mirror of
				https://github.com/python/cpython.git
				synced 2025-10-20 16:33:53 +00:00 
			
		
		
		
	bpo-24334: Cleanup SSLSocket (#5252)
* The SSLSocket is no longer implemented on top of SSLObject to avoid an extra level of indirection. * Owner and session are now handled in the internal constructor. * _ssl._SSLSocket now uses the same method names as SSLSocket and SSLObject. * Channel binding type check is now handled in C code. Channel binding is always available. The patch also changes the signature of SSLObject.__init__(). In my opinion it's fine. A SSLObject is not a user-constructable object. SSLContext.wrap_bio() is the only valid factory.
This commit is contained in:
		
							parent
							
								
									b18f8bc1a7
								
							
						
					
					
						commit
						141c5e8c24
					
				
					 5 changed files with 183 additions and 117 deletions
				
			
		
							
								
								
									
										116
									
								
								Lib/ssl.py
									
										
									
									
									
								
							
							
						
						
									
										116
									
								
								Lib/ssl.py
									
										
									
									
									
								
							|  | @ -166,10 +166,7 @@ | |||
| 
 | ||||
| socket_error = OSError  # keep that public name in module namespace | ||||
| 
 | ||||
| if _ssl.HAS_TLS_UNIQUE: | ||||
|     CHANNEL_BINDING_TYPES = ['tls-unique'] | ||||
| else: | ||||
|     CHANNEL_BINDING_TYPES = [] | ||||
| CHANNEL_BINDING_TYPES = ['tls-unique'] | ||||
| 
 | ||||
| HAS_NEVER_CHECK_COMMON_NAME = hasattr(_ssl, 'HOSTFLAG_NEVER_CHECK_SUBJECT') | ||||
| 
 | ||||
|  | @ -407,11 +404,11 @@ def wrap_bio(self, incoming, outgoing, server_side=False, | |||
|                  server_hostname=None, session=None): | ||||
|         # Need to encode server_hostname here because _wrap_bio() can only | ||||
|         # handle ASCII str. | ||||
|         sslobj = self._wrap_bio( | ||||
|         return self.sslobject_class( | ||||
|             incoming, outgoing, server_side=server_side, | ||||
|             server_hostname=self._encode_hostname(server_hostname) | ||||
|             server_hostname=self._encode_hostname(server_hostname), | ||||
|             session=session, _context=self, | ||||
|         ) | ||||
|         return self.sslobject_class(sslobj, session=session) | ||||
| 
 | ||||
|     def set_npn_protocols(self, npn_protocols): | ||||
|         protos = bytearray() | ||||
|  | @ -616,12 +613,13 @@ class SSLObject: | |||
|      * The ``do_handshake_on_connect`` and ``suppress_ragged_eofs`` machinery. | ||||
|     """ | ||||
| 
 | ||||
|     def __init__(self, sslobj, owner=None, session=None): | ||||
|         self._sslobj = sslobj | ||||
|         # Note: _sslobj takes a weak reference to owner | ||||
|         self._sslobj.owner = owner or self | ||||
|         if session is not None: | ||||
|             self._sslobj.session = session | ||||
|     def __init__(self, incoming, outgoing, server_side=False, | ||||
|                  server_hostname=None, session=None, _context=None): | ||||
|         self._sslobj = _context._wrap_bio( | ||||
|             incoming, outgoing, server_side=server_side, | ||||
|             server_hostname=server_hostname, | ||||
|             owner=self, session=session | ||||
|         ) | ||||
| 
 | ||||
|     @property | ||||
|     def context(self): | ||||
|  | @ -684,7 +682,7 @@ def getpeercert(self, binary_form=False): | |||
|         Return None if no certificate was provided, {} if a certificate was | ||||
|         provided, but not validated. | ||||
|         """ | ||||
|         return self._sslobj.peer_certificate(binary_form) | ||||
|         return self._sslobj.getpeercert(binary_form) | ||||
| 
 | ||||
|     def selected_npn_protocol(self): | ||||
|         """Return the currently selected NPN protocol as a string, or ``None`` | ||||
|  | @ -732,13 +730,7 @@ def get_channel_binding(self, cb_type="tls-unique"): | |||
|         """Get channel binding data for current connection.  Raise ValueError | ||||
|         if the requested `cb_type` is not supported.  Return bytes of the data | ||||
|         or None if the data is not available (e.g. before the handshake).""" | ||||
|         if cb_type not in CHANNEL_BINDING_TYPES: | ||||
|             raise ValueError("Unsupported channel binding type") | ||||
|         if cb_type != "tls-unique": | ||||
|             raise NotImplementedError( | ||||
|                             "{0} channel binding type not implemented" | ||||
|                             .format(cb_type)) | ||||
|         return self._sslobj.tls_unique_cb() | ||||
|         return self._sslobj.get_channel_binding(cb_type) | ||||
