Commit Graph

7 Commits (59391e401cef8be013270f24f031b8a21aec7292)

Author SHA1 Message Date
mcfreis d601774e24 SSL_write() extended to handle ctypes.Array as data
* dtls/openssl.py: SSL_write() can handle ctypes.Array data
* dtls/sslconnection.py: Added missing import ERR_BOTH_KEY_CERT_FILES
* dtls/test/simple_client.py: Added basic test client to use with dtls/test/echo_seq.py
2017-03-20 14:19:02 +01:00
mcfreis 1c7bdcad16 SSLError(): use errno with int-comparison instead of str().startswith()-comparison 2017-03-17 15:31:59 +01:00
Ray Brown 9add480710 Licensing
This project is now licensed under the Apache license. Individual files
now have a license reference header.

The Apache 2.0 license text is copied to the file LICENSE. The file
NOTICE, referred to in the license text, has been added. A placeholder
README.txt has been added.

These three new files are integrated into the distribution/installation
machinery, and are placed into the package directory upon installation.
2012-12-18 11:14:31 -08:00
Ray Brown 9bee9d049f Echo server connection timeout and monitoring
Prior to this change, the unit tests' echo servers' connections would sometimes
linger beyond server termination. A timeout mechanism is now implemented, which
will terminate a connection and clean up its resources when the timeout is
reached. For the purpose of unit testing, test echo servers now assert that
all connections have been terminated when the servers are closed.

For threaded echo servers, the timeout mechanism involves the use of sockets
with timeouts instead of blocking sockets. This required an implementation with
the proper handling of timeout sockets at the sslconnection level.
2012-11-25 13:44:55 -08:00
Ray Brown 22083e8221 SSL standard library module wire-in
A patch implementation is provided, which augments and alters the Python
standard library's ssl module to support passing of datagram sockets, in which
case this package's DTLS protocol support will be activated. The ssl module's
interface is intended to operate identically regardless of whether the DTLS
protocol or another protocol is chosen.

The following features of the ssl module are explicitly supported with
datagram sockets:

    * socket wrapping, unwrapping, and re-wrapping
    * threaded UDP servers
    * asynchronous UDP servers (asyncore integration)
    * socket servers (SocketServer integration)

The following modules have been added:

    * dtls.patch: standard library module patching code and substitution
                  functions and methods
    * unit.py:    this is a port of the standard library's testing module
                  test_ssl.py for datagram sockets; all tests pass at this time;
                  a couple of inapplicable tests have been dropped; a few other
                  tests have been added

Also note that the err module's exception raising mechanism has been
augmented so as to raise exceptions of type ssl.SSLError (as opposed to
dtls.err.SSLError) when instructed to do so through activation of the patching
mechanism. This allows code written against the standard library module's
interface to remain unchanged. In some cases, types derived from
ssl.SSLError are raised.
2012-11-21 11:23:03 -08:00
Ray Brown 4464d0bd84 Certificate formatting and retrieval
This change introduces the implementation of the SSLConnection methods
getpeercert and cipher. The following has been added:

    * dtls.util:      utility elements shared by other modules in this package
    * dtls.x509:      a module for X509-certificate-related functionality,
                      including formatting a certificate into a Python
                      dictionary as prescribed by the Python standard
                      library's ssl module; functionality for testing with
                      PEM-encoded certificates in the file system is included
    * yahoo-cert.pem: the current certificate of www.yahoo.com: this is a good
                      testing certificate, since it contains the subject
                      alternate name extension

Other notable changes:

    * sslconnection:  private attributes are now preceded by "_"
    * openssl:        null-ness in opaque FuncParam-derived return values is
                      now properly detected and an exception is raised as
                      expected
2012-11-08 12:04:40 -08:00
Ray Brown 9bb24c5d29 Initial commit: up to and including data exchange functionality
This initial commit for the PyDTLS package includes the following functionality:

    * DTLS cookie exchange, using secure hmac cookies
    * A platform-independent routing UDP demultiplexer
    * SSL handshaking over UDP using the DTLS protocol
    * Datagram exchange using the DTLS protocol
    * SSL shutdown over UDP

The package is structured as follows:

    * dtls:               top-level package
    * dtls.demux:         demultiplexer package; automatically loads a
                          demultiplexer appropriate for the currently executing
                          platform
    * dtls.demux.router:  a routing demux for platforms whose network stacks
                          cannot assign incoming UDP packets to sockets based
                          on the sockets' connection information
    * dtls.demux.osnet:   a demux that uses the operating system's UDP packet
                          routing functionality
    * dtls.err:           package-wide error handling and error definitions
    * dtls.sslconnection: a client and server-side connection class for
                          UDP network connections secured with the DTLS protocol
    * dtls.openssl:       a ctypes-based wrapper for the OpenSSL library
    * dtls.test:          test scripts, utilities, and unit tests

The following binaries are provided:

    * libeay32.dll: cryptographic portion of the OpenSSL library
    * ssleay32.dll: protocol portion of the OpenSSL library (depends on former)
    * cygcrypto-1.0.0.dll: as libeay32.dll, but with debugging symbols
    * cygssl-1.0.0.dll: as ssleay32.dll, but with debugging symbols

All binaries have been built with the MinGW tool chain, targeted for msvcr90.
The unstripped dll's can be debugged on Windows with gdb. Cygwin is not used.
2012-10-29 12:44:24 -07:00