Beautified lists and maps, grouped imports for easy merges in the future - no changed functionality!
* dtls/openssl.py: - Ordered constants according to header file from openSSL - Beautified __all__-list and map for _make_function() in order to easy merges in the future - Added a few returns in order to evaluate the success of the called methods * dtls/patch.py: Grouped imports in the following order - system, local * dtls/sslconnection.py: ssl protocol not hardcoded anymore for forked objects * dtls/x509.py: logger messages working againincoming
parent
1c7bdcad16
commit
b4911f4949
12
ChangeLog
12
ChangeLog
|
@ -1,3 +1,15 @@
|
|||
2017-03-17 Björn Freise <mcfreis@gmx.net>
|
||||
|
||||
Beautified lists and maps, grouped imports for easy merges in the future - no changed functionality!
|
||||
|
||||
* dtls/openssl.py:
|
||||
- Ordered constants according to header file from openSSL
|
||||
- Beautified __all__-list and map for _make_function() in order to easy merges in the future
|
||||
- Added a few returns in order to evaluate the success of the called methods
|
||||
* dtls/patch.py: Grouped imports in the following order - system, local
|
||||
* dtls/sslconnection.py: ssl protocol not hardcoded anymore for forked objects
|
||||
* dtls/x509.py: logger messages working again
|
||||
|
||||
2017-02-27 Ray Brown <code@liquibits.com>
|
||||
|
||||
* dtls/openssl.py: support reading directly into given buffer instead of forcing buffer copy (for ssl module compatibility)
|
||||
|
|
449
dtls/openssl.py
449
dtls/openssl.py
|
@ -102,26 +102,31 @@ GEN_DIRNAME = 4
|
|||
NID_subject_alt_name = 85
|
||||
CRYPTO_LOCK = 1
|
||||
|
||||
#
|
||||
# Integer constants - internal
|
||||
#
|
||||
SSL_CTRL_SET_SESS_CACHE_MODE = 44
|
||||
SSL_CTRL_SET_READ_AHEAD = 41
|
||||
SSL_CTRL_OPTIONS = 32
|
||||
BIO_CTRL_INFO = 3
|
||||
BIO_CTRL_DGRAM_SET_CONNECTED = 32
|
||||
BIO_CTRL_DGRAM_GET_PEER = 46
|
||||
BIO_CTRL_DGRAM_SET_PEER = 44
|
||||
BIO_C_SET_NBIO = 102
|
||||
DTLS_CTRL_GET_TIMEOUT = 73
|
||||
DTLS_CTRL_HANDLE_TIMEOUT = 74
|
||||
DTLS_CTRL_LISTEN = 75
|
||||
X509_NAME_MAXLEN = 256
|
||||
GETS_MAXLEN = 2048
|
||||
|
||||
#
|
||||
# Parameter data types
|
||||
#
|
||||
#
|
||||
# Integer constants - internal
|
||||
#
|
||||
SSL_CTRL_OPTIONS = 32
|
||||
SSL_CTRL_SET_READ_AHEAD = 41
|
||||
SSL_CTRL_SET_SESS_CACHE_MODE = 44
|
||||
|
||||
BIO_CTRL_INFO = 3
|
||||
BIO_CTRL_DGRAM_SET_CONNECTED = 32
|
||||
BIO_CTRL_DGRAM_SET_PEER = 44
|
||||
BIO_CTRL_DGRAM_GET_PEER = 46
|
||||
|
||||
BIO_C_SET_NBIO = 102
|
||||
|
||||
DTLS_CTRL_GET_TIMEOUT = 73
|
||||
DTLS_CTRL_HANDLE_TIMEOUT = 74
|
||||
DTLS_CTRL_LISTEN = 75
|
||||
|
||||
X509_NAME_MAXLEN = 256
|
||||
GETS_MAXLEN = 2048
|
||||
|
||||
|
||||
#
|
||||
# Parameter data types
|
||||
#
|
||||
class c_long_parm(object):
|
||||
"""Long integer paramter class
|
||||
|
||||
|
@ -467,130 +472,149 @@ def _make_function(name, lib, args, export=True, errcheck="default"):
|
|||
if errcheck:
|
||||
func.errcheck = errcheck
|
||||
globals()[glbl_name] = func
|
||||
|
||||
_subst = {c_long_parm: c_long}
|
||||
_sigs = {}
|
||||
__all__ = ["BIO_NOCLOSE", "BIO_CLOSE",
|
||||
"SSLEAY_VERSION",
|
||||
"SSL_OP_NO_COMPRESSION",
|
||||
"SSL_VERIFY_NONE", "SSL_VERIFY_PEER",
|
||||
"SSL_VERIFY_FAIL_IF_NO_PEER_CERT", "SSL_VERIFY_CLIENT_ONCE",
|
||||
"SSL_SESS_CACHE_OFF", "SSL_SESS_CACHE_CLIENT",
|
||||
"SSL_SESS_CACHE_SERVER", "SSL_SESS_CACHE_BOTH",
|
||||
"SSL_SESS_CACHE_NO_AUTO_CLEAR", "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP",
|
||||
"SSL_SESS_CACHE_NO_INTERNAL_STORE", "SSL_SESS_CACHE_NO_INTERNAL",
|
||||
"SSL_FILE_TYPE_PEM",
|
||||
"GEN_DIRNAME", "NID_subject_alt_name",
|
||||
"CRYPTO_LOCK",
|
||||
"CRYPTO_set_locking_callback",
