Author: Philip Jenvey <pjen...@underboss.org> Branch: py3k Changeset: r68673:30065a062e2c Date: 2014-01-14 15:22 -0800 http://bitbucket.org/pypy/pypy/changeset/30065a062e2c/
Log: adapt 1bf39957a7e8 from default diff --git a/lib-python/3/test/test_ssl.py b/lib-python/3/test/test_ssl.py --- a/lib-python/3/test/test_ssl.py +++ b/lib-python/3/test/test_ssl.py @@ -1259,7 +1259,7 @@ try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED) - try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True) + try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, False) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False) # SSLv23 client with specific SSL options diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py --- a/pypy/module/_ssl/interp_ssl.py +++ b/pypy/module/_ssl/interp_ssl.py @@ -1,6 +1,7 @@ from __future__ import with_statement from rpython.rtyper.lltypesystem import rffi, lltype -from pypy.interpreter.error import OperationError, wrap_oserror +from pypy.interpreter.error import ( + OperationError, operationerrfmt, wrap_oserror) from pypy.interpreter.baseobjspace import W_Root from pypy.interpreter.typedef import TypeDef, GetSetProperty from pypy.interpreter.gateway import interp2app, unwrap_spec @@ -91,13 +92,26 @@ class SSLContext(W_Root): - def __init__(self, method): + def __init__(self, protocol): + if protocol == PY_SSL_VERSION_TLS1: + method = libssl_TLSv1_method() + elif protocol == PY_SSL_VERSION_SSL3: + method = libssl_SSLv3_method() + elif protocol == PY_SSL_VERSION_SSL2 and not OPENSSL_NO_SSL2: + method = libssl_SSLv2_method() + elif protocol == PY_SSL_VERSION_SSL23: + method = libssl_SSLv23_method() + else: + raise operationerrfmt(space.w_ValueError, + "invalid protocol version") self.ctx = libssl_SSL_CTX_new(method) # Defaults libssl_SSL_CTX_set_verify(self.ctx, SSL_VERIFY_NONE, None) - libssl_SSL_CTX_set_options( - self.ctx, SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) + options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + if protocol != PY_SSL_VERSION_SSL2: + options |= SSL_OP_NO_SSLv2 + libssl_SSL_CTX_set_options(self.ctx, options) libssl_SSL_CTX_set_session_id_context(self.ctx, "Python", len("Python")) def __del__(self): @@ -107,18 +121,7 @@ @unwrap_spec(protocol=int) def descr_new(space, w_subtype, protocol=PY_SSL_VERSION_SSL23): self = space.allocate_instance(SSLContext, w_subtype) - if protocol == PY_SSL_VERSION_TLS1: - method = libssl_TLSv1_method() - elif protocol == PY_SSL_VERSION_SSL3: - method = libssl_SSLv3_method() - elif protocol == PY_SSL_VERSION_SSL2 and not OPENSSL_NO_SSL2: - method = libssl_SSLv2_method() - elif protocol == PY_SSL_VERSION_SSL23: - method = libssl_SSLv23_method() - else: - raise OperationError( - space.w_ValueError, space.wrap("invalid protocol version")) - self.__init__(method) + self.__init__(protocol) if not self.ctx: raise ssl_error(space, "failed to allocate SSL context") return space.wrap(self) _______________________________________________ pypy-commit mailing list pypy-commit@python.org https://mail.python.org/mailman/listinfo/pypy-commit