[pypy-commit] pypy stdlib-2.7.9: ssl: add SSLContext.load_dh_params()

amauryfa Sun, 25 Jan 2015 10:58:44 -0800

Author: Amaury Forgeot d'Arc <[email protected]>
Branch: stdlib-2.7.9
Changeset: r75516:35f8bc7e346a
Date: 2015-01-25 17:37 +0100
http://bitbucket.org/pypy/pypy/changeset/35f8bc7e346a/


Log:    ssl: add SSLContext.load_dh_params()

diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -1025,6 +1025,31 @@
         if ret != 1:
             raise _ssl_seterror(space, None, -1)
 
+    @unwrap_spec(filepath=str)
+    def load_dh_params_w(self, space, filepath):
+        bio = libssl_BIO_new_file(filepath, "r")
+        if not bio:
+            libssl_ERR_clear_error()
+            errno = get_errno()
+            raise wrap_oserror(space, OSError(errno, ''))
+        try:
+            set_errno(0)
+            dh = libssl_PEM_read_bio_DHparams(bio, None, None, None)
+        finally:
+            libssl_BIO_free(bio)
+        if not dh:
+            errno = get_errno()
+            if errno != 0:
+                libssl_ERR_clear_error()
+                raise wrap_oserror(space, OSError(errno, ''))
+            else:
+                raise _ssl_seterror(space, None, 0)
+        try:
+            if libssl_SSL_CTX_set_tmp_dh(self.ctx, dh) == 0:
+                raise _ssl_seterror(space, None, 0)
+        finally:
+            libssl_DH_free(dh)        
+
     def load_verify_locations_w(self, space, w_cafile=None, w_capath=None,
                                 w_cadata=None):
         if space.is_none(w_cafile):
@@ -1156,9 +1181,10 @@
     __new__=interp2app(_SSLContext.descr_new),
     _wrap_socket=interp2app(_SSLContext.descr_wrap_socket),
     set_ciphers=interp2app(_SSLContext.descr_set_ciphers),
-    load_verify_locations=interp2app(_SSLContext.load_verify_locations_w),
     cert_store_stats=interp2app(_SSLContext.cert_store_stats_w),
     load_cert_chain=interp2app(_SSLContext.load_cert_chain_w),
+    load_dh_params=interp2app(_SSLContext.load_dh_params_w),
+    load_verify_locations=interp2app(_SSLContext.load_verify_locations_w),
     
set_default_verify_paths=interp2app(_SSLContext.descr_set_default_verify_paths),
     _set_npn_protocols=interp2app(_SSLContext.set_npn_protocols_w),
 
diff --git a/pypy/module/_ssl/test/test_ssl.py 
b/pypy/module/_ssl/test/test_ssl.py
--- a/pypy/module/_ssl/test/test_ssl.py
+++ b/pypy/module/_ssl/test/test_ssl.py
@@ -1,11 +1,11 @@
 from rpython.tool.udir import udir
+import os
 
 
 class AppTestSSL:
     spaceconfig = dict(usemodules=('_ssl', '_socket', 'thread'))
 
     def setup_class(cls):
-        import os
         cls.w_nullbytecert = cls.space.wrap(os.path.join(
             os.path.dirname(__file__), 'nullbytecert.pem'))
 
@@ -269,6 +269,8 @@
         tmpfile = udir / "emptycert.pem"
         tmpfile.write(SSL_EMPTYCERT)
         cls.w_emptycert = cls.space.wrap(str(tmpfile))
+        cls.w_dh512 = cls.space.wrap(os.path.join(
+            os.path.dirname(__file__), 'dh512.pem'))
 
     def test_load_cert_chain(self):
         import _ssl
@@ -291,6 +293,14 @@
         ctx.load_verify_locations(cadata=cacert_pem)
         assert ctx.cert_store_stats()["x509_ca"]
 
+    def test_load_dh_params(self):
+        import _ssl
+        ctx = _ssl._SSLContext(_ssl.PROTOCOL_TLSv1)
+        ctx.load_dh_params(self.dh512)
+        raises(TypeError, ctx.load_dh_params)
+        raises(TypeError, ctx.load_dh_params, None)
+        raises(_ssl.SSLError, ctx.load_dh_params, self.keycert)
+
 SSL_CERTIFICATE = """
 -----BEGIN CERTIFICATE-----
 MIICVDCCAb2gAwIBAgIJANfHOBkZr8JOMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
diff --git a/rpython/rlib/ropenssl.py b/rpython/rlib/ropenssl.py
--- a/rpython/rlib/ropenssl.py
+++ b/rpython/rlib/ropenssl.py
@@ -53,6 +53,7 @@
 ASN1_ITEM = rffi.COpaquePtr('ASN1_ITEM')
 X509_NAME = rffi.COpaquePtr('X509_NAME')
 stack_st_X509_OBJECT = rffi.COpaquePtr('struct stack_st_X509_OBJECT')
+DH = rffi.COpaquePtr('DH')
 
 class CConfigBootstrap:
     _compilation_info_ = eci
@@ -356,6 +357,7 @@
 ssl_external('BIO_s_file', [], BIO_METHOD)
 ssl_external('BIO_new', [BIO_METHOD], BIO)
 ssl_external('BIO_set_nbio', [BIO, rffi.INT], rffi.INT, macro=True)
+ssl_external('BIO_new_file', [rffi.CCHARP, rffi.CCHARP], BIO)
 ssl_external('BIO_new_mem_buf', [rffi.VOIDP, rffi.INT], BIO)
 ssl_external('BIO_free', [BIO], rffi.INT)
 ssl_external('BIO_reset', [BIO], rffi.INT, macro=True)
@@ -367,6 +369,11 @@
 ssl_external('PEM_read_bio_X509_AUX',
              [BIO, rffi.VOIDP, rffi.VOIDP, rffi.VOIDP], X509)
 
+ssl_external('PEM_read_bio_DHparams',
+             [BIO, rffi.VOIDP, rffi.VOIDP, rffi.VOIDP], DH)
+ssl_external('SSL_CTX_set_tmp_dh', [SSL_CTX, DH], rffi.INT, macro=True)
+ssl_external('DH_free', [DH], lltype.Void, releasegil=False)
+
 if HAS_NPN:
     SSL_NEXT_PROTOS_ADV_CB = lltype.Ptr(lltype.FuncType(
         [SSL, rffi.CCHARPP, rffi.UINTP, rffi.VOIDP], rffi.INT))
_______________________________________________
pypy-commit mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-commit

[pypy-commit] pypy stdlib-2.7.9: ssl: add SSLContext.load_dh_params()

Reply via email to