|
||||
"DTLSv1_get_timeout", "DTLSv1_handle_timeout",
|
||||
"DTLSv1_listen",
|
||||
"BIO_gets", "BIO_read", "BIO_get_mem_data",
|
||||
"BIO_dgram_set_connected",
|
||||
"BIO_dgram_get_peer", "BIO_dgram_set_peer",
|
||||
"BIO_set_nbio",
|
||||
"SSL_CTX_set_session_cache_mode", "SSL_CTX_set_read_ahead",
|
||||
"SSL_CTX_set_options",
|
||||
"SSL_read", "SSL_write",
|
||||
"SSL_CTX_set_cookie_cb",
|
||||
"OBJ_obj2txt", "decode_ASN1_STRING", "ASN1_TIME_print",
|
||||
"X509_get_notAfter",
|
||||
"ASN1_item_d2i", "GENERAL_NAME_print",
|
||||
"sk_value",
|
||||
"sk_pop_free",
|
||||
"i2d_X509"] # note: the following map adds to this list
|
||||
|
||||
map(lambda x: _make_function(*x), (
|
||||
("SSL_library_init", libssl, ((c_int, "ret"),)),
|
||||
("SSL_load_error_strings", libssl, ((None, "ret"),)),
|
||||
("SSLeay", libcrypto, ((c_long_parm, "ret"),)),
|
||||
("SSLeay_version", libcrypto, ((c_char_p, "ret"), (c_int, "t"))),
|
||||
("CRYPTO_set_locking_callback", libcrypto,
|
||||
((None, "ret"), (c_void_p, "func")), False),
|
||||
("CRYPTO_get_id_callback", libcrypto, ((c_void_p, "ret"),), True, None),
|
||||
("CRYPTO_num_locks", libcrypto, ((c_int, "ret"),)),
|
||||
("DTLSv1_server_method", libssl, ((DTLSv1Method, "ret"),)),
|
||||
("DTLSv1_client_method", libssl, ((DTLSv1Method, "ret"),)),
|
||||
("SSL_CTX_new", libssl, ((SSLCTX, "ret"), (DTLSv1Method, "meth"))),
|
||||
("SSL_CTX_free", libssl, ((None, "ret"), (SSLCTX, "ctx"))),
|
||||
("SSL_CTX_set_cookie_generate_cb", libssl,
|
||||
((None, "ret"), (SSLCTX, "ctx"), (c_void_p, "app_gen_cookie_cb")), False),
|
||||
("SSL_CTX_set_cookie_verify_cb", libssl,
|
||||
((None, "ret"), (SSLCTX, "ctx"), (c_void_p, "app_verify_cookie_cb")),
|
||||
False),
|
||||
("SSL_new", libssl, ((SSL, "ret"), (SSLCTX, "ctx"))),
|
||||
("SSL_free", libssl, ((None, "ret"), (SSL, "ssl"))),
|
||||
("SSL_set_bio", libssl,
|
||||
((None, "ret"), (SSL, "ssl"), (BIO, "rbio"), (BIO, "wbio"))),
|
||||
("BIO_new", libcrypto, ((BIO, "ret"), (BIO_METHOD, "type"))),
|
||||
("BIO_s_mem", libcrypto, ((BIO_METHOD, "ret"),)),
|
||||
("BIO_new_file", libcrypto,
|
||||
((BIO, "ret"), (c_char_p, "filename"), (c_char_p, "mode"))),
|
||||
("BIO_new_dgram", libcrypto,
|
||||
((BIO, "ret"), (c_int, "fd"), (c_int, "close_flag"))),
|
||||
("BIO_free", libcrypto, ((c_int, "ret"), (BIO, "a"))),
|
||||
("BIO_gets", libcrypto,
|
||||
((c_int, "ret"), (BIO, "b"), (POINTER(c_char), "buf"), (c_int, "size")),
|
||||
False),
|
||||
("BIO_read", libcrypto,
|
||||
((c_int, "ret"), (BIO, "b"), (c_void_p, "buf"), (c_int, "len")), False),
|
||||
("SSL_CTX_ctrl", libssl,
|
||||
((c_long_parm, "ret"), (SSLCTX, "ctx"), (c_int, "cmd"), (c_long, "larg"),
|
||||
(c_void_p, "parg")), False),
|
||||
("BIO_ctrl", libcrypto,
|
||||
((c_long_parm, "ret"), (BIO, "bp"), (c_int, "cmd"), (c_long, "larg"),
|
||||
(c_void_p, "parg")), False),
|
||||
("SSL_ctrl", libssl,
|
||||
((c_long_parm, "ret"), (SSL, "ssl"), (c_int, "cmd"), (c_long, "larg"),
|
||||
(c_void_p, "parg")), False),
|
||||
("ERR_get_error", libcrypto, ((c_long_parm, "ret"),), False),
|
||||
("ERR_error_string_n", libcrypto,
|
||||
((None, "ret"), (c_ulong, "e"), (c_char_p, "buf"), (c_size_t, "len")),
|
||||
False),
|
||||
("SSL_get_error", libssl, ((c_int, "ret"), (SSL, "ssl"), (c_int, "ret")),
|
||||
False, None),
|
||||
("SSL_CTX_set_cipher_list", libssl,
|
||||
((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "str"))),
|
||||
("SSL_CTX_use_certificate_file", libssl,
|
||||
|
||||
_subst = {c_long_parm: c_long}
|
||||
_sigs = {}
|
||||
__all__ = [
|
||||
# Constants
|
||||
"BIO_NOCLOSE", "BIO_CLOSE",
|
||||
"SSLEAY_VERSION",
|
||||
"SSL_OP_NO_COMPRESSION",
|
||||
"SSL_VERIFY_NONE", "SSL_VERIFY_PEER",
|
