJ65w+k7lNAj5IgjLb155UkUrz0XsHDnHFlbsVUg2Xtk6
++bo2UEYIzN7cIm5ImpmyW/2z0J1IDVDlvR2xJ659xrE0v5c2cB6Tf9lnNTwpSoeK
+24Nd7Jwq4j9vk95fLrdqsBq0/KVlsCXeixS/CaqqduXfvwIDAQABo4GnMIGkMB0G
+A1UdDgQWBBTctMtI3EO9OjLI0x9Zo2ifkwIiNjB1BgNVHSMEbjBsgBTctMtI3EO9
+OjLI0x9Zo2ifkwIiNqFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOqYOYFJ
+fEEoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAQwa7jya/DfhaDn7E
+usPkpgIX8WCL2B1SqnRTXEZfBPPVq/cUmFGyEVRVATySRuMwi8PXbVcOhXXuocA+
+43W+iIsD9pXapCZhhOerCq18TC1dWK98vLUsoK8PMjB6e5H/O8bqojv0EeC+fyCw
+eSHj5jpC8iZKjCHBn+mAi4cQ514=
+-----END CERTIFICATE-----
diff --git a/lib_pypy/openssl/_cffi_src/openssl/ssl.py b/lib_pypy/openssl/_cffi_src/openssl/ssl.py
--- a/lib_pypy/openssl/_cffi_src/openssl/ssl.py
+++ b/lib_pypy/openssl/_cffi_src/openssl/ssl.py
@@ -26,6 +26,7 @@
static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE;
static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
static const long Cryptography_HAS_NPN_NEGOTIATED;
+static const long Cryptography_NO_TLSEXT;
static const long Cryptography_OPENSSL_NPN_NEGOTIATED;
@@ -693,6 +694,12 @@
static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS = 1;
+#ifdef OPENSSL_NO_TLSEXT
+static const long Cryptography_NO_TLSEXT = 0;
+#else
+static const long Cryptography_NO_TLSEXT = 1;
+#endif
+
#ifdef OPENSSL_NPN_NEGOTIATED
static const long Cryptography_OPENSSL_NPN_NEGOTIATED = OPENSSL_NPN_NEGOTIATED;
static const long Cryptography_HAS_NPN_NEGOTIATED = 1;
diff --git a/lib_pypy/openssl/_cffi_src/openssl/tls1.py b/lib_pypy/openssl/_cffi_src/openssl/tls1.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/openssl/_cffi_src/openssl/tls1.py
@@ -0,0 +1,29 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <openssl/tls1.h>
+"""
+
+TYPES = """
+"""
+
+FUNCTIONS = """
+long Cryptography_SSL_CTX_set_tlsext_servername_callback(SSL_CTX *, int(*)(SSL*,int*,void*));
+long Cryptography_SSL_CTX_set_tlsext_servername_arg(SSL_CTX *, void * arg);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+long Cryptography_SSL_CTX_set_tlsext_servername_callback(SSL_CTX * ctx, int(*cb)(SSL*,int*,void*)) {
+ return SSL_CTX_set_tlsext_servername_callback(ctx, cb);
+}
+long Cryptography_SSL_CTX_set_tlsext_servername_arg(SSL_CTX * ctx, void *arg) {
+ return SSL_CTX_set_tlsext_servername_arg(ctx, arg);
+}
+"""
diff --git a/lib_pypy/openssl/_stdssl/__init__.py b/lib_pypy/openssl/_stdssl/__init__.py
--- a/lib_pypy/openssl/_stdssl/__init__.py
+++ b/lib_pypy/openssl/_stdssl/__init__.py
@@ -205,7 +205,8 @@
lib.ERR_clear_error()
self.ssl = ssl = lib.SSL_new(ctx)
- lib.SSL_set_app_data(ssl, b"")
+ self._app_data_handle = ffi.new_handle(self) # TODO release later
+ lib.SSL_set_app_data(ssl, ffi.cast("char*", self._app_data_handle))
if sock:
lib.SSL_set_fd(ssl, sock.fileno())
else:
@@ -254,13 +255,25 @@
self.ssl = ffi.NULL
self.shutdown_seen_zero = 0
self.handshake_done = 0
- self.owner = None
+ self._owner = None
self.server_hostname = None
self.socket = None
self.alpn_protocols = ffi.NULL
self.npn_protocols = ffi.NULL
@property
+ def owner(self):
+ if self._owner is None:
+ return None
+ return self._owner()
+
+ @owner.setter
+ def owner(self, value):
+ if value is None:
+ self._owner = None
+ self._owner = weakref.ref(value)
+
+ @property
def context(self):
return self.ctx
@@ -696,7 +709,8 @@
class _SSLContext(object):
__slots__ = ('ctx', '_check_hostname', 'servername_callback',
- 'alpn_protocols', 'npn_protocols')
+ 'alpn_protocols', 'npn_protocols', 'set_hostname',
+ '_set_hostname_handle')
def __new__(cls, protocol):
self = object.__new__(cls)
@@ -858,8 +872,9 @@
else:
raise TypeError("password should be a string or callable")
+ handle = ffi.new_handle(pw_info) # XXX MUST NOT be garbage collected
lib.SSL_CTX_set_default_passwd_cb(self.ctx, Cryptography_pem_password_cb)
- lib.SSL_CTX_set_default_passwd_cb_userdata(self.ctx, ffi.new_handle(pw_info))
+ lib.SSL_CTX_set_default_passwd_cb_userdata(self.ctx, handle)
try:
ffi.errno = 0
@@ -1099,20 +1114,21 @@
lib.EC_KEY_free(key)
def set_servername_callback(self, callback):
+ if not HAS_SNI or lib.Cryptography_NO_TLSEXT:
+ raise NotImplementedError("The TLS extension servername callback, "
+ "SSL_CTX_set_tlsext_servername_callback, "
+ "is not in the current OpenSSL library.")
if callback is None:
lib.SSL_CTX_set_tlsext_servername_callback(self.ctx, ffi.NULL)
- self.servername_callback = None
+ self.set_hostname = None
+ self._set_hostname_handle = None
return
if not callable(callback):
raise TypeError("not a callable object")
- callback_struct = ServernameCallback()
- callback_struct.ctx = self
- callback_struct.set_hostname = callback
- self.servername_callback = callback_struct
- index = id(self)
- SERVERNAME_CALLBACKS[index] = callback_struct
+ self.set_hostname = callback
+ self._set_hostname_handle = ffi.new_handle(self)
lib.Cryptography_SSL_CTX_set_tlsext_servername_callback(self.ctx, _servername_callback)
- lib.Cryptography_SSL_CTX_set_tlsext_servername_arg(self.ctx, ffi.new_handle(callback_struct))
+ lib.Cryptography_SSL_CTX_set_tlsext_servername_arg(self.ctx, self._set_hostname_handle)
def _set_alpn_protocols(self, protos):
if HAS_ALPN:
@@ -1137,75 +1153,83 @@
- at ffi.callback("void(void)")
-def _servername_callback(ssl, ad, arg):
- struct = ffi.from_handle(arg)
- w_ctx = struct.w_ctx
- space = struct.space
- w_callback = struct.w_set_hostname
- if not w_ctx.servername_callback:
- # Possible race condition.
- return rffi.cast(rffi.INT, SSL_TLSEXT_ERR_OK)
- # The high-level ssl.SSLSocket object
- index = rffi.cast(lltype.Signed, libssl_SSL_get_app_data(ssl))
- w_ssl = SOCKET_STORAGE.get(index)
- assert isinstance(w_ssl, SSLSocket)
- # The servername callback expects an argument that represents the current
- # SSL connection and that has a .context attribute that can be changed to
- # identify the requested hostname. Since the official API is the Python
- # level API we want to pass the callback a Python level object rather than
- # a _ssl.SSLSocket instance. If there's an "owner" (typically an
- # SSLObject) that will be passed. Otherwise if there's a socket then that
- # will be passed. If both do not exist only then the C-level object is
- # passed.
