static PyObject *
ssl_Connection_do_handshake(ssl_ConnectionObj *self, PyObject *args)
{
int ret, err;
if (!PyArg_ParseTuple(args, ":do_handshake"))
return NULL;
MY_BEGIN_ALLOW_THREADS(self->tstate);
ret = SSL_do_handshake(self->ssl);
MY_END_ALLOW_THREADS(self->tstate);
if (PyErr_Occurred())
{
flush_error_queue();
return NULL;
}
err = SSL_get_error(self->ssl, ret);
if (err == SSL_ERROR_NONE)
{
Py_INCREF(Py_None);
return Py_None;
}
else
{
handle_ssl_errors(self->ssl, err, ret);
return NULL;
}
}
static PyObject *
ssl_Connection_renegotiate(ssl_ConnectionObj *self, PyObject *args) {
int ret;
if (!PyArg_ParseTuple(args, ":renegotiate")) {
return NULL;
}
MY_BEGIN_ALLOW_THREADS(self->tstate);
ret = SSL_renegotiate(self->ssl);
MY_END_ALLOW_THREADS(self->tstate);
if (PyErr_Occurred()) {
flush_error_queue();
return NULL;
}
return PyLong_FromLong((long)ret);
}
/*
* Find attribute. An X509Name object has the following attributes:
* countryName (alias C), stateOrProvince (alias ST), locality (alias L),
* organization (alias O), organizationalUnit (alias OU), commonName (alias
* CN) and more...
*
* Arguments: self - The X509Name object
* name - The attribute name
* Returns: A Python object for the attribute, or NULL if something went
* wrong
*/
static PyObject *
crypto_X509Name_getattro(crypto_X509NameObj *self, PyObject *nameobj)
{
int nid, len;
char *utf8string;
char *name;
#ifdef PY3
name = PyBytes_AsString(PyUnicode_AsASCIIString(nameobj));
#else
name = PyBytes_AsString(nameobj);
#endif
if ((nid = OBJ_txt2nid(name)) == NID_undef) {
/*
* This is a bit weird. OBJ_txt2nid indicated failure, but it seems
* a lower level function, a2d_ASN1_OBJECT, also feels the need to
* push something onto the error queue. If we don't clean that up
* now, someone else will bump into it later and be quite confused.
* See lp#314814.
*/
flush_error_queue();
return PyObject_GenericGetAttr((PyObject*)self, nameobj);
}
len = get_name_by_nid(self->x509_name, nid, &utf8string);
if (len < 0)
return NULL;
else if (len == 0)
{
Py_INCREF(Py_None);
return Py_None;
}
else {
PyObject* result = PyUnicode_Decode(utf8string, len, "utf-8", NULL);
OPENSSL_free(utf8string);
return result;
}
}
wait for a ZeroReturnError on a recv() method call\n\
";
static PyObject *
ssl_Connection_shutdown(ssl_ConnectionObj *self, PyObject *args)
{
int ret;
if (!PyArg_ParseTuple(args, ":shutdown"))
return NULL;
MY_BEGIN_ALLOW_THREADS(self->tstate)
ret = SSL_shutdown(self->ssl);
MY_END_ALLOW_THREADS(self->tstate)
if (PyErr_Occurred())
{
flush_error_queue();
return NULL;
}
if (ret < 0)
{
exception_from_error_queue(ssl_Error);
return NULL;
}
else if (ret > 0)
{
Py_INCREF(Py_True);
return Py_True;
}
else
{
Py_INCREF(Py_False);
return Py_False;
}
}
/*
* Constructor for PKCS12 objects, never called by Python code directly.
* The strategy for this object is to create all the Python objects
* corresponding to the cert/key/CA certs right away
*
* Arguments: p12 - A "real" PKCS12 object or NULL
* passphrase - Passphrase to use when decrypting the PKCS12 object
* Returns: The newly created PKCS12 object
*/
crypto_PKCS12Obj *
crypto_PKCS12_New(PKCS12 *p12, char *passphrase) {
crypto_PKCS12Obj *self = NULL;
PyObject *cacertobj = NULL;
unsigned char *alias_str;
int alias_len;
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
STACK_OF(X509) *cacerts = NULL;
int i, cacert_count = 0;
/* allocate space for the CA cert stack */
if((cacerts = sk_X509_new_null()) == NULL) {
goto error; /* out of memory? */
}
/* parse the PKCS12 lump */
if (p12) {
if (!PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
/*
* If PKCS12_parse fails, and it allocated cacerts, it seems to
* free cacerts, but not re-NULL the pointer. Zounds! Make sure
* it is re-set to NULL here, else we'll have a double-free below.
*/
cacerts = NULL;
exception_from_error_queue(crypto_Error);
goto error;
} else {
/*
* OpenSSL 1.0.0 sometimes leaves an X509_check_private_key error in
* the queue for no particular reason. This error isn't interesting
* to anyone outside this function. It's not even interesting to
* us. Get rid of it.
*/
flush_error_queue();
}
}
if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type))) {
goto error;
}
/* client certificate and friendlyName */
if (cert == NULL) {
Py_INCREF(Py_None);
self->cert = Py_None;
Py_INCREF(Py_None);
self->friendlyname = Py_None;
} else {
if ((self->cert = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
goto error;
}
/* Now we need to extract the friendlyName of the PKCS12
* that was stored by PKCS_parse() in the alias of the
* certificate. */
alias_str = X509_alias_get0(cert, &alias_len);
if (alias_str) {
self->friendlyname = Py_BuildValue(BYTESTRING_FMT "#", alias_str, alias_len);
if (!self->friendlyname) {
/*
* XXX Untested
*/
goto error;
}
/* success */
} else {
Py_INCREF(Py_None);
self->friendlyname = Py_None;
}
}
/* private key */
if (pkey == NULL) {
Py_INCREF(Py_None);
self->key = Py_None;
} else {
if ((self->key = (PyObject *)crypto_PKey_New(pkey, 1)) == NULL)
goto error;
}
/* CA certs */
cacert_count = sk_X509_num(cacerts);
if (cacert_count <= 0) {
Py_INCREF(Py_None);
self->cacerts = Py_None;
} else {
if ((self->cacerts = PyTuple_New(cacert_count)) == NULL) {
goto error;
}
for (i = 0; i < cacert_count; i++) {
cert = sk_X509_value(cacerts, i);
if ((cacertobj = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
goto error;
}
PyTuple_SET_ITEM(self->cacerts, i, cacertobj);
}
}
sk_X509_free(cacerts); /* Don't free the certs, just the container. */
PyObject_GC_Track(self);
return self;
error:
sk_X509_free(cacerts); /* NULL safe. Free just the container. */
if (self) {
crypto_PKCS12_clear(self);
PyObject_GC_Del(self);
}
return NULL;
}