| 
 | ||||
|     def version(self): | ||||
|         """Return a string identifying the protocol version used by the | ||||
|  | @ -832,10 +824,10 @@ def __init__(self, sock=None, keyfile=None, certfile=None, | |||
|         if connected: | ||||
|             # create the SSL object | ||||
|             try: | ||||
|                 sslobj = self._context._wrap_socket(self, server_side, | ||||
|                                                     self.server_hostname) | ||||
|                 self._sslobj = SSLObject(sslobj, owner=self, | ||||
|                                          session=self._session) | ||||
|                 self._sslobj = self._context._wrap_socket( | ||||
|                     self, server_side, self.server_hostname, | ||||
|                     owner=self, session=self._session, | ||||
|                 ) | ||||
|                 if do_handshake_on_connect: | ||||
|                     timeout = self.gettimeout() | ||||
|                     if timeout == 0.0: | ||||
|  | @ -895,10 +887,13 @@ def read(self, len=1024, buffer=None): | |||
|         Return zero-length string on EOF.""" | ||||
| 
 | ||||
|         self._checkClosed() | ||||
|         if not self._sslobj: | ||||
|         if self._sslobj is None: | ||||
|             raise ValueError("Read on closed or unwrapped SSL socket.") | ||||
|         try: | ||||
|             return self._sslobj.read(len, buffer) | ||||
|             if buffer is not None: | ||||
|                 return self._sslobj.read(len, buffer) | ||||
|             else: | ||||
|                 return self._sslobj.read(len) | ||||
|         except SSLError as x: | ||||
|             if x.args[0] == SSL_ERROR_EOF and self.suppress_ragged_eofs: | ||||
|                 if buffer is not None: | ||||
|  | @ -913,7 +908,7 @@ def write(self, data): | |||
|         number of bytes of DATA actually transmitted.""" | ||||
| 
 | ||||
|         self._checkClosed() | ||||
|         if not self._sslobj: | ||||
|         if self._sslobj is None: | ||||
|             raise ValueError("Write on closed or unwrapped SSL socket.") | ||||
|         return self._sslobj.write(data) | ||||
| 
 | ||||
|  | @ -929,41 +924,42 @@ def getpeercert(self, binary_form=False): | |||
| 
 | ||||
|     def selected_npn_protocol(self): | ||||
|         self._checkClosed() | ||||
|         if not self._sslobj or not _ssl.HAS_NPN: | ||||
|         if self._sslobj is None or not _ssl.HAS_NPN: | ||||
|             return None | ||||
|         else: | ||||
|             return self._sslobj.selected_npn_protocol() | ||||
| 
 | ||||
|     def selected_alpn_protocol(self): | ||||
|         self._checkClosed() | ||||
|         if not self._sslobj or not _ssl.HAS_ALPN: | ||||
|         if self._sslobj is None or not _ssl.HAS_ALPN: | ||||
|             return None | ||||
|         else: | ||||
|             return self._sslobj.selected_alpn_protocol() | ||||
| 
 | ||||
|     def cipher(self): | ||||
|         self._checkClosed() | ||||
|         if not self._sslobj: | ||||
|         if self._sslobj is None: | ||||
|             return None | ||||
|         else: | ||||
|             return self._sslobj.cipher() | ||||
| 
 | ||||
|     def shared_ciphers(self): | ||||
|         self._checkClosed() | ||||
|         if not self._sslobj: | ||||
|         if self._sslobj is None: | ||||
|             return None | ||||
|         return self._sslobj.shared_ciphers() | ||||
|         else: | ||||
|             return self._sslobj.shared_ciphers() | ||||
| 
 | ||||
|     def compression(self): | ||||
|         self._checkClosed() | ||||
|         if not self._sslobj: | ||||
|         if self._sslobj is None: | ||||
|             return None | ||||
|         else: | ||||
|             return self._sslobj.compression() | ||||
| 
 | ||||
|     def send(self, data, flags=0): | ||||
|         self._checkClosed() | ||||
|         if self._sslobj: | ||||
|         if self._sslobj is not None: | ||||
|             if flags != 0: | ||||
|                 raise ValueError( | ||||
|                     "non-zero flags not allowed in calls to send() on %s" % | ||||
|  | @ -974,7 +970,7 @@ def send(self, data, flags=0): | |||
| 
 | ||||
|     def sendto(self, data, flags_or_addr, addr=None): | ||||
|         self._checkClosed() | ||||
|         if self._sslobj: | ||||
|         if self._sslobj is not None: | ||||
|             raise ValueError("sendto not allowed on instances of %s" % | ||||
|                              self.__class__) | ||||
|         elif addr is None: | ||||
|  | @ -990,7 +986,7 @@ def sendmsg(self, *args, **kwargs): | |||
| 
 | ||||
|     def sendall(self, data, flags=0): | ||||
|         self._checkClosed() | ||||