- if w_ssl.w_owner is not None:
- w_ssl_socket = w_ssl.w_owner()
- elif w_ssl.w_socket is not None:
- w_ssl_socket = w_ssl.w_socket()
- else:
- w_ssl_socket = w_ssl
- if space.is_none(w_ssl_socket):
- ad[0] = rffi.cast(rffi.INT, SSL_AD_INTERNAL_ERROR)
- return rffi.cast(rffi.INT, SSL_TLSEXT_ERR_ALERT_FATAL)
+if HAS_SNI and not lib.Cryptography_NO_TLSEXT:
+ @ffi.callback("int(SSL*,int*,void*)")
+ def _servername_callback(s, al, arg):
+ ssl_ctx = ffi.from_handle(arg)
+ servername = lib.SSL_get_servername(s, lib.TLSEXT_NAMETYPE_host_name)
+ #ifdef WITH_THREAD
+ # TODO PyGILState_STATE gstate = PyGILState_Ensure();
+ #endif
- servername = libssl_SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)
- try:
- if not servername:
- w_result = space.call_function(w_callback,
- w_ssl_socket, space.w_None, w_ctx)
+ if ssl_ctx.set_hostname is None:
+ #/* remove race condition in this the call back while if removing the
+ # * callback is in progress */
+ #ifdef WITH_THREAD
+ # TODO PyGILState_Release(gstate);
+ #endif
+ return lib.SSL_TLSEXT_ERR_OK
+ #}
+ ssl = ffi.from_handle(lib.SSL_get_app_data(s))
+ assert isinstance(ssl, _SSLSocket)
+
+ # The servername callback expects an argument that represents the current
+ # SSL connection and that has a .context attribute that can be changed to
+ # identify the requested hostname. Since the official API is the Python
+ # level API we want to pass the callback a Python level object rather than
+ # a _ssl.SSLSocket instance. If there's an "owner" (typically an
+ # SSLObject) that will be passed. Otherwise if there's a socket then that
+ # will be passed. If both do not exist only then the C-level object is
+ # passed.
+ ssl_socket = ssl.owner
+ if not ssl_socket:
+ ssl_socket = ssl.get_socket_or_None()
+
+ if ssl_socket is None:
+ al[0] = lib.SSL_AD_INTERNAL_ERROR
+ return lib.SSL_TLSEXT_ERR_ALERT_FATAL
+
+ if servername == ffi.NULL:
+ try:
+ result = ssl_ctx.set_hostname(ssl_socket, None, ssl_ctx)
+ except:
+ # TODO
+ # PyErr_WriteUnraisable(ssl_ctx->set_hostname);
+ al[0] = lib.SSL_AD_HANDSHAKE_FAILURE
+ return lib.SSL_TLSEXT_ERR_ALERT_FATAL
else:
- w_servername = space.newbytes(rffi.charp2str(servername))
+ servername = ffi.string(servername)
+
try:
- w_servername_idna = space.call_method(
- w_servername, 'decode', space.wrap('idna'))
- except OperationError as e:
- e.write_unraisable(space, "undecodable server name")
- ad[0] = rffi.cast(rffi.INT, SSL_AD_INTERNAL_ERROR)
- return rffi.cast(rffi.INT, SSL_TLSEXT_ERR_ALERT_FATAL)
+ servername_idna = servername.decode("idna")
+ except UnicodeDecodeError:
+ raise # TODO?
+ # PyErr_WriteUnraisable(servername_o);
- w_result = space.call_function(w_callback,
- w_ssl_socket,
- w_servername_idna, w_ctx)
- except OperationError as e:
- e.write_unraisable(space, "in servername callback")
- ad[0] = rffi.cast(rffi.INT, SSL_AD_HANDSHAKE_FAILURE)
- return rffi.cast(rffi.INT, SSL_TLSEXT_ERR_ALERT_FATAL)
+ try:
+ result = ssl_ctx.set_hostname(ssl_socket, servername_idna, ssl_ctx)
+ except:
+ # TODO
+ # PyErr_WriteUnraisable(ssl_ctx->set_hostname);
+ al[0] = lib.SSL_AD_HANDSHAKE_FAILURE
+ return lib.SSL_TLSEXT_ERR_ALERT_FATAL
- if space.is_none(w_result):
- return rffi.cast(rffi.INT, SSL_TLSEXT_ERR_OK)
- else:
- try:
- ad[0] = rffi.cast(rffi.INT, space.int_w(w_result))
- except OperationError as e:
- e.write_unraisable(space, "servername callback result")
- ad[0] = rffi.cast(rffi.INT, SSL_AD_INTERNAL_ERROR)
- return rffi.cast(rffi.INT, SSL_TLSEXT_ERR_ALERT_FATAL)
-
+ if result is not None:
+ try:
+ al[0] = int(result)
+ except:
+ # PyErr_WriteUnraisable(result);
+ al[0] = lib.SSL_AD_INTERNAL_ERROR
+ return lib.SSL_TLSEXT_ERR_ALERT_FATAL
+ else:
+ # TODO gil state release?
+ return lib.SSL_TLSEXT_ERR_OK
class ServernameCallback(object):
ctx = None
SERVERNAME_CALLBACKS = weakref.WeakValueDictionary()
+TEST = None
def _asn1obj2py(obj):
nid = lib.OBJ_obj2nid(obj)
@@ -1216,7 +1240,7 @@
buf = ffi.new("char[255]")
length = lib.OBJ_obj2txt(buf, len(buf), obj, 1)
if length < 0:
- _setSSLError("todo")
+ ssl_error(None)
if length > 0:
return (nid, sn, ln, _str_with_len(buf, length))
else:
diff --git a/lib_pypy/openssl/_stdssl/errorcodes.py b/lib_pypy/openssl/_stdssl/errorcodes.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/openssl/_stdssl/errorcodes.py
@@ -0,0 +1,394 @@
+# File generated by tools/make_ssl_data.py
+# Generated on 2016-11-10T17:38:59.402032
+
+from _openssl import ffi, lib
+_lib_codes = []
+_lib_codes.append(("PEM", lib.ERR_LIB_PEM))
+_lib_codes.append(("SSL", lib.ERR_LIB_SSL))
+_lib_codes.append(("X509", lib.ERR_LIB_X509))
+_error_codes = []
+_error_codes.append(("BAD_BASE64_DECODE", lib.ERR_LIB_PEM, 100))
+_error_codes.append(("BAD_DECRYPT", lib.ERR_LIB_PEM, 101))
+_error_codes.append(("BAD_END_LINE", lib.ERR_LIB_PEM, 102))
+_error_codes.append(("BAD_IV_CHARS", lib.ERR_LIB_PEM, 103))
+_error_codes.append(("BAD_MAGIC_NUMBER", lib.ERR_LIB_PEM, 116))
+_error_codes.append(("BAD_PASSWORD_READ", lib.ERR_LIB_PEM, 104))