||||
"SSL_VERIFY_FAIL_IF_NO_PEER_CERT", "SSL_VERIFY_CLIENT_ONCE",
|
||||
"SSL_SESS_CACHE_OFF", "SSL_SESS_CACHE_CLIENT",
|
||||
"SSL_SESS_CACHE_SERVER", "SSL_SESS_CACHE_BOTH",
|
||||
"SSL_SESS_CACHE_NO_AUTO_CLEAR", "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP",
|
||||
"SSL_SESS_CACHE_NO_INTERNAL_STORE", "SSL_SESS_CACHE_NO_INTERNAL",
|
||||
"SSL_FILE_TYPE_PEM",
|
||||
"GEN_DIRNAME", "NID_subject_alt_name",
|
||||
"CRYPTO_LOCK",
|
||||
# Methods
|
||||
"CRYPTO_set_locking_callback",
|
||||
"DTLSv1_get_timeout", "DTLSv1_handle_timeout",
|
||||
"DTLSv1_listen",
|
||||
"BIO_gets", "BIO_read", "BIO_get_mem_data",
|
||||
"BIO_dgram_set_connected",
|
||||
"BIO_dgram_get_peer", "BIO_dgram_set_peer",
|
||||
"BIO_set_nbio",
|
||||
"SSL_CTX_set_session_cache_mode", "SSL_CTX_set_read_ahead",
|
||||
"SSL_CTX_set_options",
|
||||
"SSL_read", "SSL_write",
|
||||
"SSL_CTX_set_cookie_cb",
|
||||
"OBJ_obj2txt", "decode_ASN1_STRING", "ASN1_TIME_print",
|
||||
"X509_get_notAfter",
|
||||
"ASN1_item_d2i", "GENERAL_NAME_print",
|
||||
"sk_value",
|
||||
"sk_pop_free",
|
||||
"i2d_X509",
|
||||
] # note: the following map adds to this list
|
||||
|
||||
map(lambda x: _make_function(*x), (
|
||||
("SSL_library_init", libssl,
|
||||
((c_int, "ret"),)),
|
||||
("SSL_load_error_strings", libssl,
|
||||
((None, "ret"),)),
|
||||
("SSLeay", libcrypto,
|
||||
((c_long_parm, "ret"),)),
|
||||
("SSLeay_version", libcrypto,
|
||||
((c_char_p, "ret"), (c_int, "t"))),
|
||||
("CRYPTO_set_locking_callback", libcrypto,
|
||||
((None, "ret"), (c_void_p, "func")), False),
|
||||
("CRYPTO_get_id_callback", libcrypto,
|
||||
((c_void_p, "ret"),), True, None),
|
||||
("CRYPTO_num_locks", libcrypto,
|
||||
((c_int, "ret"),)),
|
||||
("DTLSv1_server_method", libssl,
|
||||
((DTLSv1Method, "ret"),)),
|
||||
("DTLSv1_client_method", libssl,
|
||||
((DTLSv1Method, "ret"),)),
|
||||
("SSL_CTX_new", libssl,
|
||||
((SSLCTX, "ret"), (DTLSv1Method, "meth"))),
|
||||
("SSL_CTX_free", libssl,
|
||||
((None, "ret"), (SSLCTX, "ctx"))),
|
||||
("SSL_CTX_set_cookie_generate_cb", libssl,
|
||||
((None, "ret"), (SSLCTX, "ctx"), (c_void_p, "app_gen_cookie_cb")), False),
|
||||
("SSL_CTX_set_cookie_verify_cb", libssl,
|
||||
((None, "ret"), (SSLCTX, "ctx"), (c_void_p, "app_verify_cookie_cb")), False),
|
||||
("SSL_new", libssl,
|
||||
((SSL, "ret"), (SSLCTX, "ctx"))),
|
||||
("SSL_free", libssl,
|
||||
((None, "ret"), (SSL, "ssl"))),
|
||||
("SSL_set_bio", libssl,
|
||||
((None, "ret"), (SSL, "ssl"), (BIO, "rbio"), (BIO, "wbio"))),
|
||||
("BIO_new", libcrypto,
|
||||
((BIO, "ret"), (BIO_METHOD, "type"))),
|
||||
("BIO_s_mem", libcrypto,
|
||||
((BIO_METHOD, "ret"),)),
|
||||
("BIO_new_file", libcrypto,
|
||||
((BIO, "ret"), (c_char_p, "filename"), (c_char_p, "mode"))),
|
||||
("BIO_new_dgram", libcrypto,
|
||||
((BIO, "ret"), (c_int, "fd"), (c_int, "close_flag"))),
|
||||
("BIO_free", libcrypto,
|
||||
((c_int, "ret"), (BIO, "a"))),
|
||||
("BIO_gets", libcrypto,
|
||||
((c_int, "ret"), (BIO, "b"), (POINTER(c_char), "buf"), (c_int, "size")), False),
|
||||
("BIO_read", libcrypto,
|
||||
((c_int, "ret"), (BIO, "b"), (c_void_p, "buf"), (c_int, "len")), False),
|
||||
("SSL_CTX_ctrl", libssl,
|
||||
((c_long_parm, "ret"), (SSLCTX, "ctx"), (c_int, "cmd"), (c_long, "larg"), (c_void_p, "parg")), False),
|
||||
("BIO_ctrl", libcrypto,
|
||||
((c_long_parm, "ret"), (BIO, "bp"), (c_int, "cmd"), (c_long, "larg"), (c_void_p, "parg")), False),
|
||||
("SSL_ctrl", libssl,
|
||||
((c_long_parm, "ret"), (SSL, "ssl"), (c_int, "cmd"), (c_long, "larg"), (c_void_p, "parg")), False),
|
||||
("ERR_get_error", libcrypto,
|
||||
((c_long_parm, "ret"),), False),
|
||||
("ERR_error_string_n", libcrypto,
|
||||
