Context Navigation

_ssl.c

Visit:

Last change on this file was 3225, checked in by bird, 18 years ago
Python 2.5
File size: 18.8 KB

Line
1	/* SSL socket module
2
3	SSL support based on patches by Brian E Gallew and Laszlo Kovacs.
4
5	This module is imported by socket.py. It should not be used
6	directly.
7
8	*/
9
10	#include "Python.h"
11	enum py_ssl_error {
12	/* these mirror ssl.h */
13	PY_SSL_ERROR_NONE,
14	PY_SSL_ERROR_SSL,
15	PY_SSL_ERROR_WANT_READ,
16	PY_SSL_ERROR_WANT_WRITE,
17	PY_SSL_ERROR_WANT_X509_LOOKUP,
18	PY_SSL_ERROR_SYSCALL, /* look at error stack/return value/errno */
19	PY_SSL_ERROR_ZERO_RETURN,
20	PY_SSL_ERROR_WANT_CONNECT,
21	/* start of non ssl.h errorcodes */
22	PY_SSL_ERROR_EOF, /* special case of SSL_ERROR_SYSCALL */
23	PY_SSL_ERROR_INVALID_ERROR_CODE
24	};
25
26	/* Include symbols from _socket module */
27	#include "socketmodule.h"
28
29	#if defined(HAVE_POLL_H)
30	#include <poll.h>
31	#elif defined(HAVE_SYS_POLL_H)
32	#include <sys/poll.h>
33	#endif
34
35	/* Include OpenSSL header files */
36	#include "openssl/rsa.h"
37	#include "openssl/crypto.h"
38	#include "openssl/x509.h"
39	#include "openssl/pem.h"
40	#include "openssl/ssl.h"
41	#include "openssl/err.h"
42	#include "openssl/rand.h"
43
44	/* SSL error object */
45	static PyObject *PySSLErrorObject;
46
47	/* SSL socket object */
48
49	#define X509_NAME_MAXLEN 256
50
51	/* RAND_* APIs got added to OpenSSL in 0.9.5 */
52	#if OPENSSL_VERSION_NUMBER >= 0x0090500fL
53	# define HAVE_OPENSSL_RAND 1
54	#else
55	# undef HAVE_OPENSSL_RAND
56	#endif
57
58	typedef struct {
59	PyObject_HEAD
60	PySocketSockObject Socket; / Socket on which we're layered */
61	SSL_CTX* ctx;
62	SSL* ssl;
63	X509* server_cert;
64	char server[X509_NAME_MAXLEN];
65	char issuer[X509_NAME_MAXLEN];
66
67	} PySSLObject;
68
69	static PyTypeObject PySSL_Type;
70	static PyObject PySSL_SSLwrite(PySSLObject self, PyObject *args);
71	static PyObject PySSL_SSLread(PySSLObject self, PyObject *args);
72	static int check_socket_and_wait_for_timeout(PySocketSockObject *s,
73	int writing);
74
75	#define PySSLObject_Check(v) ((v)->ob_type == &PySSL_Type)
76
77	typedef enum {
78	SOCKET_IS_NONBLOCKING,
79	SOCKET_IS_BLOCKING,
80	SOCKET_HAS_TIMED_OUT,
81	SOCKET_HAS_BEEN_CLOSED,
82	SOCKET_TOO_LARGE_FOR_SELECT,
83	SOCKET_OPERATION_OK
84	} timeout_state;
85
86	/* XXX It might be helpful to augment the error message generated
87	below with the name of the SSL function that generated the error.