+_error_codes.append(("BAD_VERSION_NUMBER", lib.ERR_LIB_PEM, 117))
+_error_codes.append(("BIO_WRITE_FAILURE", lib.ERR_LIB_PEM, 118))
+_error_codes.append(("CIPHER_IS_NULL", lib.ERR_LIB_PEM, 127))
+_error_codes.append(("ERROR_CONVERTING_PRIVATE_KEY", lib.ERR_LIB_PEM, 115))
+_error_codes.append(("EXPECTING_PRIVATE_KEY_BLOB", lib.ERR_LIB_PEM, 119))
+_error_codes.append(("EXPECTING_PUBLIC_KEY_BLOB", lib.ERR_LIB_PEM, 120))
+_error_codes.append(("INCONSISTENT_HEADER", lib.ERR_LIB_PEM, 121))
+_error_codes.append(("KEYBLOB_HEADER_PARSE_ERROR", lib.ERR_LIB_PEM, 122))
+_error_codes.append(("KEYBLOB_TOO_SHORT", lib.ERR_LIB_PEM, 123))
+_error_codes.append(("NOT_DEK_INFO", lib.ERR_LIB_PEM, 105))
+_error_codes.append(("NOT_ENCRYPTED", lib.ERR_LIB_PEM, 106))
+_error_codes.append(("NOT_PROC_TYPE", lib.ERR_LIB_PEM, 107))
+_error_codes.append(("NO_START_LINE", lib.ERR_LIB_PEM, 108))
+_error_codes.append(("PROBLEMS_GETTING_PASSWORD", lib.ERR_LIB_PEM, 109))
+_error_codes.append(("PUBLIC_KEY_NO_RSA", lib.ERR_LIB_PEM, 110))
+_error_codes.append(("PVK_DATA_TOO_SHORT", lib.ERR_LIB_PEM, 124))
+_error_codes.append(("PVK_TOO_SHORT", lib.ERR_LIB_PEM, 125))
+_error_codes.append(("READ_KEY", lib.ERR_LIB_PEM, 111))
+_error_codes.append(("SHORT_HEADER", lib.ERR_LIB_PEM, 112))
+_error_codes.append(("UNSUPPORTED_ENCRYPTION", lib.ERR_LIB_PEM, 114))
+_error_codes.append(("UNSUPPORTED_KEY_COMPONENTS", lib.ERR_LIB_PEM, 126))
+_error_codes.append(("APP_DATA_IN_HANDSHAKE", lib.ERR_LIB_SSL, 100))
+_error_codes.append(("ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT", lib.ERR_LIB_SSL, 272))
+_error_codes.append(("BAD_ALERT_RECORD", lib.ERR_LIB_SSL, 101))
+_error_codes.append(("BAD_AUTHENTICATION_TYPE", lib.ERR_LIB_SSL, 102))
+_error_codes.append(("BAD_CHANGE_CIPHER_SPEC", lib.ERR_LIB_SSL, 103))
+_error_codes.append(("BAD_CHECKSUM", lib.ERR_LIB_SSL, 104))
+_error_codes.append(("BAD_DATA", lib.ERR_LIB_SSL, 390))
+_error_codes.append(("BAD_DATA_RETURNED_BY_CALLBACK", lib.ERR_LIB_SSL, 106))
+_error_codes.append(("BAD_DECOMPRESSION", lib.ERR_LIB_SSL, 107))
+_error_codes.append(("BAD_DH_G_LENGTH", lib.ERR_LIB_SSL, 108))
+_error_codes.append(("BAD_DH_PUB_KEY_LENGTH", lib.ERR_LIB_SSL, 109))
+_error_codes.append(("BAD_DH_P_LENGTH", lib.ERR_LIB_SSL, 110))
+_error_codes.append(("BAD_DIGEST_LENGTH", lib.ERR_LIB_SSL, 111))
+_error_codes.append(("BAD_DSA_SIGNATURE", lib.ERR_LIB_SSL, 112))
+_error_codes.append(("BAD_ECC_CERT", lib.ERR_LIB_SSL, 304))
+_error_codes.append(("BAD_ECDSA_SIGNATURE", lib.ERR_LIB_SSL, 305))
+_error_codes.append(("BAD_ECPOINT", lib.ERR_LIB_SSL, 306))
+_error_codes.append(("BAD_HANDSHAKE_LENGTH", lib.ERR_LIB_SSL, 332))
+_error_codes.append(("BAD_HELLO_REQUEST", lib.ERR_LIB_SSL, 105))
+_error_codes.append(("BAD_LENGTH", lib.ERR_LIB_SSL, 271))
+_error_codes.append(("BAD_MAC_DECODE", lib.ERR_LIB_SSL, 113))
+_error_codes.append(("BAD_MAC_LENGTH", lib.ERR_LIB_SSL, 333))
+_error_codes.append(("BAD_MESSAGE_TYPE", lib.ERR_LIB_SSL, 114))
+_error_codes.append(("BAD_PACKET_LENGTH", lib.ERR_LIB_SSL, 115))
+_error_codes.append(("BAD_PROTOCOL_VERSION_NUMBER", lib.ERR_LIB_SSL, 116))
+_error_codes.append(("BAD_PSK_IDENTITY_HINT_LENGTH", lib.ERR_LIB_SSL, 316))
+_error_codes.append(("BAD_RESPONSE_ARGUMENT", lib.ERR_LIB_SSL, 117))
+_error_codes.append(("BAD_RSA_DECRYPT", lib.ERR_LIB_SSL, 118))
+_error_codes.append(("BAD_RSA_ENCRYPT", lib.ERR_LIB_SSL, 119))
+_error_codes.append(("BAD_RSA_E_LENGTH", lib.ERR_LIB_SSL, 120))
+_error_codes.append(("BAD_RSA_MODULUS_LENGTH", lib.ERR_LIB_SSL, 121))
+_error_codes.append(("BAD_RSA_SIGNATURE", lib.ERR_LIB_SSL, 122))
+_error_codes.append(("BAD_SIGNATURE", lib.ERR_LIB_SSL, 123))
+_error_codes.append(("BAD_SRP_A_LENGTH", lib.ERR_LIB_SSL, 347))
+_error_codes.append(("BAD_SRP_B_LENGTH", lib.ERR_LIB_SSL, 348))
+_error_codes.append(("BAD_SRP_G_LENGTH", lib.ERR_LIB_SSL, 349))
+_error_codes.append(("BAD_SRP_N_LENGTH", lib.ERR_LIB_SSL, 350))
+_error_codes.append(("BAD_SRP_PARAMETERS", lib.ERR_LIB_SSL, 371))
+_error_codes.append(("BAD_SRP_S_LENGTH", lib.ERR_LIB_SSL, 351))
+_error_codes.append(("BAD_SRTP_MKI_VALUE", lib.ERR_LIB_SSL, 352))
+_error_codes.append(("BAD_SRTP_PROTECTION_PROFILE_LIST", lib.ERR_LIB_SSL, 353))
+_error_codes.append(("BAD_SSL_FILETYPE", lib.ERR_LIB_SSL, 124))
+_error_codes.append(("BAD_SSL_SESSION_ID_LENGTH", lib.ERR_LIB_SSL, 125))
+_error_codes.append(("BAD_STATE", lib.ERR_LIB_SSL, 126))
+_error_codes.append(("BAD_VALUE", lib.ERR_LIB_SSL, 384))
+_error_codes.append(("BAD_WRITE_RETRY", lib.ERR_LIB_SSL, 127))
+_error_codes.append(("BIO_NOT_SET", lib.ERR_LIB_SSL, 128))
+_error_codes.append(("BLOCK_CIPHER_PAD_IS_WRONG", lib.ERR_LIB_SSL, 129))
+_error_codes.append(("BN_LIB", lib.ERR_LIB_SSL, 130))
+_error_codes.append(("CA_DN_LENGTH_MISMATCH", lib.ERR_LIB_SSL, 131))
+_error_codes.append(("CA_DN_TOO_LONG", lib.ERR_LIB_SSL, 132))
+_error_codes.append(("CA_KEY_TOO_SMALL", lib.ERR_LIB_SSL, 397))
+_error_codes.append(("CA_MD_TOO_WEAK", lib.ERR_LIB_SSL, 398))
+_error_codes.append(("CCS_RECEIVED_EARLY", lib.ERR_LIB_SSL, 133))