|         if self._sslobj: | ||||
|         if self._sslobj is not None: | ||||
|             if flags != 0: | ||||
|                 raise ValueError( | ||||
|                     "non-zero flags not allowed in calls to sendall() on %s" % | ||||
|  | @ -1008,15 +1004,15 @@ def sendfile(self, file, offset=0, count=None): | |||
|         """Send a file, possibly by using os.sendfile() if this is a | ||||
|         clear-text socket.  Return the total number of bytes sent. | ||||
|         """ | ||||
|         if self._sslobj is None: | ||||
|         if self._sslobj is not None: | ||||
|             return self._sendfile_use_send(file, offset, count) | ||||
|         else: | ||||
|             # os.sendfile() works with plain sockets only | ||||
|             return super().sendfile(file, offset, count) | ||||
|         else: | ||||
|             return self._sendfile_use_send(file, offset, count) | ||||
| 
 | ||||
|     def recv(self, buflen=1024, flags=0): | ||||
|         self._checkClosed() | ||||
|         if self._sslobj: | ||||
|         if self._sslobj is not None: | ||||
|             if flags != 0: | ||||
|                 raise ValueError( | ||||
|                     "non-zero flags not allowed in calls to recv() on %s" % | ||||
|  | @ -1031,7 +1027,7 @@ def recv_into(self, buffer, nbytes=None, flags=0): | |||
|             nbytes = len(buffer) | ||||
|         elif nbytes is None: | ||||
|             nbytes = 1024 | ||||
|         if self._sslobj: | ||||
|         if self._sslobj is not None: | ||||
|             if flags != 0: | ||||
|                 raise ValueError( | ||||
|                   "non-zero flags not allowed in calls to recv_into() on %s" % | ||||
|  | @ -1042,7 +1038,7 @@ def recv_into(self, buffer, nbytes=None, flags=0): | |||
| 
 | ||||
|     def recvfrom(self, buflen=1024, flags=0): | ||||
|         self._checkClosed() | ||||
|         if self._sslobj: | ||||
|         if self._sslobj is not None: | ||||
|             raise ValueError("recvfrom not allowed on instances of %s" % | ||||
|                              self.__class__) | ||||
|         else: | ||||
|  | @ -1050,7 +1046,7 @@ def recvfrom(self, buflen=1024, flags=0): | |||
| 
 | ||||
|     def recvfrom_into(self, buffer, nbytes=None, flags=0): | ||||
|         self._checkClosed() | ||||
|         if self._sslobj: | ||||
|         if self._sslobj is not None: | ||||
|             raise ValueError("recvfrom_into not allowed on instances of %s" % | ||||
|                              self.__class__) | ||||
|         else: | ||||
|  | @ -1066,7 +1062,7 @@ def recvmsg_into(self, *args, **kwargs): | |||
| 
 | ||||
|     def pending(self): | ||||
|         self._checkClosed() | ||||
|         if self._sslobj: | ||||
|         if self._sslobj is not None: | ||||
|             return self._sslobj.pending() | ||||
|         else: | ||||
|             return 0 | ||||
|  | @ -1078,7 +1074,7 @@ def shutdown(self, how): | |||
| 
 | ||||
|     def unwrap(self): | ||||
|         if self._sslobj: | ||||
|             s = self._sslobj.unwrap() | ||||
|             s = self._sslobj.shutdown() | ||||
|             self._sslobj = None | ||||
|             return s | ||||
|         else: | ||||
|  | @ -1096,6 +1092,11 @@ def do_handshake(self, block=False): | |||
|             if timeout == 0.0 and block: | ||||
|                 self.settimeout(None) | ||||
|             self._sslobj.do_handshake() | ||||
|             if self.context.check_hostname: | ||||
|                 if not self.server_hostname: | ||||
|                     raise ValueError("check_hostname needs server_hostname " | ||||
|                                      "argument") | ||||
|                 match_hostname(self.getpeercert(), self.server_hostname) | ||||
|         finally: | ||||
|             self.settimeout(timeout) | ||||
| 
 | ||||
|  | @ -1104,11 +1105,12 @@ def _real_connect(self, addr, connect_ex): | |||
|             raise ValueError("can't connect in server-side mode") | ||||
|         # Here we assume that the socket is client-side, and not | ||||
|         # connected at the time of the call.  We connect it, then wrap it. | ||||
|         if self._connected: | ||||
|         if self._connected or self._sslobj is not None: | ||||
|             raise ValueError("attempt to connect already-connected SSLSocket!") | ||||
|         sslobj = self.context._wrap_socket(self, False, self.server_hostname) | ||||
|         self._sslobj = SSLObject(sslobj, owner=self, | ||||
|                                  session=self._session) | ||||
|         self._sslobj = self.context._wrap_socket( | ||||
|             self, False, self.server_hostname, | ||||