((None, "ret"), (c_ulong, "e"), (c_char_p, "buf"), (c_size_t, "len")), False),
|
||||
("SSL_get_error", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl"), (c_int, "ret")), False, None),
|
||||
("SSL_CTX_set_cipher_list", libssl,
|
||||
((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "str"))),
|
||||
("SSL_CTX_use_certificate_file", libssl,
|
||||
((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "file"), (c_int, "type"))),
|
||||
("SSL_CTX_use_certificate_chain_file", libssl,
|
||||
((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "file"))),
|
||||
("SSL_CTX_use_PrivateKey_file", libssl,
|
||||
((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "file"), (c_int, "type"))),
|
||||
("SSL_CTX_load_verify_locations", libssl,
|
||||
((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "CAfile"),
|
||||
(c_char_p, "CApath"))),
|
||||
("SSL_CTX_set_verify", libssl,
|
||||
((None, "ret"), (SSLCTX, "ctx"), (c_int, "mode"),
|
||||
(c_void_p, "verify_callback", 1, None))),
|
||||
("SSL_accept", libssl, ((c_int, "ret"), (SSL, "ssl"))),
|
||||
("SSL_connect", libssl, ((c_int, "ret"), (SSL, "ssl"))),
|
||||
("SSL_set_connect_state", libssl, ((None, "ret"), (SSL, "ssl"))),
|
||||
("SSL_set_accept_state", libssl, ((None, "ret"), (SSL, "ssl"))),
|
||||
("SSL_do_handshake", libssl, ((c_int, "ret"), (SSL, "ssl"))),
|
||||
("SSL_get_peer_certificate", libssl, ((X509, "ret"), (SSL, "ssl"))),
|
||||
("SSL_read", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl"), (c_void_p, "buf"), (c_int, "num")), False),
|
||||
("SSL_write", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl"), (c_void_p, "buf"), (c_int, "num")), False),
|
||||
("SSL_pending", libssl, ((c_int, "ret"), (SSL, "ssl")), True, None),
|
||||
("SSL_shutdown", libssl, ((c_int, "ret"), (SSL, "ssl"))),
|
||||
("SSL_set_read_ahead", libssl,
|
||||
((None, "ret"), (SSL, "ssl"), (c_int, "yes"))),
|
||||
("X509_free", libcrypto, ((None, "ret"), (X509, "a"))),
|
||||
("PEM_read_bio_X509_AUX", libcrypto,
|
||||
((X509, "ret"), (BIO, "bp"), (c_void_p, "x", 1, None),
|
||||
(c_void_p, "cb", 1, None), (c_void_p, "u", 1, None))),
|
||||
("OBJ_obj2txt", libcrypto,
|
||||
((c_int, "ret"), (POINTER(c_char), "buf"), (c_int, "buf_len"),
|
||||
(ASN1_OBJECT, "a"), (c_int, "no_name")), False),
|
||||
("CRYPTO_free", libcrypto, ((None, "ret"), (c_void_p, "ptr"))),
|
||||
("ASN1_STRING_to_UTF8", libcrypto,
|
||||
((c_int, "ret"), (POINTER(POINTER(c_ubyte)), "out"), (ASN1_STRING, "in")),
|
||||
False),
|
||||
("X509_NAME_entry_count", libcrypto,
|
||||
((c_int, "ret"), (POINTER(X509_name_st), "name")), True, None),
|
||||
("X509_NAME_get_entry", libcrypto,
|
||||
("SSL_CTX_use_PrivateKey_file", libssl,
|
||||
((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "file"), (c_int, "type"))),
|
||||
("SSL_CTX_load_verify_locations", libssl,
|
||||
((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "CAfile"), (c_char_p, "CApath"))),
|
||||
("SSL_CTX_set_verify", libssl,
|
||||
((None, "ret"), (SSLCTX, "ctx"), (c_int, "mode"), (c_void_p, "verify_callback", 1, None))),
|
||||
("SSL_accept", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl"))),
|
||||
("SSL_connect", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl"))),
|
||||
("SSL_set_connect_state", libssl,
|
||||
((None, "ret"), (SSL, "ssl"))),
|
||||
("SSL_set_accept_state", libssl,
|
||||
((None, "ret"), (SSL, "ssl"))),
|
||||
("SSL_do_handshake", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl"))),
|
||||
("SSL_get_peer_certificate", libssl,
|
||||
((X509, "ret"), (SSL, "ssl"))),
|
||||
("SSL_read", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl"), (c_void_p, "buf"), (c_int, "num")), False),
|
||||
