22083e8221
A patch implementation is provided, which augments and alters the Python
standard library's ssl module to support passing of datagram sockets, in which
case this package's DTLS protocol support will be activated. The ssl module's
interface is intended to operate identically regardless of whether the DTLS
protocol or another protocol is chosen.
The following features of the ssl module are explicitly supported with
datagram sockets:
* socket wrapping, unwrapping, and re-wrapping
* threaded UDP servers
* asynchronous UDP servers (asyncore integration)
* socket servers (SocketServer integration)
The following modules have been added:
* dtls.patch: standard library module patching code and substitution
functions and methods
* unit.py: this is a port of the standard library's testing module
test_ssl.py for datagram sockets; all tests pass at this time;
a couple of inapplicable tests have been dropped; a few other
tests have been added
Also note that the err module's exception raising mechanism has been
augmented so as to raise exceptions of type ssl.SSLError (as opposed to
dtls.err.SSLError) when instructed to do so through activation of the patching
mechanism. This allows code written against the standard library module's
interface to remain unchanged. In some cases, types derived from
ssl.SSLError are raised.
94 lines
2.8 KiB
Python
94 lines
2.8 KiB
Python
# DTLS exceptions. Written by Ray Brown
|
|
"""DTLS Errors
|
|
|
|
This module defines error functionality and exception types for the dtls
|
|
package.
|
|
|
|
Classes:
|
|
|
|
SSLError -- exception raised for I/O errors
|
|
InvalidSocketError -- exception raised for improper socket objects
|
|
"""
|
|
|
|
from socket import error as socket_error
|
|
|
|
SSL_ERROR_NONE = 0
|
|
SSL_ERROR_SSL = 1
|
|
SSL_ERROR_WANT_READ = 2
|
|
SSL_ERROR_WANT_WRITE = 3
|
|
SSL_ERROR_WANT_X509_LOOKUP = 4
|
|
SSL_ERROR_SYSCALL = 5
|
|
SSL_ERROR_ZERO_RETURN = 6
|
|
SSL_ERROR_WANT_CONNECT = 7
|
|
SSL_ERROR_WANT_ACCEPT = 8
|
|
|
|
ERR_BOTH_KEY_CERT_FILES = 500
|
|
ERR_BOTH_KEY_CERT_FILES_SVR = 298
|
|
ERR_NO_CERTS = 331
|
|
ERR_NO_CIPHER = 501
|
|
ERR_HANDSHAKE_TIMEOUT = 502
|
|
ERR_PORT_UNREACHABLE = 503
|
|
ERR_COOKIE_MISMATCH = 0x1408A134
|
|
|
|
|
|
class SSLError(socket_error):
|
|
"""This exception is raised by modules in the dtls package."""
|
|
def __init__(self, *args):
|
|
super(SSLError, self).__init__(*args)
|
|
|
|
|
|
class InvalidSocketError(Exception):
|
|
"""There is a problem with a socket passed to the dtls package."""
|
|
def __init__(self, *args):
|
|
super(InvalidSocketError, self).__init__(*args)
|
|
|
|
|
|
def _make_opensslerror_class():
|
|
global _OpenSSLError
|
|
class __OpenSSLError(SSLError):
|
|
"""
|
|
This exception is raised when an error occurs in the OpenSSL library
|
|
"""
|
|
def __init__(self, ssl_error, errqueue, result, func, args):
|
|
self.ssl_error = ssl_error
|
|
self.errqueue = errqueue
|
|
self.result = result
|
|
self.func = func
|
|
self.args = args
|
|
SSLError.__init__(self, ssl_error, errqueue,
|
|
result, func, args)
|
|
|
|
_OpenSSLError = __OpenSSLError
|
|
|
|
_make_opensslerror_class()
|
|
|
|
def openssl_error():
|
|
"""Return the OpenSSL error type for use in exception clauses"""
|
|
return _OpenSSLError
|
|
|
|
def raise_as_ssl_module_error():
|
|
"""Exceptions raised from this module are instances of ssl.SSLError"""
|
|
import ssl
|
|
global SSLError
|
|
SSLError = ssl.SSLError
|
|
_make_opensslerror_class()
|
|
|
|
def raise_ssl_error(code, nested=None):
|
|
"""Raise an SSL error with the given error code"""
|
|
err_string = str(code) + ": " + _ssl_errors[code]
|
|
if nested:
|
|
raise SSLError(err_string, nested)
|
|
raise SSLError(err_string)
|
|
|
|
_ssl_errors = {
|
|
ERR_NO_CERTS: "No root certificates specified for verification " + \
|
|
"of other-side certificates",
|
|
ERR_BOTH_KEY_CERT_FILES: "Both the key & certificate files " + \
|
|
"must be specified",
|
|
ERR_BOTH_KEY_CERT_FILES_SVR: "Both the key & certificate files must be " + \
|
|
"specified for server-side operation",
|
|
ERR_NO_CIPHER: "No cipher can be selected.",
|
|
ERR_HANDSHAKE_TIMEOUT: "The handshake operation timed out",
|
|
ERR_PORT_UNREACHABLE: "The peer address is not reachable",
|
|
}
|