|             owner=self, session=self._session | ||||
|         ) | ||||
|         try: | ||||
|             if connect_ex: | ||||
|                 rc = super().connect_ex(addr) | ||||
|  | @ -1151,18 +1153,24 @@ def get_channel_binding(self, cb_type="tls-unique"): | |||
|         if the requested `cb_type` is not supported.  Return bytes of the data | ||||
|         or None if the data is not available (e.g. before the handshake). | ||||
|         """ | ||||
|         if self._sslobj is None: | ||||
|         if self._sslobj is not None: | ||||
|             return self._sslobj.get_channel_binding(cb_type) | ||||
|         else: | ||||
|             if cb_type not in CHANNEL_BINDING_TYPES: | ||||
|                 raise ValueError( | ||||
|                     "{0} channel binding type not implemented".format(cb_type) | ||||
|                 ) | ||||
|             return None | ||||
|         return self._sslobj.get_channel_binding(cb_type) | ||||
| 
 | ||||
|     def version(self): | ||||
|         """ | ||||
|         Return a string identifying the protocol version used by the | ||||
|         current SSL channel, or None if there is no established channel. | ||||
|         """ | ||||
|         if self._sslobj is None: | ||||
|         if self._sslobj is not None: | ||||
|             return self._sslobj.version() | ||||
|         else: | ||||
|             return None | ||||
|         return self._sslobj.version() | ||||
| 
 | ||||
| 
 | ||||
| # Python does not support forward declaration of types. | ||||
|  |  | |||
|  | @ -455,6 +455,8 @@ def test_wrapped_unconnected(self): | |||
|             self.assertRaises(OSError, ss.recvfrom_into, bytearray(b'x'), 1) | ||||
|             self.assertRaises(OSError, ss.send, b'x') | ||||
|             self.assertRaises(OSError, ss.sendto, b'x', ('0.0.0.0', 0)) | ||||
|             self.assertRaises(NotImplementedError, ss.sendmsg, | ||||
|                               [b'x'], (), 0, ('0.0.0.0', 0)) | ||||
| 
 | ||||
|     def test_timeout(self): | ||||
|         # Issue #8524: when creating an SSL socket, the timeout of the | ||||
|  | @ -3381,11 +3383,13 @@ def test_version_basic(self): | |||
|                                 chatty=False) as server: | ||||
|             with context.wrap_socket(socket.socket()) as s: | ||||
|                 self.assertIs(s.version(), None) | ||||
|                 self.assertIs(s._sslobj, None) | ||||
|                 s.connect((HOST, server.port)) | ||||
|                 if ssl.OPENSSL_VERSION_INFO >= (1, 0, 2): | ||||
|                     self.assertEqual(s.version(), 'TLSv1.2') | ||||
|                 else:  # 0.9.8 to 1.0.1 | ||||
|                     self.assertIn(s.version(), ('TLSv1', 'TLSv1.2')) | ||||
|             self.assertIs(s._sslobj, None) | ||||
|             self.assertIs(s.version(), None) | ||||
| 
 | ||||
|     @unittest.skipUnless(ssl.HAS_TLSv1_3, | ||||
|  |  | |||
|  | @ -0,0 +1,4 @@ | |||
| Internal implementation details of ssl module were cleaned up. The SSLSocket | ||||
| has one less layer of indirection. Owner and session information are now | ||||
| handled by the SSLSocket and SSLObject constructor. Channel binding | ||||
| implementation has been simplified. | ||||
|  | @ -408,6 +408,8 @@ class _ssl.SSLSession "PySSLSession *" "&PySSLSession_Type" | |||
| 
 | ||||
| static int PySSL_select(PySocketSockObject *s, int writing, _PyTime_t timeout); | ||||
| 
 | ||||
| static int PySSL_set_owner(PySSLSocket *, PyObject *, void *); | ||||
| static int PySSL_set_session(PySSLSocket *, PyObject *, void *); | ||||
| #define PySSLSocket_Check(v)    (Py_TYPE(v) == &PySSLSocket_Type) | ||||
| #define PySSLMemoryBIO_Check(v)    (Py_TYPE(v) == &PySSLMemoryBIO_Type) | ||||
| #define PySSLSession_Check(v)   (Py_TYPE(v) == &PySSLSession_Type) | ||||
|  | @ -799,6 +801,7 @@ static PySSLSocket * | |||
| newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, | ||||
|                enum py_ssl_server_or_client socket_type, | ||||
|                char *server_hostname, | ||||
|                PyObject *owner, PyObject *session, | ||||
|                PySSLMemoryBIO *inbio, PySSLMemoryBIO *outbio) | ||||
| { | ||||
|     PySSLSocket *self; | ||||
|  | @ -875,6 +878,18 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, | |||
|             return NULL; | ||||
|         } | ||||
|     } | ||||
|     if (owner && owner != Py_None) { | ||||
|         if (PySSL_set_owner(self, owner, NULL) == -1) { | ||||
|             Py_DECREF(self); | ||||
|             return NULL; | ||||
|         } | ||||
|     } | ||||
|     if (session && session != Py_None) { | ||||
|         if (PySSL_set_session(self, session, NULL) == -1) { | ||||