+_error_codes.append(("CERTIFICATE_VERIFY_FAILED", lib.ERR_LIB_SSL, 134))
+_error_codes.append(("CERT_CB_ERROR", lib.ERR_LIB_SSL, 377))
+_error_codes.append(("CERT_LENGTH_MISMATCH", lib.ERR_LIB_SSL, 135))
+_error_codes.append(("CHALLENGE_IS_DIFFERENT", lib.ERR_LIB_SSL, 136))
+_error_codes.append(("CIPHER_CODE_WRONG_LENGTH", lib.ERR_LIB_SSL, 137))
+_error_codes.append(("CIPHER_OR_HASH_UNAVAILABLE", lib.ERR_LIB_SSL, 138))
+_error_codes.append(("CIPHER_TABLE_SRC_ERROR", lib.ERR_LIB_SSL, 139))
+_error_codes.append(("CLIENTHELLO_TLSEXT", lib.ERR_LIB_SSL, 226))
+_error_codes.append(("COMPRESSED_LENGTH_TOO_LONG", lib.ERR_LIB_SSL, 140))
+_error_codes.append(("COMPRESSION_DISABLED", lib.ERR_LIB_SSL, 343))
+_error_codes.append(("COMPRESSION_FAILURE", lib.ERR_LIB_SSL, 141))
+_error_codes.append(("COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE", lib.ERR_LIB_SSL, 307))
+_error_codes.append(("COMPRESSION_LIBRARY_ERROR", lib.ERR_LIB_SSL, 142))
+_error_codes.append(("CONNECTION_ID_IS_DIFFERENT", lib.ERR_LIB_SSL, 143))
+_error_codes.append(("CONNECTION_TYPE_NOT_SET", lib.ERR_LIB_SSL, 144))
+_error_codes.append(("COOKIE_MISMATCH", lib.ERR_LIB_SSL, 308))
+_error_codes.append(("DATA_BETWEEN_CCS_AND_FINISHED", lib.ERR_LIB_SSL, 145))
+_error_codes.append(("DATA_LENGTH_TOO_LONG", lib.ERR_LIB_SSL, 146))
+_error_codes.append(("DECRYPTION_FAILED", lib.ERR_LIB_SSL, 147))
+_error_codes.append(("DECRYPTION_FAILED_OR_BAD_RECORD_MAC", lib.ERR_LIB_SSL, 281))
+_error_codes.append(("DH_KEY_TOO_SMALL", lib.ERR_LIB_SSL, 372))
+_error_codes.append(("DH_PUBLIC_VALUE_LENGTH_IS_WRONG", lib.ERR_LIB_SSL, 148))
+_error_codes.append(("DIGEST_CHECK_FAILED", lib.ERR_LIB_SSL, 149))
+_error_codes.append(("DTLS_MESSAGE_TOO_BIG", lib.ERR_LIB_SSL, 334))
+_error_codes.append(("DUPLICATE_COMPRESSION_ID", lib.ERR_LIB_SSL, 309))
+_error_codes.append(("ECC_CERT_NOT_FOR_KEY_AGREEMENT", lib.ERR_LIB_SSL, 317))
+_error_codes.append(("ECC_CERT_NOT_FOR_SIGNING", lib.ERR_LIB_SSL, 318))
+_error_codes.append(("ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE", lib.ERR_LIB_SSL, 322))
+_error_codes.append(("ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE", lib.ERR_LIB_SSL, 323))
+_error_codes.append(("ECDH_REQUIRED_FOR_SUITEB_MODE", lib.ERR_LIB_SSL, 374))
+_error_codes.append(("ECGROUP_TOO_LARGE_FOR_CIPHER", lib.ERR_LIB_SSL, 310))
+_error_codes.append(("EE_KEY_TOO_SMALL", lib.ERR_LIB_SSL, 399))
+_error_codes.append(("EMPTY_SRTP_PROTECTION_PROFILE_LIST", lib.ERR_LIB_SSL, 354))
+_error_codes.append(("ENCRYPTED_LENGTH_TOO_LONG", lib.ERR_LIB_SSL, 150))
+_error_codes.append(("ERROR_GENERATING_TMP_RSA_KEY", lib.ERR_LIB_SSL, 282))
+_error_codes.append(("ERROR_IN_RECEIVED_CIPHER_LIST", lib.ERR_LIB_SSL, 151))
+_error_codes.append(("EXCESSIVE_MESSAGE_SIZE", lib.ERR_LIB_SSL, 152))
+_error_codes.append(("EXTRA_DATA_IN_MESSAGE", lib.ERR_LIB_SSL, 153))
+_error_codes.append(("GOT_A_FIN_BEFORE_A_CCS", lib.ERR_LIB_SSL, 154))
+_error_codes.append(("GOT_NEXT_PROTO_BEFORE_A_CCS", lib.ERR_LIB_SSL, 355))
+_error_codes.append(("GOT_NEXT_PROTO_WITHOUT_EXTENSION", lib.ERR_LIB_SSL, 356))
+_error_codes.append(("HTTPS_PROXY_REQUEST", lib.ERR_LIB_SSL, 155))
+_error_codes.append(("HTTP_REQUEST", lib.ERR_LIB_SSL, 156))
+_error_codes.append(("ILLEGAL_PADDING", lib.ERR_LIB_SSL, 283))
+_error_codes.append(("ILLEGAL_SUITEB_DIGEST", lib.ERR_LIB_SSL, 380))
+_error_codes.append(("INAPPROPRIATE_FALLBACK", lib.ERR_LIB_SSL, 373))
+_error_codes.append(("INCONSISTENT_COMPRESSION", lib.ERR_LIB_SSL, 340))
+_error_codes.append(("INVALID_CHALLENGE_LENGTH", lib.ERR_LIB_SSL, 158))
+_error_codes.append(("INVALID_COMMAND", lib.ERR_LIB_SSL, 280))
+_error_codes.append(("INVALID_COMPRESSION_ALGORITHM", lib.ERR_LIB_SSL, 341))
+_error_codes.append(("INVALID_NULL_CMD_NAME", lib.ERR_LIB_SSL, 385))
+_error_codes.append(("INVALID_PURPOSE", lib.ERR_LIB_SSL, 278))
+_error_codes.append(("INVALID_SERVERINFO_DATA", lib.ERR_LIB_SSL, 388))
+_error_codes.append(("INVALID_SRP_USERNAME", lib.ERR_LIB_SSL, 357))
+_error_codes.append(("INVALID_STATUS_RESPONSE", lib.ERR_LIB_SSL, 328))
+_error_codes.append(("INVALID_TICKET_KEYS_LENGTH", lib.ERR_LIB_SSL, 325))
+_error_codes.append(("KEY_ARG_TOO_LONG", lib.ERR_LIB_SSL, 284))
+_error_codes.append(("KRB5", lib.ERR_LIB_SSL, 285))
+_error_codes.append(("KRB5_C_CC_PRINC", lib.ERR_LIB_SSL, 286))
+_error_codes.append(("KRB5_C_GET_CRED", lib.ERR_LIB_SSL, 287))
+_error_codes.append(("KRB5_C_INIT", lib.ERR_LIB_SSL, 288))
+_error_codes.append(("KRB5_C_MK_REQ", lib.ERR_LIB_SSL, 289))
+_error_codes.append(("KRB5_S_BAD_TICKET", lib.ERR_LIB_SSL, 290))
+_error_codes.append(("KRB5_S_INIT", lib.ERR_LIB_SSL, 291))
+_error_codes.append(("KRB5_S_RD_REQ", lib.ERR_LIB_SSL, 292))
+_error_codes.append(("KRB5_S_TKT_EXPIRED", lib.ERR_LIB_SSL, 293))
+_error_codes.append(("KRB5_S_TKT_NYV", lib.ERR_LIB_SSL, 294))
+_error_codes.append(("KRB5_S_TKT_SKEW", lib.ERR_LIB_SSL, 295))
+_error_codes.append(("LENGTH_MISMATCH", lib.ERR_LIB_SSL, 159))
+_error_codes.append(("LENGTH_TOO_SHORT", lib.ERR_LIB_SSL, 160))
+_error_codes.append(("LIBRARY_BUG", lib.ERR_LIB_SSL, 274))