("SSL_write", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl"), (c_void_p, "buf"), (c_int, "num")), False),
|
||||
("SSL_pending", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl")), True, None),
|
||||
("SSL_shutdown", libssl,
|
||||
((c_int, "ret"), (SSL, "ssl"))),
|
||||
("SSL_set_read_ahead", libssl,
|
||||
((None, "ret"), (SSL, "ssl"), (c_int, "yes"))),
|
||||
("X509_free", libcrypto,
|
||||
((None, "ret"), (X509, "a"))),
|
||||
("PEM_read_bio_X509_AUX", libcrypto,
|
||||
((X509, "ret"), (BIO, "bp"), (c_void_p, "x", 1, None), (c_void_p, "cb", 1, None), (c_void_p, "u", 1, None))),
|
||||
("OBJ_obj2txt", libcrypto,
|
||||
((c_int, "ret"), (POINTER(c_char), "buf"), (c_int, "buf_len"), (ASN1_OBJECT, "a"), (c_int, "no_name")), False),
|
||||
("CRYPTO_free", libcrypto,
|
||||
((None, "ret"), (c_void_p, "ptr"))),
|
||||
("ASN1_STRING_to_UTF8", libcrypto,
|
||||
((c_int, "ret"), (POINTER(POINTER(c_ubyte)), "out"), (ASN1_STRING, "in")), False),
|
||||
("X509_NAME_entry_count", libcrypto,
|
||||
((c_int, "ret"), (POINTER(X509_name_st), "name")), True, None),
|
||||
("X509_NAME_get_entry", libcrypto,
|
||||
((POINTER(X509_NAME_ENTRY), "ret"), (POINTER(X509_name_st), "name"),
|
||||
(c_int, "loc")), True, errcheck_p),
|
||||
("X509_NAME_ENTRY_get_object", libcrypto,
|
||||
|
@ -599,40 +623,37 @@ map(lambda x: _make_function(*x), (
|
|||
((ASN1_STRING, "ret"), (POINTER(X509_NAME_ENTRY), "ne"))),
|
||||
("X509_get_subject_name", libcrypto,
|
||||
((POINTER(X509_name_st), "ret"), (X509, "a")), True, errcheck_p),
|
||||
("ASN1_TIME_print", libcrypto,
|
||||
((c_int, "ret"), (BIO, "fp"), (ASN1_TIME, "a")), False),
|
||||
("X509_get_ext_by_NID", libcrypto,
|
||||
((c_int, "ret"), (X509, "x"), (c_int, "nid"), (c_int, "lastpos")),
|
||||
True, None),
|
||||
("X509_get_ext", libcrypto,
|
||||
((POINTER(X509_EXTENSION), "ret"), (X509, "x"), (c_int, "loc")),
|
||||
True, errcheck_p),
|
||||
("X509V3_EXT_get", libcrypto,
|
||||
((POINTER(X509V3_EXT_METHOD), "ret"), (POINTER(X509_EXTENSION), "ext")),
|
||||
True, errcheck_p),
|
||||
("ASN1_item_d2i", libcrypto,
|
||||
((c_void_p, "ret"), (c_void_p, "val"), (POINTER(POINTER(c_ubyte)), "in"),
|
||||
(c_long, "len"), (c_void_p, "it")), False, None),
|
||||
("sk_num", libcrypto, ((c_int, "ret"), (STACK, "stack")), True, None),
|
||||
("sk_value", libcrypto,
|
||||
((c_void_p, "ret"), (STACK, "stack"), (c_int, "loc")), False),
|
||||
("GENERAL_NAME_print", libcrypto,
|
||||
((c_int, "ret"), (BIO, "out"), (POINTER(GENERAL_NAME), "gen")), False),
|
||||
("sk_pop_free", libcrypto,
|
||||
((None, "ret"), (STACK, "st"), (c_void_p, "func")), False),
|
||||
("i2d_X509_bio", libcrypto, ((c_int, "ret"), (BIO, "bp"), (X509, "x")),
|
||||
False),
|
||||
("SSL_get_current_cipher", libssl, ((SSL_CIPHER, "ret"), (SSL, "ssl"))),
|
||||
("SSL_CIPHER_get_name", libssl,
|
||||
((c_char_p, "ret"), (SSL_CIPHER, "cipher"))),
|
||||
("SSL_CIPHER_get_version", libssl,
|
||||
((c_char_p, "ret"), (SSL_CIPHER, "cipher"))),
|
||||
("SSL_CIPHER_get_bits", libssl,
|
||||
((c_int, "ret"), (SSL_CIPHER, "cipher"),
|
||||
(POINTER(c_int), "alg_bits", 1, None)), True, None),
|
||||
))
|
||||
|
||||
#
|
||||
("ASN1_TIME_print", libcrypto,
|
||||
((c_int, "ret"), (BIO, "fp"), (ASN1_TIME, "a")), False),
|
||||
("X509_get_ext_by_NID", libcrypto,
|
||||
((c_int, "ret"), (X509, "x"), (c_int, "nid"), (c_int, "lastpos")), True, None),
|
||||
("X509_get_ext", libcrypto,
|
||||
((POINTER(X509_EXTENSION), "ret"), (X509, "x"), (c_int, "loc")), True, errcheck_p),
|
||||
("X509V3_EXT_get", libcrypto,
|
||||
((POINTER(X509V3_EXT_METHOD), "ret"), (POINTER(X509_EXTENSION), "ext")), True, errcheck_p),
|
||||
("ASN1_item_d2i", libcrypto,
|
||||