|             Py_DECREF(self); | ||||
|             return NULL; | ||||
|         } | ||||
|     } | ||||
|     return self; | ||||
| } | ||||
| 
 | ||||
|  | @ -1677,7 +1692,7 @@ _ssl__test_decode_cert_impl(PyObject *module, PyObject *path) | |||
| 
 | ||||
| 
 | ||||
| /*[clinic input]
 | ||||
| _ssl._SSLSocket.peer_certificate | ||||
| _ssl._SSLSocket.getpeercert | ||||
|     der as binary_mode: bool = False | ||||
|     / | ||||
| 
 | ||||
|  | @ -1693,8 +1708,8 @@ return the certificate even if it wasn't validated. | |||
| [clinic start generated code]*/ | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLSocket_peer_certificate_impl(PySSLSocket *self, int binary_mode) | ||||
| /*[clinic end generated code: output=f0dc3e4d1d818a1d input=8281bd1d193db843]*/ | ||||
| _ssl__SSLSocket_getpeercert_impl(PySSLSocket *self, int binary_mode) | ||||
| /*[clinic end generated code: output=1f0ab66dfb693c88 input=c0fbe802e57629b7]*/ | ||||
| { | ||||
|     int verification; | ||||
|     X509 *peer_cert; | ||||
|  | @ -2395,13 +2410,11 @@ _ssl__SSLSocket_read_impl(PySSLSocket *self, int len, int group_right_1, | |||
| _ssl._SSLSocket.shutdown | ||||
| 
 | ||||
| Does the SSL shutdown handshake with the remote end. | ||||
| 
 | ||||
| Returns the underlying socket object. | ||||
| [clinic start generated code]*/ | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLSocket_shutdown_impl(PySSLSocket *self) | ||||
| /*[clinic end generated code: output=ca1aa7ed9d25ca42 input=ede2cc1a2ddf0ee4]*/ | ||||
| /*[clinic end generated code: output=ca1aa7ed9d25ca42 input=11d39e69b0a2bf4a]*/ | ||||
| { | ||||
|     int err, sockstate, nonblocking; | ||||
|     int zeros = 0; | ||||
|  | @ -2506,37 +2519,48 @@ _ssl__SSLSocket_shutdown_impl(PySSLSocket *self) | |||
| } | ||||
| 
 | ||||
| /*[clinic input]
 | ||||
| _ssl._SSLSocket.tls_unique_cb | ||||
| _ssl._SSLSocket.get_channel_binding | ||||
|    cb_type: str = "tls-unique" | ||||
| 
 | ||||
| Returns the 'tls-unique' channel binding data, as defined by RFC 5929. | ||||
| Get channel binding data for current connection. | ||||
| 
 | ||||
| If the TLS handshake is not yet complete, None is returned. | ||||
| Raise ValueError if the requested `cb_type` is not supported.  Return bytes | ||||
| of the data or None if the data is not available (e.g. before the handshake). | ||||
| Only 'tls-unique' channel binding data from RFC 5929 is supported. | ||||
| [clinic start generated code]*/ | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLSocket_tls_unique_cb_impl(PySSLSocket *self) | ||||
| /*[clinic end generated code: output=f3a832d603f586af input=439525c7b3d8d34d]*/ | ||||
| _ssl__SSLSocket_get_channel_binding_impl(PySSLSocket *self, | ||||
|                                          const char *cb_type) | ||||
| /*[clinic end generated code: output=34bac9acb6a61d31 input=08b7e43b99c17d41]*/ | ||||
| { | ||||
|     PyObject *retval = NULL; | ||||
|     char buf[PySSL_CB_MAXLEN]; | ||||
|     size_t len; | ||||
| 
 | ||||
|     if (SSL_session_reused(self->ssl) ^ !self->socket_type) { | ||||
|         /* if session is resumed XOR we are the client */ | ||||
|         len = SSL_get_finished(self->ssl, buf, PySSL_CB_MAXLEN); | ||||
|     if (strcmp(cb_type, "tls-unique") == 0) { | ||||
|         if (SSL_session_reused(self->ssl) ^ !self->socket_type) { | ||||
|             /* if session is resumed XOR we are the client */ | ||||
|             len = SSL_get_finished(self->ssl, buf, PySSL_CB_MAXLEN); | ||||
|         } | ||||
|         else { | ||||
|             /* if a new session XOR we are the server */ | ||||
|             len = SSL_get_peer_finished(self->ssl, buf, PySSL_CB_MAXLEN); | ||||
|         } | ||||
|     } | ||||
|     else { | ||||
|         /* if a new session XOR we are the server */ | ||||
|         len = SSL_get_peer_finished(self->ssl, buf, PySSL_CB_MAXLEN); | ||||
|         PyErr_Format( | ||||
|             PyExc_ValueError, | ||||
|             "'%s' channel binding type not implemented", | ||||
|             cb_type | ||||
|         ); | ||||
|         return NULL; | ||||
|     } | ||||
| 
 | ||||
|     /* It cannot be negative in current OpenSSL version as of July 2011 */ | ||||
|     if (len == 0) | ||||
|         Py_RETURN_NONE; | ||||
| 
 | ||||
|     retval = PyBytes_FromStringAndSize(buf, len); | ||||
| 
 | ||||
|     return retval; | ||||
|     return PyBytes_FromStringAndSize(buf, len); | ||||
| } | ||||
| 
 | ||||
| #ifdef OPENSSL_VERSION_1_1 | ||||
|  | @ -2706,7 +2730,8 @@ static PyMethodDef PySSLMethods[] = { | |||
|     _SSL__SSLSOCKET_WRITE_METHODDEF | ||||
|     _SSL__SSLSOCKET_READ_METHODDEF | ||||
|     _SSL__SSLSOCKET_PENDING_METHODDEF | ||||
