Updating openSSL libs to v1.0.2l-dev

* dtls/openssl.py: Added mtu-functions SSL_set_mtu() and DTLS_set_link_mtu()
* dtls/prebuilt/win32-*: Updated libs for x86 and x86_64 to version 1.0.2l-dev
* dtls/sslconnection.py: mtu size set hardcoded to 1500 - otherwise the windows implementation has problems
incoming
mcfreis 2017-03-20 14:36:33 +01:00
parent 70e78b97cb
commit 8b07f3f46d
7 changed files with 59 additions and 35 deletions

View File

@ -1,3 +1,11 @@
2017-03-17 Björn Freise <mcfreis@gmx.net>
Updating openSSL libs to v1.0.2l-dev
* dtls/openssl.py: Added mtu-functions SSL_set_mtu() and DTLS_set_link_mtu()
* dtls/prebuilt/win32-*: Updated libs for x86 and x86_64 to version 1.0.2l-dev
* dtls/sslconnection.py: mtu size set hardcoded to 1500 - otherwise the windows implementation has problems
2017-03-17 Björn Freise <mcfreis@gmx.net> 2017-03-17 Björn Freise <mcfreis@gmx.net>
Added interface for SSL_CTX_set_info_callback() Added interface for SSL_CTX_set_info_callback()