((c_void_p, "ret"), (c_void_p, "val"), (POINTER(POINTER(c_ubyte)), "in"), (c_long, "len"), (c_void_p, "it")), False, None),
|
||||
("sk_num", libcrypto,
|
||||
((c_int, "ret"), (STACK, "stack")), True, None),
|
||||
("sk_value", libcrypto,
|
||||
((c_void_p, "ret"), (STACK, "stack"), (c_int, "loc")), False),
|
||||
("GENERAL_NAME_print", libcrypto,
|
||||
((c_int, "ret"), (BIO, "out"), (POINTER(GENERAL_NAME), "gen")), False),
|
||||
("sk_pop_free", libcrypto,
|
||||
((None, "ret"), (STACK, "st"), (c_void_p, "func")), False),
|
||||
("i2d_X509_bio", libcrypto,
|
||||
((c_int, "ret"), (BIO, "bp"), (X509, "x")), False),
|
||||
("SSL_get_current_cipher", libssl,
|
||||
((SSL_CIPHER, "ret"), (SSL, "ssl"))),
|
||||
("SSL_CIPHER_get_name", libssl,
|
||||
((c_char_p, "ret"), (SSL_CIPHER, "cipher"))),
|
||||
("SSL_CIPHER_get_version", libssl,
|
||||
((c_char_p, "ret"), (SSL_CIPHER, "cipher"))),
|
||||
("SSL_CIPHER_get_bits", libssl,
|
||||
((c_int, "ret"), (SSL_CIPHER, "cipher"), (POINTER(c_int), "alg_bits", 1, None)), True, None),
|
||||
))
|
||||
|
||||
#
|
||||
# Wrappers - functions generally equivalent to OpenSSL library macros
|
||||
#
|
||||
_rvoid_int_int_charp_int = CFUNCTYPE(None, c_int, c_int, c_char_p, c_int)
|
||||
|
@ -647,21 +668,21 @@ def CRYPTO_set_locking_callback(locking_function):
|
|||
global _locking_cb # for keep-alive
|
||||
_locking_cb = _rvoid_int_int_charp_int(py_locking_function)
|
||||
_CRYPTO_set_locking_callback(_locking_cb)
|
||||
|
||||
def SSL_CTX_set_session_cache_mode(ctx, mode):
|
||||
# Returns the previous value of mode
|
||||
_SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, mode, None)
|
||||
|
||||
def SSL_CTX_set_read_ahead(ctx, m):
|
||||
# Returns the previous value of m
|
||||
_SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, None)
|
||||
|
||||
def SSL_CTX_set_options(ctx, options):
|
||||
# Returns the new option bitmaks after adding the given options
|
||||
_SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, options, None)
|
||||
|
||||
_rint_voidp_ubytep_uintp = CFUNCTYPE(c_int, c_void_p, POINTER(c_ubyte),
|
||||
POINTER(c_uint))
|
||||
|
||||
def SSL_CTX_set_session_cache_mode(ctx, mode):
|
||||
# Returns the previous value of mode
|
||||
return _SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, mode, None)
|
||||
|
||||
def SSL_CTX_set_read_ahead(ctx, m):
|
||||
# Returns the previous value of m
|
||||
return _SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, None)
|
||||
|
||||
def SSL_CTX_set_options(ctx, options):
|
||||
# Returns the new option bitmaks after adding the given options
|
||||
return _SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, options, None)
|
||||
|
||||
_rint_voidp_ubytep_uintp = CFUNCTYPE(c_int, c_void_p, POINTER(c_ubyte),
|
||||
POINTER(c_uint))
|
||||
_rint_voidp_ubytep_uint = CFUNCTYPE(c_int, c_void_p, POINTER(c_ubyte), c_uint)
|
||||
|
||||
def SSL_CTX_set_cookie_cb(ctx, generate, verify):
|
||||
|
@ -690,25 +711,25 @@ def SSL_CTX_set_cookie_cb(ctx, generate, verify):
|
|||
_SSL_CTX_set_cookie_generate_cb(ctx, gen_cb)
|
||||
_SSL_CTX_set_cookie_verify_cb(ctx, ver_cb)
|
||||
return gen_cb, ver_cb
|
||||
|
||||
def BIO_dgram_set_connected(bio, peer_address):
|
||||
su = sockaddr_u_from_addr_tuple(peer_address)
|
||||
_BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_CONNECTED, 0, byref(su))
|
||||
|
||||
def BIO_dgram_get_peer(bio):
|
||||
su = sockaddr_u()
|
||||
|
||||
def BIO_dgram_set_connected(bio, peer_address):
|
||||
su = sockaddr_u_from_addr_tuple(peer_address)
|
||||
return _BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_CONNECTED, 0, byref(su))
|
||||
|
||||
def BIO_dgram_get_peer(bio):
|
||||
su = sockaddr_u()
|
||||
_BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_PEER, 0, byref(su))