+_error_codes.append(("LIBRARY_HAS_NO_CIPHERS", lib.ERR_LIB_SSL, 161))
+_error_codes.append(("MESSAGE_TOO_LONG", lib.ERR_LIB_SSL, 296))
+_error_codes.append(("MISSING_DH_DSA_CERT", lib.ERR_LIB_SSL, 162))
+_error_codes.append(("MISSING_DH_KEY", lib.ERR_LIB_SSL, 163))
+_error_codes.append(("MISSING_DH_RSA_CERT", lib.ERR_LIB_SSL, 164))
+_error_codes.append(("MISSING_DSA_SIGNING_CERT", lib.ERR_LIB_SSL, 165))
+_error_codes.append(("MISSING_ECDH_CERT", lib.ERR_LIB_SSL, 382))
+_error_codes.append(("MISSING_ECDSA_SIGNING_CERT", lib.ERR_LIB_SSL, 381))
+_error_codes.append(("MISSING_EXPORT_TMP_DH_KEY", lib.ERR_LIB_SSL, 166))
+_error_codes.append(("MISSING_EXPORT_TMP_RSA_KEY", lib.ERR_LIB_SSL, 167))
+_error_codes.append(("MISSING_RSA_CERTIFICATE", lib.ERR_LIB_SSL, 168))
+_error_codes.append(("MISSING_RSA_ENCRYPTING_CERT", lib.ERR_LIB_SSL, 169))
+_error_codes.append(("MISSING_RSA_SIGNING_CERT", lib.ERR_LIB_SSL, 170))
+_error_codes.append(("MISSING_SRP_PARAM", lib.ERR_LIB_SSL, 358))
+_error_codes.append(("MISSING_TMP_DH_KEY", lib.ERR_LIB_SSL, 171))
+_error_codes.append(("MISSING_TMP_ECDH_KEY", lib.ERR_LIB_SSL, 311))
+_error_codes.append(("MISSING_TMP_RSA_KEY", lib.ERR_LIB_SSL, 172))
+_error_codes.append(("MISSING_TMP_RSA_PKEY", lib.ERR_LIB_SSL, 173))
+_error_codes.append(("MISSING_VERIFY_MESSAGE", lib.ERR_LIB_SSL, 174))
+_error_codes.append(("MULTIPLE_SGC_RESTARTS", lib.ERR_LIB_SSL, 346))
+_error_codes.append(("NON_SSLV2_INITIAL_PACKET", lib.ERR_LIB_SSL, 175))
+_error_codes.append(("NO_CERTIFICATES_RETURNED", lib.ERR_LIB_SSL, 176))
+_error_codes.append(("NO_CERTIFICATE_ASSIGNED", lib.ERR_LIB_SSL, 177))
+_error_codes.append(("NO_CERTIFICATE_RETURNED", lib.ERR_LIB_SSL, 178))
+_error_codes.append(("NO_CERTIFICATE_SET", lib.ERR_LIB_SSL, 179))
+_error_codes.append(("NO_CERTIFICATE_SPECIFIED", lib.ERR_LIB_SSL, 180))
+_error_codes.append(("NO_CIPHERS_AVAILABLE", lib.ERR_LIB_SSL, 181))
+_error_codes.append(("NO_CIPHERS_PASSED", lib.ERR_LIB_SSL, 182))
+_error_codes.append(("NO_CIPHERS_SPECIFIED", lib.ERR_LIB_SSL, 183))
+_error_codes.append(("NO_CIPHER_LIST", lib.ERR_LIB_SSL, 184))
+_error_codes.append(("NO_CIPHER_MATCH", lib.ERR_LIB_SSL, 185))
+_error_codes.append(("NO_CLIENT_CERT_METHOD", lib.ERR_LIB_SSL, 331))
+_error_codes.append(("NO_CLIENT_CERT_RECEIVED", lib.ERR_LIB_SSL, 186))
+_error_codes.append(("NO_COMPRESSION_SPECIFIED", lib.ERR_LIB_SSL, 187))
+_error_codes.append(("NO_GOST_CERTIFICATE_SENT_BY_PEER", lib.ERR_LIB_SSL, 330))
+_error_codes.append(("NO_METHOD_SPECIFIED", lib.ERR_LIB_SSL, 188))
+_error_codes.append(("NO_PEM_EXTENSIONS", lib.ERR_LIB_SSL, 389))
+_error_codes.append(("NO_PRIVATEKEY", lib.ERR_LIB_SSL, 189))
+_error_codes.append(("NO_PRIVATE_KEY_ASSIGNED", lib.ERR_LIB_SSL, 190))
+_error_codes.append(("NO_PROTOCOLS_AVAILABLE", lib.ERR_LIB_SSL, 191))
+_error_codes.append(("NO_PUBLICKEY", lib.ERR_LIB_SSL, 192))
+_error_codes.append(("NO_RENEGOTIATION", lib.ERR_LIB_SSL, 339))
+_error_codes.append(("NO_REQUIRED_DIGEST", lib.ERR_LIB_SSL, 324))
+_error_codes.append(("NO_SHARED_CIPHER", lib.ERR_LIB_SSL, 193))
+_error_codes.append(("NO_SHARED_SIGATURE_ALGORITHMS", lib.ERR_LIB_SSL, 376))
+_error_codes.append(("NO_SRTP_PROFILES", lib.ERR_LIB_SSL, 359))
+_error_codes.append(("NO_VERIFY_CALLBACK", lib.ERR_LIB_SSL, 194))
+_error_codes.append(("NULL_SSL_CTX", lib.ERR_LIB_SSL, 195))
+_error_codes.append(("NULL_SSL_METHOD_PASSED", lib.ERR_LIB_SSL, 196))
+_error_codes.append(("OLD_SESSION_CIPHER_NOT_RETURNED", lib.ERR_LIB_SSL, 197))
+_error_codes.append(("OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED", lib.ERR_LIB_SSL, 344))
+_error_codes.append(("ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE", lib.ERR_LIB_SSL, 387))
+_error_codes.append(("ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE", lib.ERR_LIB_SSL, 379))
+_error_codes.append(("ONLY_TLS_ALLOWED_IN_FIPS_MODE", lib.ERR_LIB_SSL, 297))
+_error_codes.append(("OPAQUE_PRF_INPUT_TOO_LONG", lib.ERR_LIB_SSL, 327))
+_error_codes.append(("PACKET_LENGTH_TOO_LONG", lib.ERR_LIB_SSL, 198))
+_error_codes.append(("PARSE_TLSEXT", lib.ERR_LIB_SSL, 227))
+_error_codes.append(("PATH_TOO_LONG", lib.ERR_LIB_SSL, 270))
+_error_codes.append(("PEER_DID_NOT_RETURN_A_CERTIFICATE", lib.ERR_LIB_SSL, 199))
+_error_codes.append(("PEER_ERROR", lib.ERR_LIB_SSL, 200))
+_error_codes.append(("PEER_ERROR_CERTIFICATE", lib.ERR_LIB_SSL, 201))
+_error_codes.append(("PEER_ERROR_NO_CERTIFICATE", lib.ERR_LIB_SSL, 202))
+_error_codes.append(("PEER_ERROR_NO_CIPHER", lib.ERR_LIB_SSL, 203))
+_error_codes.append(("PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE", lib.ERR_LIB_SSL, 204))
+_error_codes.append(("PEM_NAME_BAD_PREFIX", lib.ERR_LIB_SSL, 391))
+_error_codes.append(("PEM_NAME_TOO_SHORT", lib.ERR_LIB_SSL, 392))
+_error_codes.append(("PRE_MAC_LENGTH_TOO_LONG", lib.ERR_LIB_SSL, 205))
+_error_codes.append(("PROBLEMS_MAPPING_CIPHER_FUNCTIONS", lib.ERR_LIB_SSL, 206))
+_error_codes.append(("PROTOCOL_IS_SHUTDOWN", lib.ERR_LIB_SSL, 207))
