static PyObject * ssl_Connection_do_handshake(ssl_ConnectionObj *self, PyObject *args) { int ret, err; if (!PyArg_ParseTuple(args, ":do_handshake")) return NULL; MY_BEGIN_ALLOW_THREADS(self->tstate); ret = SSL_do_handshake(self->ssl); MY_END_ALLOW_THREADS(self->tstate); if (PyErr_Occurred()) { flush_error_queue(); return NULL; } err = SSL_get_error(self->ssl, ret); if (err == SSL_ERROR_NONE) { Py_INCREF(Py_None); return Py_None; } else { handle_ssl_errors(self->ssl, err, ret); return NULL; } }
static PyObject * ssl_Connection_renegotiate(ssl_ConnectionObj *self, PyObject *args) { int ret; if (!PyArg_ParseTuple(args, ":renegotiate")) { return NULL; } MY_BEGIN_ALLOW_THREADS(self->tstate); ret = SSL_renegotiate(self->ssl); MY_END_ALLOW_THREADS(self->tstate); if (PyErr_Occurred()) { flush_error_queue(); return NULL; } return PyLong_FromLong((long)ret); }
/* * Find attribute. An X509Name object has the following attributes: * countryName (alias C), stateOrProvince (alias ST), locality (alias L), * organization (alias O), organizationalUnit (alias OU), commonName (alias * CN) and more... * * Arguments: self - The X509Name object * name - The attribute name * Returns: A Python object for the attribute, or NULL if something went * wrong */ static PyObject * crypto_X509Name_getattro(crypto_X509NameObj *self, PyObject *nameobj) { int nid, len; char *utf8string; char *name; #ifdef PY3 name = PyBytes_AsString(PyUnicode_AsASCIIString(nameobj)); #else name = PyBytes_AsString(nameobj); #endif if ((nid = OBJ_txt2nid(name)) == NID_undef) { /* * This is a bit weird. OBJ_txt2nid indicated failure, but it seems * a lower level function, a2d_ASN1_OBJECT, also feels the need to * push something onto the error queue. If we don't clean that up * now, someone else will bump into it later and be quite confused. * See lp#314814. */ flush_error_queue(); return PyObject_GenericGetAttr((PyObject*)self, nameobj); } len = get_name_by_nid(self->x509_name, nid, &utf8string); if (len < 0) return NULL; else if (len == 0) { Py_INCREF(Py_None); return Py_None; } else { PyObject* result = PyUnicode_Decode(utf8string, len, "utf-8", NULL); OPENSSL_free(utf8string); return result; } }
wait for a ZeroReturnError on a recv() method call\n\ "; static PyObject * ssl_Connection_shutdown(ssl_ConnectionObj *self, PyObject *args) { int ret; if (!PyArg_ParseTuple(args, ":shutdown")) return NULL; MY_BEGIN_ALLOW_THREADS(self->tstate) ret = SSL_shutdown(self->ssl); MY_END_ALLOW_THREADS(self->tstate) if (PyErr_Occurred()) { flush_error_queue(); return NULL; } if (ret < 0) { exception_from_error_queue(ssl_Error); return NULL; } else if (ret > 0) { Py_INCREF(Py_True); return Py_True; } else { Py_INCREF(Py_False); return Py_False; } }
/* * Constructor for PKCS12 objects, never called by Python code directly. * The strategy for this object is to create all the Python objects * corresponding to the cert/key/CA certs right away * * Arguments: p12 - A "real" PKCS12 object or NULL * passphrase - Passphrase to use when decrypting the PKCS12 object * Returns: The newly created PKCS12 object */ crypto_PKCS12Obj * crypto_PKCS12_New(PKCS12 *p12, char *passphrase) { crypto_PKCS12Obj *self = NULL; PyObject *cacertobj = NULL; unsigned char *alias_str; int alias_len; X509 *cert = NULL; EVP_PKEY *pkey = NULL; STACK_OF(X509) *cacerts = NULL; int i, cacert_count = 0; /* allocate space for the CA cert stack */ if((cacerts = sk_X509_new_null()) == NULL) { goto error; /* out of memory? */ } /* parse the PKCS12 lump */ if (p12) { if (!PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) { /* * If PKCS12_parse fails, and it allocated cacerts, it seems to * free cacerts, but not re-NULL the pointer. Zounds! Make sure * it is re-set to NULL here, else we'll have a double-free below. */ cacerts = NULL; exception_from_error_queue(crypto_Error); goto error; } else { /* * OpenSSL 1.0.0 sometimes leaves an X509_check_private_key error in * the queue for no particular reason. This error isn't interesting * to anyone outside this function. It's not even interesting to * us. Get rid of it. */ flush_error_queue(); } } if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type))) { goto error; } /* client certificate and friendlyName */ if (cert == NULL) { Py_INCREF(Py_None); self->cert = Py_None; Py_INCREF(Py_None); self->friendlyname = Py_None; } else { if ((self->cert = (PyObject *)crypto_X509_New(cert, 1)) == NULL) { goto error; } /* Now we need to extract the friendlyName of the PKCS12 * that was stored by PKCS_parse() in the alias of the * certificate. */ alias_str = X509_alias_get0(cert, &alias_len); if (alias_str) { self->friendlyname = Py_BuildValue(BYTESTRING_FMT "#", alias_str, alias_len); if (!self->friendlyname) { /* * XXX Untested */ goto error; } /* success */ } else { Py_INCREF(Py_None); self->friendlyname = Py_None; } } /* private key */ if (pkey == NULL) { Py_INCREF(Py_None); self->key = Py_None; } else { if ((self->key = (PyObject *)crypto_PKey_New(pkey, 1)) == NULL) goto error; } /* CA certs */ cacert_count = sk_X509_num(cacerts); if (cacert_count <= 0) { Py_INCREF(Py_None); self->cacerts = Py_None; } else { if ((self->cacerts = PyTuple_New(cacert_count)) == NULL) { goto error; } for (i = 0; i < cacert_count; i++) { cert = sk_X509_value(cacerts, i); if ((cacertobj = (PyObject *)crypto_X509_New(cert, 1)) == NULL) { goto error; } PyTuple_SET_ITEM(self->cacerts, i, cacertobj); } } sk_X509_free(cacerts); /* Don't free the certs, just the container. */ PyObject_GC_Track(self); return self; error: sk_X509_free(cacerts); /* NULL safe. Free just the container. */ if (self) { crypto_PKCS12_clear(self); PyObject_GC_Del(self); } return NULL; }