88	I expect it's obvious most of the time.
89	*/
90
91	static PyObject *
92	PySSL_SetError(PySSLObject *obj, int ret)
93	{
94	PyObject v, n, *s;
95	char *errstr;
96	int err;
97	enum py_ssl_error p;
98
99	assert(ret <= 0);
100
101	err = SSL_get_error(obj->ssl, ret);
102
103	switch (err) {
104	case SSL_ERROR_ZERO_RETURN:
105	errstr = "TLS/SSL connection has been closed";
106	p = PY_SSL_ERROR_ZERO_RETURN;
107	break;
108	case SSL_ERROR_WANT_READ:
109	errstr = "The operation did not complete (read)";
110	p = PY_SSL_ERROR_WANT_READ;
111	break;
112	case SSL_ERROR_WANT_WRITE:
113	p = PY_SSL_ERROR_WANT_WRITE;
114	errstr = "The operation did not complete (write)";
115	break;
116	case SSL_ERROR_WANT_X509_LOOKUP:
117	p = PY_SSL_ERROR_WANT_X509_LOOKUP;
118	errstr = "The operation did not complete (X509 lookup)";
119	break;
120	case SSL_ERROR_WANT_CONNECT:
121	p = PY_SSL_ERROR_WANT_CONNECT;
122	errstr = "The operation did not complete (connect)";
123	break;
124	case SSL_ERROR_SYSCALL:
125	{
126	unsigned long e = ERR_get_error();
127	if (e == 0) {
128	if (ret == 0 \|\| !obj->Socket) {
129	p = PY_SSL_ERROR_EOF;
130	errstr = "EOF occurred in violation of protocol";
131	} else if (ret == -1) {
132	/* the underlying BIO reported an I/O error */
133	return obj->Socket->errorhandler();
134	} else { /* possible? */
135	p = PY_SSL_ERROR_SYSCALL;
136	errstr = "Some I/O error occurred";
137	}
138	} else {
139	p = PY_SSL_ERROR_SYSCALL;
140	/* XXX Protected by global interpreter lock */
141	errstr = ERR_error_string(e, NULL);
142	}
143	break;
144	}
145	case SSL_ERROR_SSL:
146	{
147	unsigned long e = ERR_get_error();
148	p = PY_SSL_ERROR_SSL;
149	if (e != 0)
150	/* XXX Protected by global interpreter lock */
151	errstr = ERR_error_string(e, NULL);
152	else { /* possible? */
153	errstr = "A failure in the SSL library occurred";
154	}
155	break;
156	}
157	default:
158	p = PY_SSL_ERROR_INVALID_ERROR_CODE;
159	errstr = "Invalid error code";
160	}
161	n = PyInt_FromLong((long) p);
162	if (n == NULL)
163	return NULL;
164	v = PyTuple_New(2);
165	if (v == NULL) {
166	Py_DECREF(n);
167	return NULL;
168	}
169
170	s = PyString_FromString(errstr);
171	if (s == NULL) {
172	Py_DECREF(v);
173	Py_DECREF(n);
174	}
175	PyTuple_SET_ITEM(v, 0, n);
176	PyTuple_SET_ITEM(v, 1, s);
177	PyErr_SetObject(PySSLErrorObject, v);
178	Py_DECREF(v);
179	return NULL;
180	}
181
182	static PySSLObject *
183	newPySSLObject(PySocketSockObject Sock, char key_file, char *cert_file)
184	{
185	PySSLObject *self;
186	char *errstr = NULL;
187	int ret;
188	int err;
189	int sockstate;
190
191	self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
192	if (self == NULL)
193	return NULL;
194	memset(self->server, '\0', sizeof(char) * X509_NAME_MAXLEN);
195	memset(self->issuer, '\0', sizeof(char) * X509_NAME_MAXLEN);
196	self->server_cert = NULL;
197	self->ssl = NULL;
198	self->ctx = NULL;
199	self->Socket = NULL;
200
201	if ((key_file && !cert_file) \|\| (!key_file && cert_file)) {
202	errstr = "Both the key & certificate files must be specified";
203	goto fail;
204	}
205
206	Py_BEGIN_ALLOW_THREADS