|
||||
return addr_tuple_from_sockaddr_u(su)
|
||||
|
||||
def BIO_dgram_set_peer(bio, peer_address):
|
||||
su = sockaddr_u_from_addr_tuple(peer_address)
|
||||
_BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_PEER, 0, byref(su))
|
||||
|
||||
def BIO_set_nbio(bio, n):
|
||||
_BIO_ctrl(bio, BIO_C_SET_NBIO, 1 if n else 0, None)
|
||||
|
||||
def DTLSv1_get_timeout(ssl):
|
||||
tv = TIMEVAL()
|
||||
|
||||
def BIO_dgram_set_peer(bio, peer_address):
|
||||
su = sockaddr_u_from_addr_tuple(peer_address)
|
||||
return _BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_PEER, 0, byref(su))
|
||||
|
||||
def BIO_set_nbio(bio, n):
|
||||
return _BIO_ctrl(bio, BIO_C_SET_NBIO, 1 if n else 0, None)
|
||||
|
||||
def DTLSv1_get_timeout(ssl):
|
||||
tv = TIMEVAL()
|
||||
ret = _SSL_ctrl(ssl, DTLS_CTRL_GET_TIMEOUT, 0, byref(tv))
|
||||
if ret != 1:
|
||||
return
|
||||
|
@ -724,13 +745,13 @@ def DTLSv1_handle_timeout(ssl):
|
|||
return True
|
||||
# There was an error: either too many timeouts have occurred or a
|
||||
# retransmission failed
|
||||
assert ret < 0
|
||||
if ret > 0:
|
||||
ret = -10
|
||||
errcheck_p(ret, _SSL_ctrl, (ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, None))
|
||||
|
||||
def DTLSv1_listen(ssl):
|
||||
su = sockaddr_u()
|
||||
assert ret < 0
|
||||
if ret > 0:
|
||||
ret = -10
|
||||
return errcheck_p(ret, _SSL_ctrl, (ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, None))
|
||||
|
||||
def DTLSv1_listen(ssl):
|
||||
su = sockaddr_u()
|
||||
ret = _SSL_ctrl(ssl, DTLS_CTRL_LISTEN, 0, byref(su))
|
||||
errcheck_ord(ret, _SSL_ctrl, (ssl, DTLS_CTRL_LISTEN, 0, byref(su)))
|
||||
return addr_tuple_from_sockaddr_u(su)
|
||||
|
|
|
@ -31,22 +31,23 @@ has the following effects:
|
|||
* Direct instantiation of SSLSocket as well as instantiation through
|
||||
ssl.wrap_socket are supported
|
||||
* Invocation of the function get_server_certificate with a value of
|
||||
PROTOCOL_DTLSv1 for the parameter ssl_version is supported
|
||||
"""
|
||||
|
||||
from socket import SOCK_DGRAM, socket, _delegate_methods, error as socket_error
|
||||
from socket import AF_INET, SOCK_STREAM, SOCK_DGRAM, getaddrinfo
|
||||
from sslconnection import SSLConnection, PROTOCOL_DTLSv1, CERT_NONE
|
||||
from sslconnection import DTLS_OPENSSL_VERSION_NUMBER, DTLS_OPENSSL_VERSION
|
||||
from sslconnection import DTLS_OPENSSL_VERSION_INFO
|
||||
from err import raise_as_ssl_module_error
|
||||
from types import MethodType
|
||||
from weakref import proxy
|
||||
import errno
|
||||
|
||||
def do_patch():
|
||||
import ssl as _ssl # import to be avoided if ssl module is never patched
|
||||
global _orig_SSLSocket_init, _orig_get_server_certificate
|
||||
PROTOCOL_DTLSv1 for the parameter ssl_version is supported
|
||||
"""
|
||||
|
||||
from socket import socket, getaddrinfo, _delegate_methods, error as socket_error
|
||||
from socket import AF_INET, SOCK_STREAM, SOCK_DGRAM
|
||||
from types import MethodType
|
||||
from weakref import proxy
|
||||
import errno
|
||||
|
||||
from sslconnection import SSLConnection, PROTOCOL_DTLSv1, CERT_NONE
|
||||
from sslconnection import DTLS_OPENSSL_VERSION_NUMBER, DTLS_OPENSSL_VERSION, DTLS_OPENSSL_VERSION_INFO
|
||||
from err import raise_as_ssl_module_error
|
||||
|
||||
|
||||
def do_patch():
|
||||
import ssl as _ssl # import to be avoided if ssl module is never patched
|
||||
global _orig_SSLSocket_init, _orig_get_server_certificate
|
||||
global ssl
|
||||
ssl = _ssl
|
||||
if hasattr(ssl, "PROTOCOL_DTLSv1"):
|
||||
|
@ -73,13 +74,13 @@ def _get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
|||
If 'ssl_version' is specified, use it in the connection attempt.