+_error_codes.append(("PSK_IDENTITY_NOT_FOUND", lib.ERR_LIB_SSL, 223))
+_error_codes.append(("PSK_NO_CLIENT_CB", lib.ERR_LIB_SSL, 224))
+_error_codes.append(("PSK_NO_SERVER_CB", lib.ERR_LIB_SSL, 225))
+_error_codes.append(("PUBLIC_KEY_ENCRYPT_ERROR", lib.ERR_LIB_SSL, 208))
+_error_codes.append(("PUBLIC_KEY_IS_NOT_RSA", lib.ERR_LIB_SSL, 209))
+_error_codes.append(("PUBLIC_KEY_NOT_RSA", lib.ERR_LIB_SSL, 210))
+_error_codes.append(("READ_BIO_NOT_SET", lib.ERR_LIB_SSL, 211))
+_error_codes.append(("READ_TIMEOUT_EXPIRED", lib.ERR_LIB_SSL, 312))
+_error_codes.append(("READ_WRONG_PACKET_TYPE", lib.ERR_LIB_SSL, 212))
+_error_codes.append(("RECORD_LENGTH_MISMATCH", lib.ERR_LIB_SSL, 213))
+_error_codes.append(("RECORD_TOO_LARGE", lib.ERR_LIB_SSL, 214))
+_error_codes.append(("RECORD_TOO_SMALL", lib.ERR_LIB_SSL, 298))
+_error_codes.append(("RENEGOTIATE_EXT_TOO_LONG", lib.ERR_LIB_SSL, 335))
+_error_codes.append(("RENEGOTIATION_ENCODING_ERR", lib.ERR_LIB_SSL, 336))
+_error_codes.append(("RENEGOTIATION_MISMATCH", lib.ERR_LIB_SSL, 337))
+_error_codes.append(("REQUIRED_CIPHER_MISSING", lib.ERR_LIB_SSL, 215))
+_error_codes.append(("REQUIRED_COMPRESSSION_ALGORITHM_MISSING", lib.ERR_LIB_SSL, 342))
+_error_codes.append(("REUSE_CERT_LENGTH_NOT_ZERO", lib.ERR_LIB_SSL, 216))
+_error_codes.append(("REUSE_CERT_TYPE_NOT_ZERO", lib.ERR_LIB_SSL, 217))
+_error_codes.append(("REUSE_CIPHER_LIST_NOT_ZERO", lib.ERR_LIB_SSL, 218))
+_error_codes.append(("SCSV_RECEIVED_WHEN_RENEGOTIATING", lib.ERR_LIB_SSL, 345))
+_error_codes.append(("SERVERHELLO_TLSEXT", lib.ERR_LIB_SSL, 275))
+_error_codes.append(("SESSION_ID_CONTEXT_UNINITIALIZED", lib.ERR_LIB_SSL, 277))
+_error_codes.append(("SHORT_READ", lib.ERR_LIB_SSL, 219))
+_error_codes.append(("SIGNATURE_ALGORITHMS_ERROR", lib.ERR_LIB_SSL, 360))
+_error_codes.append(("SIGNATURE_FOR_NON_SIGNING_CERTIFICATE", lib.ERR_LIB_SSL, 220))
+_error_codes.append(("SRP_A_CALC", lib.ERR_LIB_SSL, 361))
+_error_codes.append(("SRTP_COULD_NOT_ALLOCATE_PROFILES", lib.ERR_LIB_SSL, 362))
+_error_codes.append(("SRTP_PROTECTION_PROFILE_LIST_TOO_LONG", lib.ERR_LIB_SSL, 363))
+_error_codes.append(("SRTP_UNKNOWN_PROTECTION_PROFILE", lib.ERR_LIB_SSL, 364))
+_error_codes.append(("SSL23_DOING_SESSION_ID_REUSE", lib.ERR_LIB_SSL, 221))
+_error_codes.append(("SSL2_CONNECTION_ID_TOO_LONG", lib.ERR_LIB_SSL, 299))
+_error_codes.append(("SSL3_EXT_INVALID_ECPOINTFORMAT", lib.ERR_LIB_SSL, 321))
+_error_codes.append(("SSL3_EXT_INVALID_SERVERNAME", lib.ERR_LIB_SSL, 319))
+_error_codes.append(("SSL3_EXT_INVALID_SERVERNAME_TYPE", lib.ERR_LIB_SSL, 320))
+_error_codes.append(("SSL3_SESSION_ID_TOO_LONG", lib.ERR_LIB_SSL, 300))
+_error_codes.append(("SSL3_SESSION_ID_TOO_SHORT", lib.ERR_LIB_SSL, 222))
+_error_codes.append(("SSLV3_ALERT_BAD_CERTIFICATE", lib.ERR_LIB_SSL, 1042))
+_error_codes.append(("SSLV3_ALERT_BAD_RECORD_MAC", lib.ERR_LIB_SSL, 1020))
+_error_codes.append(("SSLV3_ALERT_CERTIFICATE_EXPIRED", lib.ERR_LIB_SSL, 1045))
+_error_codes.append(("SSLV3_ALERT_CERTIFICATE_REVOKED", lib.ERR_LIB_SSL, 1044))
+_error_codes.append(("SSLV3_ALERT_CERTIFICATE_UNKNOWN", lib.ERR_LIB_SSL, 1046))
+_error_codes.append(("SSLV3_ALERT_DECOMPRESSION_FAILURE", lib.ERR_LIB_SSL, 1030))
+_error_codes.append(("SSLV3_ALERT_HANDSHAKE_FAILURE", lib.ERR_LIB_SSL, 1040))
+_error_codes.append(("SSLV3_ALERT_ILLEGAL_PARAMETER", lib.ERR_LIB_SSL, 1047))
+_error_codes.append(("SSLV3_ALERT_NO_CERTIFICATE", lib.ERR_LIB_SSL, 1041))
+_error_codes.append(("SSLV3_ALERT_UNEXPECTED_MESSAGE", lib.ERR_LIB_SSL, 1010))
+_error_codes.append(("SSLV3_ALERT_UNSUPPORTED_CERTIFICATE", lib.ERR_LIB_SSL, 1043))
+_error_codes.append(("SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION", lib.ERR_LIB_SSL, 228))
+_error_codes.append(("SSL_HANDSHAKE_FAILURE", lib.ERR_LIB_SSL, 229))
+_error_codes.append(("SSL_LIBRARY_HAS_NO_CIPHERS", lib.ERR_LIB_SSL, 230))
+_error_codes.append(("SSL_NEGATIVE_LENGTH", lib.ERR_LIB_SSL, 372))
+_error_codes.append(("SSL_SESSION_ID_CALLBACK_FAILED", lib.ERR_LIB_SSL, 301))
+_error_codes.append(("SSL_SESSION_ID_CONFLICT", lib.ERR_LIB_SSL, 302))
+_error_codes.append(("SSL_SESSION_ID_CONTEXT_TOO_LONG", lib.ERR_LIB_SSL, 273))
+_error_codes.append(("SSL_SESSION_ID_HAS_BAD_LENGTH", lib.ERR_LIB_SSL, 303))
+_error_codes.append(("SSL_SESSION_ID_IS_DIFFERENT", lib.ERR_LIB_SSL, 231))
+_error_codes.append(("TLSV1_ALERT_ACCESS_DENIED", lib.ERR_LIB_SSL, 1049))
+_error_codes.append(("TLSV1_ALERT_DECODE_ERROR", lib.ERR_LIB_SSL, 1050))
+_error_codes.append(("TLSV1_ALERT_DECRYPTION_FAILED", lib.ERR_LIB_SSL, 1021))
+_error_codes.append(("TLSV1_ALERT_DECRYPT_ERROR", lib.ERR_LIB_SSL, 1051))
+_error_codes.append(("TLSV1_ALERT_EXPORT_RESTRICTION", lib.ERR_LIB_SSL, 1060))
+_error_codes.append(("TLSV1_ALERT_INAPPROPRIATE_FALLBACK", lib.ERR_LIB_SSL, 1086))
+_error_codes.append(("TLSV1_ALERT_INSUFFICIENT_SECURITY", lib.ERR_LIB_SSL, 1071))
+_error_codes.append(("TLSV1_ALERT_INTERNAL_ERROR", lib.ERR_LIB_SSL, 1080))
+_error_codes.append(("TLSV1_ALERT_NO_RENEGOTIATION", lib.ERR_LIB_SSL, 1100))
+_error_codes.append(("TLSV1_ALERT_PROTOCOL_VERSION", lib.ERR_LIB_SSL, 1070))