207	self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
208	Py_END_ALLOW_THREADS
209	if (self->ctx == NULL) {
210	errstr = "SSL_CTX_new error";
211	goto fail;
212	}
213
214	if (key_file) {
215	Py_BEGIN_ALLOW_THREADS
216	ret = SSL_CTX_use_PrivateKey_file(self->ctx, key_file,
217	SSL_FILETYPE_PEM);
218	Py_END_ALLOW_THREADS
219	if (ret < 1) {
220	errstr = "SSL_CTX_use_PrivateKey_file error";
221	goto fail;
222	}
223
224	Py_BEGIN_ALLOW_THREADS
225	ret = SSL_CTX_use_certificate_chain_file(self->ctx,
226	cert_file);
227	Py_END_ALLOW_THREADS
228	SSL_CTX_set_options(self->ctx, SSL_OP_ALL); /* ssl compatibility */
229	if (ret < 1) {
230	errstr = "SSL_CTX_use_certificate_chain_file error";
231	goto fail;
232	}
233	}
234
235	Py_BEGIN_ALLOW_THREADS
236	SSL_CTX_set_verify(self->ctx,
237	SSL_VERIFY_NONE, NULL); /* set verify lvl */
238	self->ssl = SSL_new(self->ctx); /* New ssl struct */
239	Py_END_ALLOW_THREADS
240	SSL_set_fd(self->ssl, Sock->sock_fd); /* Set the socket for SSL */
241
242	/* If the socket is in non-blocking mode or timeout mode, set the BIO
243	* to non-blocking mode (blocking is the default)
244	*/
245	if (Sock->sock_timeout >= 0.0) {
246	/* Set both the read and write BIO's to non-blocking mode */
247	BIO_set_nbio(SSL_get_rbio(self->ssl), 1);
248	BIO_set_nbio(SSL_get_wbio(self->ssl), 1);
249	}
250
251	Py_BEGIN_ALLOW_THREADS
252	SSL_set_connect_state(self->ssl);
253	Py_END_ALLOW_THREADS
254
255	/* Actually negotiate SSL connection */
256	/* XXX If SSL_connect() returns 0, it's also a failure. */
257	sockstate = 0;
258	do {
259	Py_BEGIN_ALLOW_THREADS
260	ret = SSL_connect(self->ssl);
261	err = SSL_get_error(self->ssl, ret);
262	Py_END_ALLOW_THREADS
263	if(PyErr_CheckSignals()) {
264	goto fail;
265	}
266	if (err == SSL_ERROR_WANT_READ) {
267	sockstate = check_socket_and_wait_for_timeout(Sock, 0);
268	} else if (err == SSL_ERROR_WANT_WRITE) {
269	sockstate = check_socket_and_wait_for_timeout(Sock, 1);
270	} else {
271	sockstate = SOCKET_OPERATION_OK;
272	}
273	if (sockstate == SOCKET_HAS_TIMED_OUT) {
274	PyErr_SetString(PySSLErrorObject, "The connect operation timed out");
275	goto fail;
276	} else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
277	PyErr_SetString(PySSLErrorObject, "Underlying socket has been closed.");
278	goto fail;
279	} else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
280	PyErr_SetString(PySSLErrorObject, "Underlying socket too large for select().");
281	goto fail;
282	} else if (sockstate == SOCKET_IS_NONBLOCKING) {
283	break;
284	}
285	} while (err == SSL_ERROR_WANT_READ \|\| err == SSL_ERROR_WANT_WRITE);
286	if (ret <= 0) {
287	PySSL_SetError(self, ret);
288	goto fail;
289	}
290	self->ssl->debug = 1;
291
292	Py_BEGIN_ALLOW_THREADS
293	if ((self->server_cert = SSL_get_peer_certificate(self->ssl))) {
294	X509_NAME_oneline(X509_get_subject_name(self->server_cert),
295	self->server, X509_NAME_MAXLEN);
296	X509_NAME_oneline(X509_get_issuer_name(self->server_cert),
297	self->issuer, X509_NAME_MAXLEN);
298	}
299	Py_END_ALLOW_THREADS
300	self->Socket = Sock;