|     _SSL__SSLSOCKET_PEER_CERTIFICATE_METHODDEF | ||||
|     _SSL__SSLSOCKET_GETPEERCERT_METHODDEF | ||||
|     _SSL__SSLSOCKET_GET_CHANNEL_BINDING_METHODDEF | ||||
|     _SSL__SSLSOCKET_CIPHER_METHODDEF | ||||
|     _SSL__SSLSOCKET_SHARED_CIPHERS_METHODDEF | ||||
|     _SSL__SSLSOCKET_VERSION_METHODDEF | ||||
|  | @ -2714,7 +2739,6 @@ static PyMethodDef PySSLMethods[] = { | |||
|     _SSL__SSLSOCKET_SELECTED_ALPN_PROTOCOL_METHODDEF | ||||
|     _SSL__SSLSOCKET_COMPRESSION_METHODDEF | ||||
|     _SSL__SSLSOCKET_SHUTDOWN_METHODDEF | ||||
|     _SSL__SSLSOCKET_TLS_UNIQUE_CB_METHODDEF | ||||
|     {NULL, NULL} | ||||
| }; | ||||
| 
 | ||||
|  | @ -3810,13 +3834,17 @@ _ssl._SSLContext._wrap_socket | |||
|     sock: object(subclass_of="PySocketModule.Sock_Type") | ||||
|     server_side: int | ||||
|     server_hostname as hostname_obj: object = None | ||||
|     * | ||||
|     owner: object = None | ||||
|     session: object = None | ||||
| 
 | ||||
| [clinic start generated code]*/ | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLContext__wrap_socket_impl(PySSLContext *self, PyObject *sock, | ||||
|                                    int server_side, PyObject *hostname_obj) | ||||
| /*[clinic end generated code: output=6973e4b60995e933 input=83859b9156ddfc63]*/ | ||||
|                                    int server_side, PyObject *hostname_obj, | ||||
|                                    PyObject *owner, PyObject *session) | ||||
| /*[clinic end generated code: output=f103f238633940b4 input=957d5006183d1894]*/ | ||||
| { | ||||
|     char *hostname = NULL; | ||||
|     PyObject *res; | ||||
|  | @ -3830,6 +3858,7 @@ _ssl__SSLContext__wrap_socket_impl(PySSLContext *self, PyObject *sock, | |||
| 
 | ||||
|     res = (PyObject *) newPySSLSocket(self, (PySocketSockObject *)sock, | ||||
|                                       server_side, hostname, | ||||
|                                       owner, session, | ||||
|                                       NULL, NULL); | ||||
|     if (hostname != NULL) | ||||
|         PyMem_Free(hostname); | ||||
|  | @ -3842,14 +3871,18 @@ _ssl._SSLContext._wrap_bio | |||
|     outgoing: object(subclass_of="&PySSLMemoryBIO_Type", type="PySSLMemoryBIO *") | ||||
|     server_side: int | ||||
|     server_hostname as hostname_obj: object = None | ||||
|     * | ||||
|     owner: object = None | ||||
|     session: object = None | ||||
| 
 | ||||
| [clinic start generated code]*/ | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLContext__wrap_bio_impl(PySSLContext *self, PySSLMemoryBIO *incoming, | ||||
|                                 PySSLMemoryBIO *outgoing, int server_side, | ||||
|                                 PyObject *hostname_obj) | ||||
| /*[clinic end generated code: output=4fe4ba75ad95940d input=17725ecdac0bf220]*/ | ||||
|                                 PyObject *hostname_obj, PyObject *owner, | ||||
|                                 PyObject *session) | ||||
| /*[clinic end generated code: output=5c5d6d9b41f99332 input=8cf22f4d586ac56a]*/ | ||||
| { | ||||
|     char *hostname = NULL; | ||||
|     PyObject *res; | ||||
|  | @ -3862,6 +3895,7 @@ _ssl__SSLContext__wrap_bio_impl(PySSLContext *self, PySSLMemoryBIO *incoming, | |||
|     } | ||||
| 
 | ||||
|     res = (PyObject *) newPySSLSocket(self, NULL, server_side, hostname, | ||||
|                                       owner, session, | ||||
|                                       incoming, outgoing); | ||||
| 
 | ||||
|     PyMem_Free(hostname); | ||||
|  | @ -5663,10 +5697,6 @@ PyInit__ssl(void) | |||
|     Py_INCREF(r); | ||||
|     PyModule_AddObject(m, "HAS_SNI", r); | ||||
| 
 | ||||
|     r = Py_True; | ||||
|     Py_INCREF(r); | ||||
|     PyModule_AddObject(m, "HAS_TLS_UNIQUE", r); | ||||
| 
 | ||||
| #ifdef OPENSSL_NO_ECDH | ||||
|     r = Py_False; | ||||
| #else | ||||
|  |  | |||
|  | @ -45,8 +45,8 @@ exit: | |||
|     return return_value; | ||||
| } | ||||
| 
 | ||||
| PyDoc_STRVAR(_ssl__SSLSocket_peer_certificate__doc__, | ||||
| "peer_certificate($self, der=False, /)\n" | ||||
| PyDoc_STRVAR(_ssl__SSLSocket_getpeercert__doc__, | ||||
| "getpeercert($self, der=False, /)\n" | ||||
| "--\n" | ||||
| "\n" | ||||
| "Returns the certificate for the peer.\n" | ||||
|  | @ -59,23 +59,23 @@ PyDoc_STRVAR(_ssl__SSLSocket_peer_certificate__doc__, | |||
| "peer certificate, or None if no certificate was provided.  This will\n" | ||||
| "return the certificate even if it wasn\'t validated."); | ||||
| 
 | ||||
| #define _SSL__SSLSOCKET_PEER_CERTIFICATE_METHODDEF    \ | ||||
|     {"peer_certificate", (PyCFunction)_ssl__SSLSocket_peer_certificate, METH_FASTCALL, _ssl__SSLSocket_peer_certificate__doc__}, | ||||