|
||||
"""
|
||||
|
||||
if ssl_version != PROTOCOL_DTLSv1:
|
||||
return _orig_get_server_certificate(addr, ssl_version, ca_certs)
|
||||
|
||||
if (ca_certs is not None):
|
||||
cert_reqs = ssl.CERT_REQUIRED
|
||||
else:
|
||||
cert_reqs = ssl.CERT_NONE
|
||||
if ssl_version != PROTOCOL_DTLSv1:
|
||||
return _orig_get_server_certificate(addr, ssl_version, ca_certs)
|
||||
|
||||
if ca_certs is not None:
|
||||
cert_reqs = ssl.CERT_REQUIRED
|
||||
else:
|
||||
cert_reqs = ssl.CERT_NONE
|
||||
af = getaddrinfo(addr[0], addr[1])[0][0]
|
||||
s = ssl.wrap_socket(socket(af, SOCK_DGRAM),
|
||||
ssl_version=ssl_version,
|
||||
|
|
|
@ -45,12 +45,13 @@ import socket
|
|||
import hmac
|
||||
import datetime
|
||||
from logging import getLogger
|
||||
from os import urandom
|
||||
from select import select
|
||||
from weakref import proxy
|
||||
from err import openssl_error, InvalidSocketError
|
||||
from err import raise_ssl_error
|
||||
from err import SSL_ERROR_WANT_READ, SSL_ERROR_SYSCALL
|
||||
from os import urandom
|
||||
from select import select
|
||||
from weakref import proxy
|
||||
|
||||
from err import openssl_error, InvalidSocketError
|
||||
from err import raise_ssl_error
|
||||
from err import SSL_ERROR_WANT_READ, SSL_ERROR_SYSCALL
|
||||
from err import ERR_COOKIE_MISMATCH, ERR_NO_CERTS
|
||||
from err import ERR_NO_CIPHER, ERR_HANDSHAKE_TIMEOUT, ERR_PORT_UNREACHABLE
|
||||
from err import ERR_READ_TIMEOUT, ERR_WRITE_TIMEOUT
|
||||
|
@ -331,12 +332,13 @@ class SSLConnection(object):
|
|||
ciphers = "DEFAULT"
|
||||
|
||||
self._sock = sock
|
||||
self._keyfile = keyfile
|
||||
self._certfile = certfile
|
||||
self._cert_reqs = cert_reqs
|
||||
self._ca_certs = ca_certs
|
||||
self._do_handshake_on_connect = do_handshake_on_connect
|
||||
self._suppress_ragged_eofs = suppress_ragged_eofs
|
||||
self._keyfile = keyfile
|
||||
self._certfile = certfile
|
||||
self._cert_reqs = cert_reqs
|
||||
self._ssl_version = ssl_version
|
||||
self._ca_certs = ca_certs
|
||||
self._do_handshake_on_connect = do_handshake_on_connect
|
||||
self._suppress_ragged_eofs = suppress_ragged_eofs
|
||||
self._ciphers = ciphers
|
||||
self._handshake_done = False
|
||||
self._wbio_nb = self._rbio_nb = False
|
||||
|
@ -459,13 +461,13 @@ class SSLConnection(object):
|
|||
|
||||
if not self._pending_peer_address:
|
||||
if not self.listen():
|
||||
_logger.debug("Accept returning without connection")
|
||||
return
|
||||
new_conn = SSLConnection(self, self._keyfile, self._certfile, True,
|
||||
self._cert_reqs, PROTOCOL_DTLSv1,
|
||||
self._ca_certs, self._do_handshake_on_connect,
|
||||
self._suppress_ragged_eofs, self._ciphers)
|
||||
new_peer = self._pending_peer_address
|
||||
_logger.debug("Accept returning without connection")
|
||||
return
|
||||
new_conn = SSLConnection(self, self._keyfile, self._certfile, True,
|
||||
self._cert_reqs, self._ssl_version,
|
||||
self._ca_certs, self._do_handshake_on_connect,
|
||||
self._suppress_ragged_eofs, self._ciphers)
|
||||
new_peer = self._pending_peer_address
|
||||
self._pending_peer_address = None
|
||||
if self._do_handshake_on_connect:
|
||||
# Note that since that connection's socket was just created in its
|
||||
|
|
27
dtls/x509.py
27
dtls/x509.py
|
@ -40,24 +40,23 @@ _logger = getLogger(__name__)
|
|||
class _X509(_Rsrc):
|
||||
"""Wrapper for the cryptographic library's X509 resource"""
|
||||
def __init__(self, value):
|
||||
super(_X509, self).__init__(value)
|
||||
|
||||
def __del__(self):
|
||||
_logger.debug("Freeing X509: %d", self._value._as_parameter)
|
||||
X509_free(self._value)
|
||||
self._value = None
|
||||
|
||||
super(_X509, self).__init__(value)
|
||||
|
||||
def __del__(self):
|
||||
_logger.debug("Freeing X509: %d", self.raw)
|
||||
X509_free(self._value)
|
||||
self._value = None
|
||||
|
||||
|
||||
class _STACK(_Rsrc):
|
||||
"""Wrapper for the cryptographic library's stacks"""
|
||||
def __init__(self, value):
|
||||
super(_STACK, self).__init__(value)
|
||||
|
||||
def __del__(self):
|
||||
_logger.debug("Freeing stack: %d", self._value._as_parameter)
|
||||
sk_pop_free(self._value)
|
||||
self._value = None
|
||||
|
||||
super(_STACK, self).__init__(value)
|
||||
|
||||
def __del__(self):
|
||||
_logger.debug("Freeing stack: %d", self.raw)
|
||||
sk_pop_free(self._value)
|
||||
self._value = None
|
||||
|
||||
def decode_cert(cert):
|
||||
"""Convert an X509 certificate into a Python dictionary
|
||||
|
|
Loading…
Reference in New Issue