301	Py_INCREF(self->Socket);
302	return self;
303	fail:
304	if (errstr)
305	PyErr_SetString(PySSLErrorObject, errstr);
306	Py_DECREF(self);
307	return NULL;
308	}
309
310	static PyObject *
311	PySocket_ssl(PyObject self, PyObject args)
312	{
313	PySSLObject *rv;
314	PySocketSockObject *Sock;
315	char *key_file = NULL;
316	char *cert_file = NULL;
317
318	if (!PyArg_ParseTuple(args, "O!\|zz:ssl",
319	PySocketModule.Sock_Type,
320	(PyObject*)&Sock,
321	&key_file, &cert_file))
322	return NULL;
323
324	rv = newPySSLObject(Sock, key_file, cert_file);
325	if (rv == NULL)
326	return NULL;
327	return (PyObject *)rv;
328	}
329
330	PyDoc_STRVAR(ssl_doc,
331	"ssl(socket, [keyfile, certfile]) -> sslobject");
332
333	/* SSL object methods */
334
335	static PyObject *
336	PySSL_server(PySSLObject *self)
337	{
338	return PyString_FromString(self->server);
339	}
340
341	static PyObject *
342	PySSL_issuer(PySSLObject *self)
343	{
344	return PyString_FromString(self->issuer);
345	}
346
347
348	static void PySSL_dealloc(PySSLObject *self)
349	{
350	if (self->server_cert) /* Possible not to have one? */
351	X509_free (self->server_cert);
352	if (self->ssl)
353	SSL_free(self->ssl);
354	if (self->ctx)
355	SSL_CTX_free(self->ctx);
356	Py_XDECREF(self->Socket);
357	PyObject_Del(self);
358	}
359
360	/* If the socket has a timeout, do a select()/poll() on the socket.
361	The argument writing indicates the direction.
362	Returns one of the possibilities in the timeout_state enum (above).
363	*/
364
365	static int
366	check_socket_and_wait_for_timeout(PySocketSockObject *s, int writing)
367	{
368	fd_set fds;
369	struct timeval tv;
370	int rc;
371
372	/* Nothing to do unless we're in timeout mode (not non-blocking) */
373	if (s->sock_timeout < 0.0)
374	return SOCKET_IS_BLOCKING;
375	else if (s->sock_timeout == 0.0)
376	return SOCKET_IS_NONBLOCKING;
377
378	/* Guard against closed socket */
379	if (s->sock_fd < 0)
380	return SOCKET_HAS_BEEN_CLOSED;
381
382	/* Prefer poll, if available, since you can poll() any fd
383	* which can't be done with select(). */
384	#ifdef HAVE_POLL
385	{
386	struct pollfd pollfd;
387	int timeout;
388
389	pollfd.fd = s->sock_fd;
390	pollfd.events = writing ? POLLOUT : POLLIN;
391
392	/* s->sock_timeout is in seconds, timeout in ms */
393	timeout = (int)(s->sock_timeout * 1000 + 0.5);
394	Py_BEGIN_ALLOW_THREADS
395	rc = poll(&pollfd, 1, timeout);
396	Py_END_ALLOW_THREADS
397
398	goto normal_return;
399	}
400	#endif
401
402	/* Guard against socket too large for select*/
403	#ifndef Py_SOCKET_FD_CAN_BE_GE_FD_SETSIZE
404	if (s->sock_fd >= FD_SETSIZE)
405	return SOCKET_TOO_LARGE_FOR_SELECT;
406	#endif
407
408	/* Construct the arguments to select */
409	tv.tv_sec = (int)s->sock_timeout;
410	tv.tv_usec = (int)((s->sock_timeout - tv.tv_sec) * 1e6);
411	FD_ZERO(&fds);
412	FD_SET(s->sock_fd, &fds);
413
414	/* See if the socket is ready */
415	Py_BEGIN_ALLOW_THREADS
416	if (writing)
417	rc = select(s->sock_fd+1, NULL, &fds, NULL, &tv);
418	else
419	rc = select(s->sock_fd+1, &fds, NULL, NULL, &tv);
420	Py_END_ALLOW_THREADS
421