+_error_codes.append(("TLSV1_ALERT_RECORD_OVERFLOW", lib.ERR_LIB_SSL, 1022))
+_error_codes.append(("TLSV1_ALERT_UNKNOWN_CA", lib.ERR_LIB_SSL, 1048))
+_error_codes.append(("TLSV1_ALERT_USER_CANCELLED", lib.ERR_LIB_SSL, 1090))
+_error_codes.append(("TLSV1_BAD_CERTIFICATE_HASH_VALUE", lib.ERR_LIB_SSL, 1114))
+_error_codes.append(("TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE", lib.ERR_LIB_SSL, 1113))
+_error_codes.append(("TLSV1_CERTIFICATE_UNOBTAINABLE", lib.ERR_LIB_SSL, 1111))
+_error_codes.append(("TLSV1_UNRECOGNIZED_NAME", lib.ERR_LIB_SSL, 1112))
+_error_codes.append(("TLSV1_UNSUPPORTED_EXTENSION", lib.ERR_LIB_SSL, 1110))
+_error_codes.append(("TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER", lib.ERR_LIB_SSL, 232))
+_error_codes.append(("TLS_HEARTBEAT_PEER_DOESNT_ACCEPT", lib.ERR_LIB_SSL, 365))
+_error_codes.append(("TLS_HEARTBEAT_PENDING", lib.ERR_LIB_SSL, 366))
+_error_codes.append(("TLS_ILLEGAL_EXPORTER_LABEL", lib.ERR_LIB_SSL, 367))
+_error_codes.append(("TLS_INVALID_ECPOINTFORMAT_LIST", lib.ERR_LIB_SSL, 157))
+_error_codes.append(("TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST", lib.ERR_LIB_SSL, 233))
+_error_codes.append(("TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG", lib.ERR_LIB_SSL, 234))
+_error_codes.append(("TRIED_TO_USE_UNSUPPORTED_CIPHER", lib.ERR_LIB_SSL, 235))
+_error_codes.append(("UNABLE_TO_DECODE_DH_CERTS", lib.ERR_LIB_SSL, 236))
+_error_codes.append(("UNABLE_TO_DECODE_ECDH_CERTS", lib.ERR_LIB_SSL, 313))
+_error_codes.append(("UNABLE_TO_EXTRACT_PUBLIC_KEY", lib.ERR_LIB_SSL, 237))
+_error_codes.append(("UNABLE_TO_FIND_DH_PARAMETERS", lib.ERR_LIB_SSL, 238))
+_error_codes.append(("UNABLE_TO_FIND_ECDH_PARAMETERS", lib.ERR_LIB_SSL, 314))
+_error_codes.append(("UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS", lib.ERR_LIB_SSL, 239))
+_error_codes.append(("UNABLE_TO_FIND_SSL_METHOD", lib.ERR_LIB_SSL, 240))
+_error_codes.append(("UNABLE_TO_LOAD_SSL2_MD5_ROUTINES", lib.ERR_LIB_SSL, 241))
+_error_codes.append(("UNABLE_TO_LOAD_SSL3_MD5_ROUTINES", lib.ERR_LIB_SSL, 242))
+_error_codes.append(("UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES", lib.ERR_LIB_SSL, 243))
+_error_codes.append(("UNEXPECTED_MESSAGE", lib.ERR_LIB_SSL, 244))
+_error_codes.append(("UNEXPECTED_RECORD", lib.ERR_LIB_SSL, 245))
+_error_codes.append(("UNINITIALIZED", lib.ERR_LIB_SSL, 276))
+_error_codes.append(("UNKNOWN_ALERT_TYPE", lib.ERR_LIB_SSL, 246))
+_error_codes.append(("UNKNOWN_CERTIFICATE_TYPE", lib.ERR_LIB_SSL, 247))
+_error_codes.append(("UNKNOWN_CIPHER_RETURNED", lib.ERR_LIB_SSL, 248))
+_error_codes.append(("UNKNOWN_CIPHER_TYPE", lib.ERR_LIB_SSL, 249))
+_error_codes.append(("UNKNOWN_CMD_NAME", lib.ERR_LIB_SSL, 386))
+_error_codes.append(("UNKNOWN_DIGEST", lib.ERR_LIB_SSL, 368))
+_error_codes.append(("UNKNOWN_KEY_EXCHANGE_TYPE", lib.ERR_LIB_SSL, 250))
+_error_codes.append(("UNKNOWN_PKEY_TYPE", lib.ERR_LIB_SSL, 251))
+_error_codes.append(("UNKNOWN_PROTOCOL", lib.ERR_LIB_SSL, 252))
+_error_codes.append(("UNKNOWN_REMOTE_ERROR_TYPE", lib.ERR_LIB_SSL, 253))
+_error_codes.append(("UNKNOWN_SSL_VERSION", lib.ERR_LIB_SSL, 254))
+_error_codes.append(("UNKNOWN_STATE", lib.ERR_LIB_SSL, 255))
+_error_codes.append(("UNSAFE_LEGACY_RENEGOTIATION_DISABLED", lib.ERR_LIB_SSL, 338))
+_error_codes.append(("UNSUPPORTED_CIPHER", lib.ERR_LIB_SSL, 256))
+_error_codes.append(("UNSUPPORTED_COMPRESSION_ALGORITHM", lib.ERR_LIB_SSL, 257))
+_error_codes.append(("UNSUPPORTED_DIGEST_TYPE", lib.ERR_LIB_SSL, 326))
+_error_codes.append(("UNSUPPORTED_ELLIPTIC_CURVE", lib.ERR_LIB_SSL, 315))
+_error_codes.append(("UNSUPPORTED_PROTOCOL", lib.ERR_LIB_SSL, 258))
+_error_codes.append(("UNSUPPORTED_SSL_VERSION", lib.ERR_LIB_SSL, 259))
+_error_codes.append(("UNSUPPORTED_STATUS_TYPE", lib.ERR_LIB_SSL, 329))
+_error_codes.append(("USE_SRTP_NOT_NEGOTIATED", lib.ERR_LIB_SSL, 369))
+_error_codes.append(("VERSION_TOO_LOW", lib.ERR_LIB_SSL, 396))
+_error_codes.append(("WRITE_BIO_NOT_SET", lib.ERR_LIB_SSL, 260))
+_error_codes.append(("WRONG_CERTIFICATE_TYPE", lib.ERR_LIB_SSL, 383))
+_error_codes.append(("WRONG_CIPHER_RETURNED", lib.ERR_LIB_SSL, 261))
+_error_codes.append(("WRONG_CURVE", lib.ERR_LIB_SSL, 378))
+_error_codes.append(("WRONG_MESSAGE_TYPE", lib.ERR_LIB_SSL, 262))
+_error_codes.append(("WRONG_NUMBER_OF_KEY_BITS", lib.ERR_LIB_SSL, 263))
+_error_codes.append(("WRONG_SIGNATURE_LENGTH", lib.ERR_LIB_SSL, 264))
+_error_codes.append(("WRONG_SIGNATURE_SIZE", lib.ERR_LIB_SSL, 265))
+_error_codes.append(("WRONG_SIGNATURE_TYPE", lib.ERR_LIB_SSL, 370))
+_error_codes.append(("WRONG_SSL_VERSION", lib.ERR_LIB_SSL, 266))
+_error_codes.append(("WRONG_VERSION_NUMBER", lib.ERR_LIB_SSL, 267))
+_error_codes.append(("X509_LIB", lib.ERR_LIB_SSL, 268))
+_error_codes.append(("X509_VERIFICATION_SETUP_PROBLEMS", lib.ERR_LIB_SSL, 269))
+_error_codes.append(("AKID_MISMATCH", lib.ERR_LIB_X509, 110))
+_error_codes.append(("BAD_X509_FILETYPE", lib.ERR_LIB_X509, 100))
+_error_codes.append(("BASE64_DECODE_ERROR", lib.ERR_LIB_X509, 118))
