Commit Graph

8 Commits (7cda052bacfa63ff2bbe1f450986101e2d3e76e6)

Author SHA1 Message Date
mcfreis dade3b8213 Patched ssl-Module with SSL_BUILD_*- and ERR_*- constants and added aliases for wrap_server() and wrap_client()
* dtls/__init__.py: Added DtlsSocket() from wrapper and aliases for wrap_server() and wrap_client()
* dtls/err.py: Added patch_ssl_errors() to patch ssl-Module with ERR_* constants
* dtls/patch.py: Patched ssl-Module with SSL_BUILD_* constants and added call to patch_ssl_errors()
* dtls/wrapper.py:
	- Added a server and client function to alias/wrap DtlsSocket() creation
	- Cleanup of DtlsSocket.__init__()
	- Cleanup of exception handling in all member methods
	- Cleanup sendto() from client: no endless loop and first do a connect if not already connected
* dtls/test/unit_wrapper.py: Adopt the changes made described above
2017-03-23 14:08:20 +01:00
mcfreis ff509e0724 Added more on error evaluation and a method to get the peer certificate chain
* dtls/__init__.py: import error codes from err.py as error_codes for external access
* dtls/err.py: Added errors for ERR_WRONG_SSL_VERSION, ERR_CERTIFICATE_VERIFY_FAILED, ERR_NO_SHARED_CIPHER and ERR_SSL_HANDSHAKE_FAILURE
* dtls/openssl.py:
	- Added constant SSL_BUILD_CHAIN_FLAG_NONE for SSL_CTX_build_cert_chain()
	- Added method SSL_get_peer_cert_chain()
* dtls/patch.py: Added getpeercertchain() as method to ssl.SSLSocket()
* dtls/sslconnection.py:
	- Bugfix SSLContext.set_ecdh_curve() returns 1 for success and 0 for failure
	- SSLContext.build_cert_chain() changed default flags to SSL_BUILD_CHAIN_FLAG_NONE
	- In SSLConnection() the mtu size gets only set if no user config function is given
	- SSLConnection.listen() raises an exception for ERR_WRONG_VERSION_NUMBER, ERR_COOKIE_MISMATCH, ERR_NO_SHARED_CIPHER and all other unknown errors
	- SSLConnection.read() and write() now can also raise ERR_PORT_UNREACHABLE
	- If SSLConnection.write() successfully writes bytes to the peer, then the handshake is assumed to be okay
	- Added method SSLConnection.getpeercertchain()
* dtls/test/unit.py: ThreadedEchoServer() with an extra exception branch for the newly raised exceptions in SSLConnection.listen()
2017-03-20 16:39:50 +01:00
mcfreis 83204e8c4d Added new methods for DTLSv1.2
* dtls/err.py: Added error code ERR_WRONG_VERSION_NUMBER
* dtls/openssl.py: Added DTLS_server_method(), DTLSv1_2_server_method() and DTLSv1_2_client_method()
* dtls/patch.py: Default protocol DTLS for ssl.wrap_socket() and ssl.SSLSocket()
* dtls/sslconnection.py:
	- Introduced PROTOCOL_DTLSv1_2 and PROTOCOL_DTLS (the latter one is a synonym for the "higher" version)
	- Updated _init_client() and _init_server() with the new protocol methods
	- Default protocol DTLS for SSLConnection()
	- Return on ERR_WRONG_VERSION_NUMBER if client and server cannot agree on protocol version
* dtls/test/unit.py:
	- Extended test_get_server_certificate() to iterate over the different protocol combinations
	- Extended test_protocol_dtlsv1() to try the different protocol combinations between client and server
2017-03-20 14:48:42 +01:00
Ray 622f58358e Compatibility Updates for Python 2.7.12
* dtls/openssl.py: support reading directly into given buffer instead
                     of forcing buffer copy (for ssl module compatibility)
	* dtls/sslconnection.py: in-situ receive support, as above
	* dtls/patch.py: various changes for compatibility with the ssl module
                   of Python 2.7.12; note that the ssl module's new
                   SSLContext is not supported
	* dtls/test/unit.py: changes to support the updated ssl module,
                       including fix of deprecation warnings
	* setup.py: increase version to 1.0.2
2017-02-27 22:37:50 -08:00
Ray Brown 9add480710 Licensing
This project is now licensed under the Apache license. Individual files
now have a license reference header.