422	normal_return:
423	/* Return SOCKET_TIMED_OUT on timeout, SOCKET_OPERATION_OK otherwise
424	(when we are able to write or when there's something to read) */
425	return rc == 0 ? SOCKET_HAS_TIMED_OUT : SOCKET_OPERATION_OK;
426	}
427
428	static PyObject PySSL_SSLwrite(PySSLObject self, PyObject *args)
429	{
430	char *data;
431	int len;
432	int count;
433	int sockstate;
434	int err;
435
436	if (!PyArg_ParseTuple(args, "s#:write", &data, &count))
437	return NULL;
438
439	sockstate = check_socket_and_wait_for_timeout(self->Socket, 1);
440	if (sockstate == SOCKET_HAS_TIMED_OUT) {
441	PyErr_SetString(PySSLErrorObject, "The write operation timed out");
442	return NULL;
443	} else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
444	PyErr_SetString(PySSLErrorObject, "Underlying socket has been closed.");
445	return NULL;
446	} else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
447	PyErr_SetString(PySSLErrorObject, "Underlying socket too large for select().");
448	return NULL;
449	}
450	do {
451	err = 0;
452	Py_BEGIN_ALLOW_THREADS
453	len = SSL_write(self->ssl, data, count);
454	err = SSL_get_error(self->ssl, len);
455	Py_END_ALLOW_THREADS
456	if(PyErr_CheckSignals()) {
457	return NULL;
458	}
459	if (err == SSL_ERROR_WANT_READ) {
460	sockstate = check_socket_and_wait_for_timeout(self->Socket, 0);
461	} else if (err == SSL_ERROR_WANT_WRITE) {
462	sockstate = check_socket_and_wait_for_timeout(self->Socket, 1);
463	} else {
464	sockstate = SOCKET_OPERATION_OK;
465	}
466	if (sockstate == SOCKET_HAS_TIMED_OUT) {
467	PyErr_SetString(PySSLErrorObject, "The write operation timed out");
468	return NULL;
469	} else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
470	PyErr_SetString(PySSLErrorObject, "Underlying socket has been closed.");
471	return NULL;
472	} else if (sockstate == SOCKET_IS_NONBLOCKING) {
473	break;
474	}
475	} while (err == SSL_ERROR_WANT_READ \|\| err == SSL_ERROR_WANT_WRITE);
476	if (len > 0)
477	return PyInt_FromLong(len);
478	else
479	return PySSL_SetError(self, len);
480	}
481
482	PyDoc_STRVAR(PySSL_SSLwrite_doc,
483	"write(s) -> len\n\
484	\n\
485	Writes the string s into the SSL object. Returns the number\n\
486	of bytes written.");
487
488	static PyObject PySSL_SSLread(PySSLObject self, PyObject *args)
489	{
490	PyObject *buf;
491	int count = 0;
492	int len = 1024;
493	int sockstate;
494	int err;
495
496	if (!PyArg_ParseTuple(args, "\|i:read", &len))
497	return NULL;
498
499	if (!(buf = PyString_FromStringAndSize((char *) 0, len)))
500	return NULL;
501
502	/* first check if there are bytes ready to be read */
503	Py_BEGIN_ALLOW_THREADS
504	count = SSL_pending(self->ssl);
505	Py_END_ALLOW_THREADS
506
507	if (!count) {
508	sockstate = check_socket_and_wait_for_timeout(self->Socket, 0);
509	if (sockstate == SOCKET_HAS_TIMED_OUT) {
510	PyErr_SetString(PySSLErrorObject, "The read operation timed out");
511	Py_DECREF(buf);
512	return NULL;
513	} else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
514	PyErr_SetString(PySSLErrorObject, "Underlying socket too large for select().");
515	return NULL;