View File

@ -77,18 +77,19 @@ else:
libcrypto = CDLL("libcrypto.so.1.0.0") libcrypto = CDLL("libcrypto.so.1.0.0")
libssl = CDLL("libssl.so.1.0.0") libssl = CDLL("libssl.so.1.0.0")
# #
# Integer constants - exported # Integer constants - exported
# #
BIO_NOCLOSE = 0x00 BIO_NOCLOSE = 0x00
BIO_CLOSE = 0x01 BIO_CLOSE = 0x01
SSLEAY_VERSION = 0 SSLEAY_VERSION = 0
SSL_OP_NO_COMPRESSION = 0x00020000 SSL_OP_NO_QUERY_MTU = 0x00001000
SSL_VERIFY_NONE = 0x00 SSL_OP_NO_COMPRESSION = 0x00020000
SSL_VERIFY_PEER = 0x01 SSL_VERIFY_NONE = 0x00
SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02 SSL_VERIFY_PEER = 0x01
SSL_VERIFY_CLIENT_ONCE = 0x04 SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02
SSL_SESS_CACHE_OFF = 0x0000 SSL_VERIFY_CLIENT_ONCE = 0x04
SSL_SESS_CACHE_OFF = 0x0000
SSL_SESS_CACHE_CLIENT = 0x0001 SSL_SESS_CACHE_CLIENT = 0x0001
SSL_SESS_CACHE_SERVER = 0x0002 SSL_SESS_CACHE_SERVER = 0x0002
SSL_SESS_CACHE_BOTH = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER SSL_SESS_CACHE_BOTH = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER
@ -130,6 +131,7 @@ SSL_CB_HANDSHAKE_DONE = 0x20
# #
# Integer constants - internal # Integer constants - internal
# #
SSL_CTRL_SET_MTU = 17
SSL_CTRL_OPTIONS = 32 SSL_CTRL_OPTIONS = 32
SSL_CTRL_SET_READ_AHEAD = 41 SSL_CTRL_SET_READ_AHEAD = 41
SSL_CTRL_SET_SESS_CACHE_MODE = 44 SSL_CTRL_SET_SESS_CACHE_MODE = 44
@ -144,6 +146,7 @@ BIO_C_SET_NBIO = 102
DTLS_CTRL_GET_TIMEOUT = 73 DTLS_CTRL_GET_TIMEOUT = 73
DTLS_CTRL_HANDLE_TIMEOUT = 74 DTLS_CTRL_HANDLE_TIMEOUT = 74
DTLS_CTRL_LISTEN = 75 DTLS_CTRL_LISTEN = 75
DTLS_CTRL_SET_LINK_MTU = 120
X509_NAME_MAXLEN = 256 X509_NAME_MAXLEN = 256
GETS_MAXLEN = 2048 GETS_MAXLEN = 2048
@ -504,7 +507,7 @@ __all__ = [
# Constants # Constants
"BIO_NOCLOSE", "BIO_CLOSE", "BIO_NOCLOSE", "BIO_CLOSE",
"SSLEAY_VERSION", "SSLEAY_VERSION",
"SSL_OP_NO_COMPRESSION", "SSL_OP_NO_QUERY_MTU", "SSL_OP_NO_COMPRESSION",
"SSL_VERIFY_NONE", "SSL_VERIFY_PEER", "SSL_VERIFY_NONE", "SSL_VERIFY_PEER",
"SSL_VERIFY_FAIL_IF_NO_PEER_CERT", "SSL_VERIFY_CLIENT_ONCE", "SSL_VERIFY_FAIL_IF_NO_PEER_CERT", "SSL_VERIFY_CLIENT_ONCE",
"SSL_SESS_CACHE_OFF", "SSL_SESS_CACHE_CLIENT", "SSL_SESS_CACHE_OFF", "SSL_SESS_CACHE_CLIENT",
@ -524,6 +527,7 @@ __all__ = [
"CRYPTO_set_locking_callback", "CRYPTO_set_locking_callback",
"DTLSv1_get_timeout", "DTLSv1_handle_timeout", "DTLSv1_get_timeout", "DTLSv1_handle_timeout",
"DTLSv1_listen", "DTLSv1_listen",
"DTLS_set_link_mtu",
"BIO_gets", "BIO_read", "BIO_get_mem_data", "BIO_gets", "BIO_read", "BIO_get_mem_data",
"BIO_dgram_set_connected", "BIO_dgram_set_connected",
"BIO_dgram_get_peer", "BIO_dgram_set_peer", "BIO_dgram_get_peer", "BIO_dgram_set_peer",
@ -532,6 +536,8 @@ __all__ = [
"SSL_CTX_set_options", "SSL_CTX_set_options",
"SSL_CTX_set_info_callback", "SSL_CTX_set_info_callback",
"SSL_read", "SSL_write", "SSL_read", "SSL_write",
"SSL_set_options",
"SSL_set_mtu",
"SSL_state_string_long", "SSL_alert_type_string_long", "SSL_alert_desc_string_long", "SSL_state_string_long", "SSL_alert_type_string_long", "SSL_alert_desc_string_long",
"SSL_CTX_set_cookie_cb", "SSL_CTX_set_cookie_cb",
"OBJ_obj2txt", "decode_ASN1_STRING", "ASN1_TIME_print", "OBJ_obj2txt", "decode_ASN1_STRING", "ASN1_TIME_print",
@ -815,16 +821,19 @@ def DTLSv1_handle_timeout(ssl):
def DTLSv1_listen(ssl): def DTLSv1_listen(ssl):
su = sockaddr_u() su = sockaddr_u()
ret = _SSL_ctrl(ssl, DTLS_CTRL_LISTEN, 0, byref(su)) ret = _SSL_ctrl(ssl, DTLS_CTRL_LISTEN, 0, byref(su))
errcheck_ord(ret, _SSL_ctrl, (ssl, DTLS_CTRL_LISTEN, 0, byref(su))) errcheck_ord(ret, _SSL_ctrl, (ssl, DTLS_CTRL_LISTEN, 0, byref(su)))
return addr_tuple_from_sockaddr_u(su) return addr_tuple_from_sockaddr_u(su)
def SSL_read(ssl, length, buffer): def DTLS_set_link_mtu(ssl, mtu):
if buffer: return _SSL_ctrl(ssl, DTLS_CTRL_SET_LINK_MTU, mtu, None)
length = min(length, len(buffer))
buf = (c_char * length).from_buffer(buffer) def SSL_read(ssl, length, buffer):
else: if buffer:
buf = create_string_buffer(length) length = min(length, len(buffer))
buf = (c_char * length).from_buffer(buffer)
else:
buf = create_string_buffer(length)
res_len = _SSL_read(ssl, buf, length) res_len = _SSL_read(ssl, buf, length)
if buffer: if buffer:
return res_len return res_len
@ -841,6 +850,12 @@ def SSL_write(ssl, data):
str_data = str(data) str_data = str(data)
return _SSL_write(ssl, str_data, len(str_data)) return _SSL_write(ssl, str_data, len(str_data))
def SSL_set_options(ssl, op):
return _SSL_ctrl(ssl, SSL_CTRL_OPTIONS, op, None)
def SSL_set_mtu(ssl, mtu):
return _SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, None)
def SSL_state_string_long(ssl): def SSL_state_string_long(ssl):
try: try:
ret = _SSL_state_string_long(ssl) ret = _SSL_state_string_long(ssl)

Binary file not shown.

Binary file not shown.

View File

@ -404,18 +404,19 @@ class SSLConnection(object):
try: try:
peer_address = sock.getpeername() peer_address = sock.getpeername()
except socket.error: except socket.error:
peer_address = None peer_address = None
if server_side: if server_side:
post_init = self._init_server(peer_address) post_init = self._init_server(peer_address)
else: else:
post_init = self._init_client(peer_address) post_init = self._init_client(peer_address)
SSL_set_bio(self._ssl.value, self._rbio.value, self._wbio.value) SSL_set_options(self._ssl.value, SSL_OP_NO_QUERY_MTU)
self._rbio.disown() DTLS_set_link_mtu(self._ssl.value, 1500)
self._wbio.disown() SSL_set_bio(self._ssl.value, self._rbio.value, self._wbio.value)
if post_init: self._rbio.disown()
post_init() self._wbio.disown()
if post_init:
post_init()
def get_socket(self, inbound): def get_socket(self, inbound):
"""Retrieve a socket used by this connection """Retrieve a socket used by this connection