The Apache 2.0 license text is copied to the file LICENSE. The file
NOTICE, referred to in the license text, has been added. A placeholder
README.txt has been added.

These three new files are integrated into the distribution/installation
machinery, and are placed into the package directory upon installation.
2012-12-18 11:14:31 -08:00
Ray Brown 9bee9d049f Echo server connection timeout and monitoring
Prior to this change, the unit tests' echo servers' connections would sometimes
linger beyond server termination. A timeout mechanism is now implemented, which
will terminate a connection and clean up its resources when the timeout is
reached. For the purpose of unit testing, test echo servers now assert that
all connections have been terminated when the servers are closed.

For threaded echo servers, the timeout mechanism involves the use of sockets
with timeouts instead of blocking sockets. This required an implementation with
the proper handling of timeout sockets at the sslconnection level.
2012-11-25 13:44:55 -08:00
Ray Brown 22083e8221 SSL standard library module wire-in
A patch implementation is provided, which augments and alters the Python
standard library's ssl module to support passing of datagram sockets, in which
case this package's DTLS protocol support will be activated. The ssl module's
interface is intended to operate identically regardless of whether the DTLS
protocol or another protocol is chosen.

The following features of the ssl module are explicitly supported with
datagram sockets:

    * socket wrapping, unwrapping, and re-wrapping
    * threaded UDP servers
    * asynchronous UDP servers (asyncore integration)
    * socket servers (SocketServer integration)

The following modules have been added:

    * dtls.patch: standard library module patching code and substitution
                  functions and methods
    * unit.py:    this is a port of the standard library's testing module
                  test_ssl.py for datagram sockets; all tests pass at this time;
                  a couple of inapplicable tests have been dropped; a few other
                  tests have been added

Also note that the err module's exception raising mechanism has been
augmented so as to raise exceptions of type ssl.SSLError (as opposed to
dtls.err.SSLError) when instructed to do so through activation of the patching
mechanism. This allows code written against the standard library module's
interface to remain unchanged. In some cases, types derived from
ssl.SSLError are raised.
2012-11-21 11:23:03 -08:00
Ray Brown 9bb24c5d29 Initial commit: up to and including data exchange functionality
This initial commit for the PyDTLS package includes the following functionality:

    * DTLS cookie exchange, using secure hmac cookies
    * A platform-independent routing UDP demultiplexer
    * SSL handshaking over UDP using the DTLS protocol
    * Datagram exchange using the DTLS protocol
    * SSL shutdown over UDP

The package is structured as follows:

    * dtls:               top-level package
    * dtls.demux:         demultiplexer package; automatically loads a
                          demultiplexer appropriate for the currently executing
                          platform
    * dtls.demux.router:  a routing demux for platforms whose network stacks
                          cannot assign incoming UDP packets to sockets based
                          on the sockets' connection information
    * dtls.demux.osnet:   a demux that uses the operating system's UDP packet
                          routing functionality
    * dtls.err:           package-wide error handling and error definitions
    * dtls.sslconnection: a client and server-side connection class for
                          UDP network connections secured with the DTLS protocol
    * dtls.openssl:       a ctypes-based wrapper for the OpenSSL library
    * dtls.test:          test scripts, utilities, and unit tests

The following binaries are provided:

    * libeay32.dll: cryptographic portion of the OpenSSL library
    * ssleay32.dll: protocol portion of the OpenSSL library (depends on former)
    * cygcrypto-1.0.0.dll: as libeay32.dll, but with debugging symbols
    * cygssl-1.0.0.dll: as ssleay32.dll, but with debugging symbols

All binaries have been built with the MinGW tool chain, targeted for msvcr90.
The unstripped dll's can be debugged on Windows with gdb. Cygwin is not used.
2012-10-29 12:44:24 -07:00