| #define _SSL__SSLSOCKET_GETPEERCERT_METHODDEF    \ | ||||
|     {"getpeercert", (PyCFunction)_ssl__SSLSocket_getpeercert, METH_FASTCALL, _ssl__SSLSocket_getpeercert__doc__}, | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLSocket_peer_certificate_impl(PySSLSocket *self, int binary_mode); | ||||
| _ssl__SSLSocket_getpeercert_impl(PySSLSocket *self, int binary_mode); | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLSocket_peer_certificate(PySSLSocket *self, PyObject *const *args, Py_ssize_t nargs) | ||||
| _ssl__SSLSocket_getpeercert(PySSLSocket *self, PyObject *const *args, Py_ssize_t nargs) | ||||
| { | ||||
|     PyObject *return_value = NULL; | ||||
|     int binary_mode = 0; | ||||
| 
 | ||||
|     if (!_PyArg_ParseStack(args, nargs, "|p:peer_certificate", | ||||
|     if (!_PyArg_ParseStack(args, nargs, "|p:getpeercert", | ||||
|         &binary_mode)) { | ||||
|         goto exit; | ||||
|     } | ||||
|     return_value = _ssl__SSLSocket_peer_certificate_impl(self, binary_mode); | ||||
|     return_value = _ssl__SSLSocket_getpeercert_impl(self, binary_mode); | ||||
| 
 | ||||
| exit: | ||||
|     return return_value; | ||||
|  | @ -293,9 +293,7 @@ PyDoc_STRVAR(_ssl__SSLSocket_shutdown__doc__, | |||
| "shutdown($self, /)\n" | ||||
| "--\n" | ||||
| "\n" | ||||
| "Does the SSL shutdown handshake with the remote end.\n" | ||||
| "\n" | ||||
| "Returns the underlying socket object."); | ||||
| "Does the SSL shutdown handshake with the remote end."); | ||||
| 
 | ||||
| #define _SSL__SSLSOCKET_SHUTDOWN_METHODDEF    \ | ||||
|     {"shutdown", (PyCFunction)_ssl__SSLSocket_shutdown, METH_NOARGS, _ssl__SSLSocket_shutdown__doc__}, | ||||
|  | @ -309,24 +307,39 @@ _ssl__SSLSocket_shutdown(PySSLSocket *self, PyObject *Py_UNUSED(ignored)) | |||
|     return _ssl__SSLSocket_shutdown_impl(self); | ||||
| } | ||||
| 
 | ||||
| PyDoc_STRVAR(_ssl__SSLSocket_tls_unique_cb__doc__, | ||||
| "tls_unique_cb($self, /)\n" | ||||
| PyDoc_STRVAR(_ssl__SSLSocket_get_channel_binding__doc__, | ||||
| "get_channel_binding($self, /, cb_type=\'tls-unique\')\n" | ||||
| "--\n" | ||||
| "\n" | ||||
| "Returns the \'tls-unique\' channel binding data, as defined by RFC 5929.\n" | ||||
| "Get channel binding data for current connection.\n" | ||||
| "\n" | ||||
| "If the TLS handshake is not yet complete, None is returned."); | ||||
| "Raise ValueError if the requested `cb_type` is not supported.  Return bytes\n" | ||||
| "of the data or None if the data is not available (e.g. before the handshake).\n" | ||||
| "Only \'tls-unique\' channel binding data from RFC 5929 is supported."); | ||||
| 
 | ||||
| #define _SSL__SSLSOCKET_TLS_UNIQUE_CB_METHODDEF    \ | ||||
|     {"tls_unique_cb", (PyCFunction)_ssl__SSLSocket_tls_unique_cb, METH_NOARGS, _ssl__SSLSocket_tls_unique_cb__doc__}, | ||||
| #define _SSL__SSLSOCKET_GET_CHANNEL_BINDING_METHODDEF    \ | ||||
|     {"get_channel_binding", (PyCFunction)_ssl__SSLSocket_get_channel_binding, METH_FASTCALL|METH_KEYWORDS, _ssl__SSLSocket_get_channel_binding__doc__}, | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLSocket_tls_unique_cb_impl(PySSLSocket *self); | ||||
| _ssl__SSLSocket_get_channel_binding_impl(PySSLSocket *self, | ||||
|                                          const char *cb_type); | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLSocket_tls_unique_cb(PySSLSocket *self, PyObject *Py_UNUSED(ignored)) | ||||
| _ssl__SSLSocket_get_channel_binding(PySSLSocket *self, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) | ||||
| { | ||||
|     return _ssl__SSLSocket_tls_unique_cb_impl(self); | ||||
|     PyObject *return_value = NULL; | ||||
|     static const char * const _keywords[] = {"cb_type", NULL}; | ||||
|     static _PyArg_Parser _parser = {"|s:get_channel_binding", _keywords, 0}; | ||||
|     const char *cb_type = "tls-unique"; | ||||
| 
 | ||||
|     if (!_PyArg_ParseStackAndKeywords(args, nargs, kwnames, &_parser, | ||||
|         &cb_type)) { | ||||
|         goto exit; | ||||
|     } | ||||
|     return_value = _ssl__SSLSocket_get_channel_binding_impl(self, cb_type); | ||||
| 
 | ||||
| exit: | ||||
|     return return_value; | ||||
| } | ||||
| 
 | ||||
| static PyObject * | ||||
|  | @ -538,7 +551,8 @@ PyDoc_STRVAR(_ssl__SSLContext_load_dh_params__doc__, | |||
|     {"load_dh_params", (PyCFunction)_ssl__SSLContext_load_dh_params, METH_O, _ssl__SSLContext_load_dh_params__doc__}, | ||||
| 
 | ||||
| PyDoc_STRVAR(_ssl__SSLContext__wrap_socket__doc__, | ||||
| "_wrap_socket($self, /, sock, server_side, server_hostname=None)\n" | ||||
| "_wrap_socket($self, /, sock, server_side, server_hostname=None, *,\n" | ||||
| "             owner=None, session=None)\n" | ||||