+_error_codes.append(("CANT_CHECK_DH_KEY", lib.ERR_LIB_X509, 114))
+_error_codes.append(("CERT_ALREADY_IN_HASH_TABLE", lib.ERR_LIB_X509, 101))
+_error_codes.append(("CRL_ALREADY_DELTA", lib.ERR_LIB_X509, 127))
+_error_codes.append(("CRL_VERIFY_FAILURE", lib.ERR_LIB_X509, 131))
+_error_codes.append(("ERR_ASN1_LIB", lib.ERR_LIB_X509, 102))
+_error_codes.append(("IDP_MISMATCH", lib.ERR_LIB_X509, 128))
+_error_codes.append(("INVALID_DIRECTORY", lib.ERR_LIB_X509, 113))
+_error_codes.append(("INVALID_FIELD_NAME", lib.ERR_LIB_X509, 119))
+_error_codes.append(("INVALID_TRUST", lib.ERR_LIB_X509, 123))
+_error_codes.append(("ISSUER_MISMATCH", lib.ERR_LIB_X509, 129))
+_error_codes.append(("KEY_TYPE_MISMATCH", lib.ERR_LIB_X509, 115))
+_error_codes.append(("KEY_VALUES_MISMATCH", lib.ERR_LIB_X509, 116))
+_error_codes.append(("LOADING_CERT_DIR", lib.ERR_LIB_X509, 103))
+_error_codes.append(("LOADING_DEFAULTS", lib.ERR_LIB_X509, 104))
+_error_codes.append(("METHOD_NOT_SUPPORTED", lib.ERR_LIB_X509, 124))
+_error_codes.append(("NEWER_CRL_NOT_NEWER", lib.ERR_LIB_X509, 132))
+_error_codes.append(("NO_CERT_SET_FOR_US_TO_VERIFY", lib.ERR_LIB_X509, 105))
+_error_codes.append(("NO_CRL_NUMBER", lib.ERR_LIB_X509, 130))
+_error_codes.append(("PUBLIC_KEY_DECODE_ERROR", lib.ERR_LIB_X509, 125))
+_error_codes.append(("PUBLIC_KEY_ENCODE_ERROR", lib.ERR_LIB_X509, 126))
+_error_codes.append(("SHOULD_RETRY", lib.ERR_LIB_X509, 106))
+_error_codes.append(("UNABLE_TO_FIND_PARAMETERS_IN_CHAIN", lib.ERR_LIB_X509, 107))
+_error_codes.append(("UNABLE_TO_GET_CERTS_PUBLIC_KEY", lib.ERR_LIB_X509, 108))
+_error_codes.append(("UNKNOWN_KEY_TYPE", lib.ERR_LIB_X509, 117))
+_error_codes.append(("UNKNOWN_NID", lib.ERR_LIB_X509, 109))
+_error_codes.append(("UNKNOWN_PURPOSE_ID", lib.ERR_LIB_X509, 121))
+_error_codes.append(("UNKNOWN_TRUST_ID", lib.ERR_LIB_X509, 120))
+_error_codes.append(("UNSUPPORTED_ALGORITHM", lib.ERR_LIB_X509, 111))
+_error_codes.append(("WRONG_LOOKUP_TYPE", lib.ERR_LIB_X509, 112))
+_error_codes.append(("WRONG_TYPE", lib.ERR_LIB_X509, 122))
diff --git a/lib_pypy/openssl/tools/make_ssl_data.py b/lib_pypy/openssl/tools/make_ssl_data.py
new file mode 100755
--- /dev/null
+++ b/lib_pypy/openssl/tools/make_ssl_data.py
@@ -0,0 +1,82 @@
+#! /usr/bin/env python3
+
+"""
+This script should be called *manually* when we want to upgrade SSLError
+`library` and `reason` mnemnonics to a more recent OpenSSL version.
+
+It takes two arguments:
+- the path to the OpenSSL source tree (e.g. git checkout)
+- the path to the C file to be generated
+ (probably Modules/_ssl_data.h)
+"""
+
+import datetime
+import os
+import re
+import sys
+import _ssl
+
+
+def parse_error_codes(h_file, prefix, libcode):
+ pat = re.compile(r"#define\W+(%s([\w]+))\W+(\d+)\b" % re.escape(prefix))
+ codes = []
+ with open(h_file, "r", encoding="latin1") as f:
+ for line in f:
+ match = pat.search(line)
+ if match:
+ code, name, num = match.groups()
+ num = int(num)
+ # e.g. ("SSL_R_BAD_DATA", ("ERR_LIB_SSL", "BAD_DATA", 390))
+ codes.append((code, (libcode, name, num)))
+ return codes
+
+if __name__ == "__main__":
+ openssl_inc = sys.argv[1]
+ outfile = sys.argv[2]
+ use_stdout = outfile == '-'
+ f = sys.stdout if use_stdout else open(outfile, "w")
+ error_libraries = {
+ # mnemonic -> (library code, error prefix, header file)
+ 'PEM': ('ERR_LIB_PEM', 'PEM_R_', 'include/openssl/pem.h'),
+ 'SSL': ('ERR_LIB_SSL', 'SSL_R_', 'include/openssl/ssl.h'),
+ 'X509': ('ERR_LIB_X509', 'X509_R_', 'include/openssl/x509.h'),
+ }
+
+ # Read codes from libraries
+ new_codes = []
+ for libcode, prefix, h_file in sorted(error_libraries.values()):
+ new_codes += parse_error_codes(os.path.join(openssl_inc, h_file),
+ prefix, libcode)
+ new_code_nums = set((libcode, num)
+ for (code, (libcode, name, num)) in new_codes)
+
+ # Merge with existing codes (in case some old codes disappeared).
+ codes = {}
+ for errname, (libnum, errnum) in _ssl.err_names_to_codes.items():
+ lib = error_libraries[_ssl.lib_codes_to_names[libnum]]
+ libcode = lib[0] # e.g. ERR_LIB_PEM
+ errcode = lib[1] + errname # e.g. SSL_R_BAD_SSL_SESSION_ID_LENGTH
+ # Only keep it if the numeric codes weren't reused
+ if (libcode, errnum) not in new_code_nums:
+ codes[errcode] = libcode, errname, errnum
+ codes.update(dict(new_codes))
+
+ def w(l):
+ f.write(l + "\n")
+ w("# File generated by tools/make_ssl_data.py")
+ w("# Generated on %s" % datetime.datetime.now().isoformat())
+ w("")
+ w("from _openssl import ffi, lib ")
+
+ w("_lib_codes = []")
+ for mnemo, (libcode, _, _) in sorted(error_libraries.items()):
+ w('_lib_codes.append(("%s", lib.%s))' % (mnemo, libcode))
+
+ w("_error_codes = []")
+ for errcode, (libcode, name, num) in sorted(codes.items()):
+ #w('if lib.%s:' % (errcode))
+ #w(' _error_codes.append(("%s", lib.%s, lib.%s))' % (name, libcode, errcode))
+ #w('else:')
+ w('_error_codes.append(("%s", lib.%s, %d))' % (name, libcode, num))
+ if not use_stdout:
+ f.close()
More information about the pypy-commit
mailing list