[pypy-commit] pypy stdlib-2.7.9: provide SSLContext.verify_mode

bdkearns Sun, 21 Dec 2014 08:06:25 -0800

Author: Brian Kearns <[email protected]>
Branch: stdlib-2.7.9
Changeset: r75050:a155733a8665
Date: 2014-12-21 11:05 -0500
http://bitbucket.org/pypy/pypy/changeset/a155733a8665/


Log:    provide SSLContext.verify_mode

diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -870,6 +870,29 @@
         if set:
             libssl_SSL_CTX_set_options(self.ctx, set)
 
+    def descr_get_verify_mode(self, space):
+        mode = libssl_SSL_CTX_get_verify_mode(self.ctx)
+        if mode == SSL_VERIFY_NONE:
+            return space.newlong(PY_SSL_CERT_NONE)
+        elif mode == SSL_VERIFY_PEER:
+            return space.newlong(PY_SSL_CERT_OPTIONAL)
+        elif mode == SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT:
+            return space.newlong(PY_SSL_CERT_REQUIRED)
+        raise ssl_error(space, "invalid return value from 
SSL_CTX_get_verify_mode")
+
+    def descr_set_verify_mode(self, space, w_mode):
+        n = space.int_w(w_mode)
+        if n == PY_SSL_CERT_NONE:
+            mode = SSL_VERIFY_NONE
+        elif n == PY_SSL_CERT_OPTIONAL:
+            mode = SSL_VERIFY_PEER
+        elif n == PY_SSL_CERT_REQUIRED:
+            mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+        else:
+            raise oefmt(space.w_ValueError,
+                        "invalid value for verify_mode")
+        libssl_SSL_CTX_set_verify(self.ctx, mode, None)
+
 _SSLContext.typedef = TypeDef("_SSLContext",
     __module__ = "_ssl",
     __new__ = interp2app(_SSLContext.descr_new),
@@ -877,6 +900,8 @@
     set_ciphers = interp2app(_SSLContext.descr_set_ciphers),
     options = GetSetProperty(_SSLContext.descr_get_options,
                              _SSLContext.descr_set_options),
+    verify_mode = GetSetProperty(_SSLContext.descr_get_verify_mode,
+                                 _SSLContext.descr_set_verify_mode),
 )
 
 
diff --git a/pypy/module/_ssl/test/test_ssl.py 
b/pypy/module/_ssl/test/test_ssl.py
--- a/pypy/module/_ssl/test/test_ssl.py
+++ b/pypy/module/_ssl/test/test_ssl.py
@@ -113,12 +113,20 @@
     def test_context(self):
         import _ssl
         s = _ssl._SSLContext(_ssl.PROTOCOL_TLSv1)
+
         assert type(s.options) is long
         assert s.options & _ssl.OP_NO_SSLv2
         s.options &= ~_ssl.OP_NO_SSLv2
         assert not s.options & _ssl.OP_NO_SSLv2
         raises(TypeError, "s.options = 2.5")
 
+        assert s.verify_mode == _ssl.CERT_NONE
+        s.verify_mode = _ssl.CERT_REQUIRED
+        assert s.verify_mode == _ssl.CERT_REQUIRED
+        exc = raises(ValueError, "s.verify_mode = 1234")
+        assert str(exc.value) == "invalid value for verify_mode"
+
+
 class AppTestConnectedSSL:
     spaceconfig = {
         "usemodules": ['_ssl', '_socket', 'struct', 'binascii'],
_______________________________________________
pypy-commit mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-commit

[pypy-commit] pypy stdlib-2.7.9: provide SSLContext.verify_mode

Reply via email to