| "--\n" | ||||
| "\n"); | ||||
| 
 | ||||
|  | @ -547,23 +561,26 @@ PyDoc_STRVAR(_ssl__SSLContext__wrap_socket__doc__, | |||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLContext__wrap_socket_impl(PySSLContext *self, PyObject *sock, | ||||
|                                    int server_side, PyObject *hostname_obj); | ||||
|                                    int server_side, PyObject *hostname_obj, | ||||
|                                    PyObject *owner, PyObject *session); | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLContext__wrap_socket(PySSLContext *self, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) | ||||
| { | ||||
|     PyObject *return_value = NULL; | ||||
|     static const char * const _keywords[] = {"sock", "server_side", "server_hostname", NULL}; | ||||
|     static _PyArg_Parser _parser = {"O!i|O:_wrap_socket", _keywords, 0}; | ||||
|     static const char * const _keywords[] = {"sock", "server_side", "server_hostname", "owner", "session", NULL}; | ||||
|     static _PyArg_Parser _parser = {"O!i|O$OO:_wrap_socket", _keywords, 0}; | ||||
|     PyObject *sock; | ||||
|     int server_side; | ||||
|     PyObject *hostname_obj = Py_None; | ||||
|     PyObject *owner = Py_None; | ||||
|     PyObject *session = Py_None; | ||||
| 
 | ||||
|     if (!_PyArg_ParseStackAndKeywords(args, nargs, kwnames, &_parser, | ||||
|         PySocketModule.Sock_Type, &sock, &server_side, &hostname_obj)) { | ||||
|         PySocketModule.Sock_Type, &sock, &server_side, &hostname_obj, &owner, &session)) { | ||||
|         goto exit; | ||||
|     } | ||||
|     return_value = _ssl__SSLContext__wrap_socket_impl(self, sock, server_side, hostname_obj); | ||||
|     return_value = _ssl__SSLContext__wrap_socket_impl(self, sock, server_side, hostname_obj, owner, session); | ||||
| 
 | ||||
| exit: | ||||
|     return return_value; | ||||
|  | @ -571,7 +588,7 @@ exit: | |||
| 
 | ||||
| PyDoc_STRVAR(_ssl__SSLContext__wrap_bio__doc__, | ||||
| "_wrap_bio($self, /, incoming, outgoing, server_side,\n" | ||||
| "          server_hostname=None)\n" | ||||
| "          server_hostname=None, *, owner=None, session=None)\n" | ||||
| "--\n" | ||||
| "\n"); | ||||
| 
 | ||||
|  | @ -581,24 +598,27 @@ PyDoc_STRVAR(_ssl__SSLContext__wrap_bio__doc__, | |||
| static PyObject * | ||||
| _ssl__SSLContext__wrap_bio_impl(PySSLContext *self, PySSLMemoryBIO *incoming, | ||||
|                                 PySSLMemoryBIO *outgoing, int server_side, | ||||
|                                 PyObject *hostname_obj); | ||||
|                                 PyObject *hostname_obj, PyObject *owner, | ||||
|                                 PyObject *session); | ||||
| 
 | ||||
| static PyObject * | ||||
| _ssl__SSLContext__wrap_bio(PySSLContext *self, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) | ||||
| { | ||||
|     PyObject *return_value = NULL; | ||||
|     static const char * const _keywords[] = {"incoming", "outgoing", "server_side", "server_hostname", NULL}; | ||||
|     static _PyArg_Parser _parser = {"O!O!i|O:_wrap_bio", _keywords, 0}; | ||||
|     static const char * const _keywords[] = {"incoming", "outgoing", "server_side", "server_hostname", "owner", "session", NULL}; | ||||
|     static _PyArg_Parser _parser = {"O!O!i|O$OO:_wrap_bio", _keywords, 0}; | ||||
|     PySSLMemoryBIO *incoming; | ||||
|     PySSLMemoryBIO *outgoing; | ||||
|     int server_side; | ||||
|     PyObject *hostname_obj = Py_None; | ||||
|     PyObject *owner = Py_None; | ||||
|     PyObject *session = Py_None; | ||||
| 
 | ||||
|     if (!_PyArg_ParseStackAndKeywords(args, nargs, kwnames, &_parser, | ||||
|         &PySSLMemoryBIO_Type, &incoming, &PySSLMemoryBIO_Type, &outgoing, &server_side, &hostname_obj)) { | ||||
|         &PySSLMemoryBIO_Type, &incoming, &PySSLMemoryBIO_Type, &outgoing, &server_side, &hostname_obj, &owner, &session)) { | ||||
|         goto exit; | ||||
|     } | ||||
|     return_value = _ssl__SSLContext__wrap_bio_impl(self, incoming, outgoing, server_side, hostname_obj); | ||||
|     return_value = _ssl__SSLContext__wrap_bio_impl(self, incoming, outgoing, server_side, hostname_obj, owner, session); | ||||
| 
 | ||||
| exit: | ||||
|     return return_value; | ||||
|  | @ -1155,4 +1175,4 @@ exit: | |||
| #ifndef _SSL_ENUM_CRLS_METHODDEF | ||||
|     #define _SSL_ENUM_CRLS_METHODDEF | ||||
| #endif /* !defined(_SSL_ENUM_CRLS_METHODDEF) */ | ||||
| /*[clinic end generated code: output=84e1fd89aff9b0f7 input=a9049054013a1b77]*/ | ||||
| /*[clinic end generated code: output=d987411caeb106e7 input=a9049054013a1b77]*/ | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Christian Heimes
						Christian Heimes