516	}
517	}
518	do {
519	err = 0;
520	Py_BEGIN_ALLOW_THREADS
521	count = SSL_read(self->ssl, PyString_AsString(buf), len);
522	err = SSL_get_error(self->ssl, count);
523	Py_END_ALLOW_THREADS
524	if(PyErr_CheckSignals()) {
525	Py_DECREF(buf);
526	return NULL;
527	}
528	if (err == SSL_ERROR_WANT_READ) {
529	sockstate = check_socket_and_wait_for_timeout(self->Socket, 0);
530	} else if (err == SSL_ERROR_WANT_WRITE) {
531	sockstate = check_socket_and_wait_for_timeout(self->Socket, 1);
532	} else {
533	sockstate = SOCKET_OPERATION_OK;
534	}
535	if (sockstate == SOCKET_HAS_TIMED_OUT) {
536	PyErr_SetString(PySSLErrorObject, "The read operation timed out");
537	Py_DECREF(buf);
538	return NULL;
539	} else if (sockstate == SOCKET_IS_NONBLOCKING) {
540	break;
541	}
542	} while (err == SSL_ERROR_WANT_READ \|\| err == SSL_ERROR_WANT_WRITE);
543	if (count <= 0) {
544	Py_DECREF(buf);
545	return PySSL_SetError(self, count);
546	}
547	if (count != len)
548	_PyString_Resize(&buf, count);
549	return buf;
550	}
551
552	PyDoc_STRVAR(PySSL_SSLread_doc,
553	"read([len]) -> string\n\
554	\n\
555	Read up to len bytes from the SSL socket.");
556
557	static PyMethodDef PySSLMethods[] = {
558	{"write", (PyCFunction)PySSL_SSLwrite, METH_VARARGS,
559	PySSL_SSLwrite_doc},
560	{"read", (PyCFunction)PySSL_SSLread, METH_VARARGS,
561	PySSL_SSLread_doc},
562	{"server", (PyCFunction)PySSL_server, METH_NOARGS},
563	{"issuer", (PyCFunction)PySSL_issuer, METH_NOARGS},
564	{NULL, NULL}
565	};
566
567	static PyObject PySSL_getattr(PySSLObject self, char *name)
568	{
569	return Py_FindMethod(PySSLMethods, (PyObject *)self, name);
570	}
571
572	static PyTypeObject PySSL_Type = {
573	PyObject_HEAD_INIT(NULL)
574	0, /ob_size/
575	"socket.SSL", /tp_name/
576	sizeof(PySSLObject), /tp_basicsize/
577	0, /tp_itemsize/
578	/* methods */
579	(destructor)PySSL_dealloc, /tp_dealloc/
580	0, /tp_print/
581	(getattrfunc)PySSL_getattr, /tp_getattr/
582	0, /tp_setattr/
583	0, /tp_compare/
584	0, /tp_repr/
585	0, /tp_as_number/
586	0, /tp_as_sequence/
587	0, /tp_as_mapping/
588	0, /tp_hash/
589	};
590
591	#ifdef HAVE_OPENSSL_RAND
592
593	/* helper routines for seeding the SSL PRNG */
594	static PyObject *
595	PySSL_RAND_add(PyObject self, PyObject args)
596	{
597	char *buf;
598	int len;
599	double entropy;
600
601	if (!PyArg_ParseTuple(args, "s#d:RAND_add", &buf, &len, &entropy))
602	return NULL;
603	RAND_add(buf, len, entropy);
604	Py_INCREF(Py_None);
605	return Py_None;
606	}
607
608	PyDoc_STRVAR(PySSL_RAND_add_doc,
609	"RAND_add(string, entropy)\n\
610	\n\
611	Mix string into the OpenSSL PRNG state. entropy (a float) is a lower\n\
612	bound on the entropy contained in string.");
613
614	static PyObject *
615	PySSL_RAND_status(PyObject *self)
616	{
617	return PyInt_FromLong(RAND_status());
618	}
619
620	PyDoc_STRVAR(PySSL_RAND_status_doc,
621	"RAND_status() -> 0 or 1\n\
622	\n\
623	Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
624	It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
625	using the ssl() function.");
626
627	static PyObject *
628	PySSL_RAND_egd(PyObject self, PyObject arg)
629	{
630	int bytes;
631
632	if (!PyString_Check(arg))
633	return PyErr_Format(PyExc_TypeError,
634	"RAND_egd() expected string, found %s",
635	arg->ob_type->tp_name);
636	bytes = RAND_egd(PyString_AS_STRING(arg));
637	if (bytes == -1) {
638	PyErr_SetString(PySSLErrorObject,
639	"EGD connection failed or EGD did not return "
640	"enough data to seed the PRNG");
641	return NULL;
642	}
643	return PyInt_FromLong(bytes);
644	}
645
646	PyDoc_STRVAR(PySSL_RAND_egd_doc,
647	"RAND_egd(path) -> bytes\n\
648	\n\
649	Queries the entropy gather daemon (EGD) on socket path. Returns number\n\
650	of bytes read. Raises socket.sslerror if connection to EGD fails or\n\
651	if it does provide enough data to seed PRNG.");
652
653	#endif
654
655	/* List of functions exported by this module. */
656
657	static PyMethodDef PySSL_methods[] = {
658	{"ssl", PySocket_ssl,
659	METH_VARARGS, ssl_doc},
660	#ifdef HAVE_OPENSSL_RAND
661	{"RAND_add", PySSL_RAND_add, METH_VARARGS,
662	PySSL_RAND_add_doc},
663	{"RAND_egd", PySSL_RAND_egd, METH_O,
664	PySSL_RAND_egd_doc},
665	{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
666	PySSL_RAND_status_doc},
667	#endif
668	{NULL, NULL} /* Sentinel */
669	};
670
671
672	PyDoc_STRVAR(module_doc,
673	"Implementation module for SSL socket operations. See the socket module\n\
674	for documentation.");
675
676	PyMODINIT_FUNC
677	init_ssl(void)
678	{
679	PyObject m, d;
680
681	PySSL_Type.ob_type = &PyType_Type;
682
683	m = Py_InitModule3("_ssl", PySSL_methods, module_doc);
684	if (m == NULL)
685	return;
686	d = PyModule_GetDict(m);
687
688	/* Load _socket module and its C API */
689	if (PySocketModule_ImportModuleAndAPI())
690	return;
691
692	/* Init OpenSSL */
693	SSL_load_error_strings();
694	SSLeay_add_ssl_algorithms();
695
696	/* Add symbols to module dict */
697	PySSLErrorObject = PyErr_NewException("socket.sslerror",
698	PySocketModule.error,
699	NULL);
700	if (PySSLErrorObject == NULL)
701	return;
702	PyDict_SetItemString(d, "sslerror", PySSLErrorObject);
703	if (PyDict_SetItemString(d, "SSLType",
704	(PyObject *)&PySSL_Type) != 0)
705	return;
706	PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
707	PY_SSL_ERROR_ZERO_RETURN);
708	PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
709	PY_SSL_ERROR_WANT_READ);
710	PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE",
711	PY_SSL_ERROR_WANT_WRITE);
712	PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP",
713	PY_SSL_ERROR_WANT_X509_LOOKUP);
714	PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL",
715	PY_SSL_ERROR_SYSCALL);
716	PyModule_AddIntConstant(m, "SSL_ERROR_SSL",
717	PY_SSL_ERROR_SSL);
718	PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT",
719	PY_SSL_ERROR_WANT_CONNECT);
720	/* non ssl.h errorcodes */
721	PyModule_AddIntConstant(m, "SSL_ERROR_EOF",
722	PY_SSL_ERROR_EOF);
723	PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE",
724	PY_SSL_ERROR_INVALID_ERROR_CODE);
725
726	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vendor/python/2.5/Modules/_ssl.c

Download in other formats: