search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Don't mask a no memory error with a less meaningful one as discussed on python-checkins
[python.git] / Modules / _ssl.c
blobf49391d7f00a1bcb4cc446d8c0a56b80bdd1f2cc
1 /* SSL socket module
2
3 SSL support based on patches by Brian E Gallew and Laszlo Kovacs.
4
5 This module is imported by socket.py. It should *not* be used
6 directly.
7
8 */
9
10 #include "Python.h"
11 enum py_ssl_error {
12 /* these mirror ssl.h */
13 PY_SSL_ERROR_NONE,
14 PY_SSL_ERROR_SSL,
15 PY_SSL_ERROR_WANT_READ,
16 PY_SSL_ERROR_WANT_WRITE,
17 PY_SSL_ERROR_WANT_X509_LOOKUP,
18 PY_SSL_ERROR_SYSCALL, /* look at error stack/return value/errno */
19 PY_SSL_ERROR_ZERO_RETURN,
20 PY_SSL_ERROR_WANT_CONNECT,
21 /* start of non ssl.h errorcodes */
22 PY_SSL_ERROR_EOF, /* special case of SSL_ERROR_SYSCALL */
23 PY_SSL_ERROR_INVALID_ERROR_CODE
24 };
25
26 /* Include symbols from _socket module */
27 #include "socketmodule.h"
28
29 /* Include OpenSSL header files */
30 #include "openssl/rsa.h"
31 #include "openssl/crypto.h"
32 #include "openssl/x509.h"
33 #include "openssl/pem.h"
34 #include "openssl/ssl.h"
35 #include "openssl/err.h"
36 #include "openssl/rand.h"
37
38 /* SSL error object */
39 static PyObject *PySSLErrorObject;
40
41 /* SSL socket object */
42
43 #define X509_NAME_MAXLEN 256
44
45 /* RAND_* APIs got added to OpenSSL in 0.9.5 */
46 #if OPENSSL_VERSION_NUMBER >= 0x0090500fL
47 # define HAVE_OPENSSL_RAND 1
48 #else
49 # undef HAVE_OPENSSL_RAND
50 #endif
51
52 typedef struct {
53 PyObject_HEAD
54 PySocketSockObject *Socket; /* Socket on which we're layered */
55 SSL_CTX* ctx;
56 SSL* ssl;
57 X509* server_cert;
58 char server[X509_NAME_MAXLEN];
59 char issuer[X509_NAME_MAXLEN];
60
61 } PySSLObject;
62
63 static PyTypeObject PySSL_Type;
64 static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args);
65 static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args);
66 static int check_socket_and_wait_for_timeout(PySocketSockObject *s,
67 int writing);
68
69 #define PySSLObject_Check(v) ((v)->ob_type == &PySSL_Type)
70
71 typedef enum {
72 SOCKET_IS_NONBLOCKING,
73 SOCKET_IS_BLOCKING,
74 SOCKET_HAS_TIMED_OUT,
75 SOCKET_HAS_BEEN_CLOSED,
76 SOCKET_TOO_LARGE_FOR_SELECT,
77 SOCKET_OPERATION_OK
78 } timeout_state;
79
80 /* XXX It might be helpful to augment the error message generated
81 below with the name of the SSL function that generated the error.
82 I expect it's obvious most of the time.
83 */
84
85 static PyObject *
86 PySSL_SetError(PySSLObject *obj, int ret)
87 {
88 PyObject *v, *n, *s;
89 char *errstr;
90 int err;
91 enum py_ssl_error p;
92
93 assert(ret <= 0);
94
95 err = SSL_get_error(obj->ssl, ret);
96
97 switch (err) {
98 case SSL_ERROR_ZERO_RETURN:
99 errstr = "TLS/SSL connection has been closed";
100 p = PY_SSL_ERROR_ZERO_RETURN;
101 break;
102 case SSL_ERROR_WANT_READ:
103 errstr = "The operation did not complete (read)";
104 p = PY_SSL_ERROR_WANT_READ;
105 break;
106 case SSL_ERROR_WANT_WRITE:
107 p = PY_SSL_ERROR_WANT_WRITE;
108 errstr = "The operation did not complete (write)";
109 break;
110 case SSL_ERROR_WANT_X509_LOOKUP:
111 p = PY_SSL_ERROR_WANT_X509_LOOKUP;
112 errstr = "The operation did not complete (X509 lookup)";
113 break;
114 case SSL_ERROR_WANT_CONNECT:
115 p = PY_SSL_ERROR_WANT_CONNECT;
116 errstr = "The operation did not complete (connect)";
117 break;
118 case SSL_ERROR_SYSCALL:
119 {
120 unsigned long e = ERR_get_error();
121 if (e == 0) {
122 if (ret == 0 || !obj->Socket) {
123 p = PY_SSL_ERROR_EOF;
124 errstr = "EOF occurred in violation of protocol";
125 } else if (ret == -1) {
126 /* the underlying BIO reported an I/O error */
127 return obj->Socket->errorhandler();
128 } else { /* possible? */
129 p = PY_SSL_ERROR_SYSCALL;
130 errstr = "Some I/O error occurred";
131 }
132 } else {
133 p = PY_SSL_ERROR_SYSCALL;
134 /* XXX Protected by global interpreter lock */
135 errstr = ERR_error_string(e, NULL);
136 }
137 break;
138 }
139 case SSL_ERROR_SSL:
140 {
141 unsigned long e = ERR_get_error();
142 p = PY_SSL_ERROR_SSL;
143 if (e != 0)
144 /* XXX Protected by global interpreter lock */
145 errstr = ERR_error_string(e, NULL);
146 else { /* possible? */
147 errstr = "A failure in the SSL library occurred";
148 }
149 break;
150 }
151 default:
152 p = PY_SSL_ERROR_INVALID_ERROR_CODE;
153 errstr = "Invalid error code";
154 }
155 n = PyInt_FromLong((long) p);
156 if (n == NULL)
157 return NULL;
158 v = PyTuple_New(2);
159 if (v == NULL) {
160 Py_DECREF(n);
161 return NULL;
162 }
163
164 s = PyString_FromString(errstr);
165 if (s == NULL) {
166 Py_DECREF(v);
167 Py_DECREF(n);
168 }
169 PyTuple_SET_ITEM(v, 0, n);
170 PyTuple_SET_ITEM(v, 1, s);
171 PyErr_SetObject(PySSLErrorObject, v);
172 Py_DECREF(v);
173 return NULL;
174 }
175
176 static PySSLObject *
177 newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file)
178 {
179 PySSLObject *self;
180 char *errstr = NULL;
181 int ret;
182 int err;
183 int sockstate;
184
185 self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
186 if (self == NULL)
187 return NULL;
188 memset(self->server, '\0', sizeof(char) * X509_NAME_MAXLEN);
189 memset(self->issuer, '\0', sizeof(char) * X509_NAME_MAXLEN);
190 self->server_cert = NULL;
191 self->ssl = NULL;
192 self->ctx = NULL;
193 self->Socket = NULL;
194
195 if ((key_file && !cert_file) || (!key_file && cert_file)) {
196 errstr = "Both the key & certificate files must be specified";
197 goto fail;
198 }
199
200 Py_BEGIN_ALLOW_THREADS
201 self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
202 Py_END_ALLOW_THREADS
203 if (self->ctx == NULL) {
204 errstr = "SSL_CTX_new error";
205 goto fail;
206 }
207
208 if (key_file) {
209 Py_BEGIN_ALLOW_THREADS
210 ret = SSL_CTX_use_PrivateKey_file(self->ctx, key_file,
211 SSL_FILETYPE_PEM);
212 Py_END_ALLOW_THREADS
213 if (ret < 1) {
214 errstr = "SSL_CTX_use_PrivateKey_file error";
215 goto fail;
216 }
217
218 Py_BEGIN_ALLOW_THREADS
219 ret = SSL_CTX_use_certificate_chain_file(self->ctx,
220 cert_file);
221 Py_END_ALLOW_THREADS
222 SSL_CTX_set_options(self->ctx, SSL_OP_ALL); /* ssl compatibility */
223 if (ret < 1) {
224 errstr = "SSL_CTX_use_certificate_chain_file error";
225 goto fail;
226 }
227 }
228
229 Py_BEGIN_ALLOW_THREADS
230 SSL_CTX_set_verify(self->ctx,
231 SSL_VERIFY_NONE, NULL); /* set verify lvl */
232 self->ssl = SSL_new(self->ctx); /* New ssl struct */
233 Py_END_ALLOW_THREADS
234 SSL_set_fd(self->ssl, Sock->sock_fd); /* Set the socket for SSL */
235
236 /* If the socket is in non-blocking mode or timeout mode, set the BIO
237 * to non-blocking mode (blocking is the default)
238 */
239 if (Sock->sock_timeout >= 0.0) {
240 /* Set both the read and write BIO's to non-blocking mode */
241 BIO_set_nbio(SSL_get_rbio(self->ssl), 1);
242 BIO_set_nbio(SSL_get_wbio(self->ssl), 1);
243 }
244
245 Py_BEGIN_ALLOW_THREADS
246 SSL_set_connect_state(self->ssl);
247 Py_END_ALLOW_THREADS
248
249 /* Actually negotiate SSL connection */
250 /* XXX If SSL_connect() returns 0, it's also a failure. */
251 sockstate = 0;
252 do {
253 Py_BEGIN_ALLOW_THREADS
254 ret = SSL_connect(self->ssl);
255 err = SSL_get_error(self->ssl, ret);
256 Py_END_ALLOW_THREADS
257 if(PyErr_CheckSignals()) {
258 goto fail;
259 }
260 if (err == SSL_ERROR_WANT_READ) {
261 sockstate = check_socket_and_wait_for_timeout(Sock, 0);
262 } else if (err == SSL_ERROR_WANT_WRITE) {
263 sockstate = check_socket_and_wait_for_timeout(Sock, 1);
264 } else {
265 sockstate = SOCKET_OPERATION_OK;
266 }
267 if (sockstate == SOCKET_HAS_TIMED_OUT) {
268 PyErr_SetString(PySSLErrorObject, "The connect operation timed out");
269 goto fail;
270 } else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
271 PyErr_SetString(PySSLErrorObject, "Underlying socket has been closed.");
272 goto fail;
273 } else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
274 PyErr_SetString(PySSLErrorObject, "Underlying socket too large for select().");
275 goto fail;
276 } else if (sockstate == SOCKET_IS_NONBLOCKING) {
277 break;
278 }
279 } while (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE);
280 if (ret <= 0) {
281 PySSL_SetError(self, ret);
282 goto fail;
283 }
284 self->ssl->debug = 1;
285
286 Py_BEGIN_ALLOW_THREADS
287 if ((self->server_cert = SSL_get_peer_certificate(self->ssl))) {
288 X509_NAME_oneline(X509_get_subject_name(self->server_cert),
289 self->server, X509_NAME_MAXLEN);
290 X509_NAME_oneline(X509_get_issuer_name(self->server_cert),
291 self->issuer, X509_NAME_MAXLEN);
292 }
293 Py_END_ALLOW_THREADS
294 self->Socket = Sock;
295 Py_INCREF(self->Socket);
296 return self;
297 fail:
298 if (errstr)
299 PyErr_SetString(PySSLErrorObject, errstr);
300 Py_DECREF(self);
301 return NULL;
302 }
303
304 static PyObject *
305 PySocket_ssl(PyObject *self, PyObject *args)
306 {
307 PySSLObject *rv;
308 PySocketSockObject *Sock;
309 char *key_file = NULL;
310 char *cert_file = NULL;
311
312 if (!PyArg_ParseTuple(args, "O!|zz:ssl",
313 PySocketModule.Sock_Type,
314 (PyObject*)&Sock,
315 &key_file, &cert_file))
316 return NULL;
317
318 rv = newPySSLObject(Sock, key_file, cert_file);
319 if (rv == NULL)
320 return NULL;
321 return (PyObject *)rv;
322 }
323
324 PyDoc_STRVAR(ssl_doc,
325 "ssl(socket, [keyfile, certfile]) -> sslobject");
326
327 /* SSL object methods */
328
329 static PyObject *
330 PySSL_server(PySSLObject *self)
331 {
332 return PyString_FromString(self->server);
333 }
334
335 static PyObject *
336 PySSL_issuer(PySSLObject *self)
337 {
338 return PyString_FromString(self->issuer);
339 }
340
341
342 static void PySSL_dealloc(PySSLObject *self)
343 {
344 if (self->server_cert) /* Possible not to have one? */
345 X509_free (self->server_cert);
346 if (self->ssl)
347 SSL_free(self->ssl);
348 if (self->ctx)
349 SSL_CTX_free(self->ctx);
350 Py_XDECREF(self->Socket);
351 PyObject_Del(self);
352 }
353
354 /* If the socket has a timeout, do a select() on the socket.
355 The argument writing indicates the direction.
356 Returns one of the possibilities in the timeout_state enum (above).
357 */
358
359 static int
360 check_socket_and_wait_for_timeout(PySocketSockObject *s, int writing)
361 {
362 fd_set fds;
363 struct timeval tv;
364 int rc;
365
366 /* Nothing to do unless we're in timeout mode (not non-blocking) */
367 if (s->sock_timeout < 0.0)
368 return SOCKET_IS_BLOCKING;
369 else if (s->sock_timeout == 0.0)
370 return SOCKET_IS_NONBLOCKING;
371
372 /* Guard against closed socket */
373 if (s->sock_fd < 0)
374 return SOCKET_HAS_BEEN_CLOSED;
375
376 /* Guard against socket too large for select*/
377 #ifndef Py_SOCKET_FD_CAN_BE_GE_FD_SETSIZE
378 if (s->sock_fd >= FD_SETSIZE)
379 return SOCKET_TOO_LARGE_FOR_SELECT;
380 #endif
381
382 /* Construct the arguments to select */
383 tv.tv_sec = (int)s->sock_timeout;
384 tv.tv_usec = (int)((s->sock_timeout - tv.tv_sec) * 1e6);
385 FD_ZERO(&fds);
386 FD_SET(s->sock_fd, &fds);
387
388 /* See if the socket is ready */
389 Py_BEGIN_ALLOW_THREADS
390 if (writing)
391 rc = select(s->sock_fd+1, NULL, &fds, NULL, &tv);
392 else
393 rc = select(s->sock_fd+1, &fds, NULL, NULL, &tv);
394 Py_END_ALLOW_THREADS
395
396 /* Return SOCKET_TIMED_OUT on timeout, SOCKET_OPERATION_OK otherwise
397 (when we are able to write or when there's something to read) */
398 return rc == 0 ? SOCKET_HAS_TIMED_OUT : SOCKET_OPERATION_OK;
399 }
400
401 static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args)
402 {
403 char *data;
404 int len;
405 int count;
406 int sockstate;
407 int err;
408
409 if (!PyArg_ParseTuple(args, "s#:write", &data, &count))
410 return NULL;
411
412 sockstate = check_socket_and_wait_for_timeout(self->Socket, 1);
413 if (sockstate == SOCKET_HAS_TIMED_OUT) {
414 PyErr_SetString(PySSLErrorObject, "The write operation timed out");
415 return NULL;
416 } else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
417 PyErr_SetString(PySSLErrorObject, "Underlying socket has been closed.");
418 return NULL;
419 } else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
420 PyErr_SetString(PySSLErrorObject, "Underlying socket too large for select().");
421 return NULL;
422 }
423 do {
424 err = 0;
425 Py_BEGIN_ALLOW_THREADS
426 len = SSL_write(self->ssl, data, count);
427 err = SSL_get_error(self->ssl, len);
428 Py_END_ALLOW_THREADS
429 if(PyErr_CheckSignals()) {
430 return NULL;
431 }
432 if (err == SSL_ERROR_WANT_READ) {
433 sockstate = check_socket_and_wait_for_timeout(self->Socket, 0);
434 } else if (err == SSL_ERROR_WANT_WRITE) {
435 sockstate = check_socket_and_wait_for_timeout(self->Socket, 1);
436 } else {
437 sockstate = SOCKET_OPERATION_OK;
438 }
439 if (sockstate == SOCKET_HAS_TIMED_OUT) {
440 PyErr_SetString(PySSLErrorObject, "The write operation timed out");
441 return NULL;
442 } else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
443 PyErr_SetString(PySSLErrorObject, "Underlying socket has been closed.");
444 return NULL;
445 } else if (sockstate == SOCKET_IS_NONBLOCKING) {
446 break;
447 }
448 } while (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE);
449 if (len > 0)
450 return PyInt_FromLong(len);
451 else
452 return PySSL_SetError(self, len);
453 }
454
455 PyDoc_STRVAR(PySSL_SSLwrite_doc,
456 "write(s) -> len\n\
457 \n\
458 Writes the string s into the SSL object. Returns the number\n\
459 of bytes written.");
460
461 static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args)
462 {
463 PyObject *buf;
464 int count = 0;
465 int len = 1024;
466 int sockstate;
467 int err;
468
469 if (!PyArg_ParseTuple(args, "|i:read", &len))
470 return NULL;
471
472 if (!(buf = PyString_FromStringAndSize((char *) 0, len)))
473 return NULL;
474
475 /* first check if there are bytes ready to be read */
476 Py_BEGIN_ALLOW_THREADS
477 count = SSL_pending(self->ssl);
478 Py_END_ALLOW_THREADS
479
480 if (!count) {
481 sockstate = check_socket_and_wait_for_timeout(self->Socket, 0);
482 if (sockstate == SOCKET_HAS_TIMED_OUT) {
483 PyErr_SetString(PySSLErrorObject, "The read operation timed out");
484 Py_DECREF(buf);
485 return NULL;
486 } else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
487 PyErr_SetString(PySSLErrorObject, "Underlying socket too large for select().");
488 return NULL;
489 }
490 }
491 do {
492 err = 0;
493 Py_BEGIN_ALLOW_THREADS
494 count = SSL_read(self->ssl, PyString_AsString(buf), len);
495 err = SSL_get_error(self->ssl, count);
496 Py_END_ALLOW_THREADS
497 if(PyErr_CheckSignals()) {
498 Py_DECREF(buf);
499 return NULL;
500 }
501 if (err == SSL_ERROR_WANT_READ) {
502 sockstate = check_socket_and_wait_for_timeout(self->Socket, 0);
503 } else if (err == SSL_ERROR_WANT_WRITE) {
504 sockstate = check_socket_and_wait_for_timeout(self->Socket, 1);
505 } else {
506 sockstate = SOCKET_OPERATION_OK;
507 }
508 if (sockstate == SOCKET_HAS_TIMED_OUT) {
509 PyErr_SetString(PySSLErrorObject, "The read operation timed out");
510 Py_DECREF(buf);
511 return NULL;
512 } else if (sockstate == SOCKET_IS_NONBLOCKING) {
513 break;
514 }
515 } while (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE);
516 if (count <= 0) {
517 Py_DECREF(buf);
518 return PySSL_SetError(self, count);
519 }
520 if (count != len)
521 _PyString_Resize(&buf, count);
522 return buf;
523 }
524
525 PyDoc_STRVAR(PySSL_SSLread_doc,
526 "read([len]) -> string\n\
527 \n\
528 Read up to len bytes from the SSL socket.");
529
530 static PyMethodDef PySSLMethods[] = {
531 {"write", (PyCFunction)PySSL_SSLwrite, METH_VARARGS,
532 PySSL_SSLwrite_doc},
533 {"read", (PyCFunction)PySSL_SSLread, METH_VARARGS,
534 PySSL_SSLread_doc},
535 {"server", (PyCFunction)PySSL_server, METH_NOARGS},
536 {"issuer", (PyCFunction)PySSL_issuer, METH_NOARGS},
537 {NULL, NULL}
538 };
539
540 static PyObject *PySSL_getattr(PySSLObject *self, char *name)
541 {
542 return Py_FindMethod(PySSLMethods, (PyObject *)self, name);
543 }
544
545 static PyTypeObject PySSL_Type = {
546 PyObject_HEAD_INIT(NULL)
547 0, /*ob_size*/
548 "socket.SSL", /*tp_name*/
549 sizeof(PySSLObject), /*tp_basicsize*/
550 0, /*tp_itemsize*/
551 /* methods */
552 (destructor)PySSL_dealloc, /*tp_dealloc*/
553 0, /*tp_print*/
554 (getattrfunc)PySSL_getattr, /*tp_getattr*/
555 0, /*tp_setattr*/
556 0, /*tp_compare*/
557 0, /*tp_repr*/
558 0, /*tp_as_number*/
559 0, /*tp_as_sequence*/
560 0, /*tp_as_mapping*/
561 0, /*tp_hash*/
562 };
563
564 #ifdef HAVE_OPENSSL_RAND
565
566 /* helper routines for seeding the SSL PRNG */
567 static PyObject *
568 PySSL_RAND_add(PyObject *self, PyObject *args)
569 {
570 char *buf;
571 int len;
572 double entropy;
573
574 if (!PyArg_ParseTuple(args, "s#d:RAND_add", &buf, &len, &entropy))
575 return NULL;
576 RAND_add(buf, len, entropy);
577 Py_INCREF(Py_None);
578 return Py_None;
579 }
580
581 PyDoc_STRVAR(PySSL_RAND_add_doc,
582 "RAND_add(string, entropy)\n\
583 \n\
584 Mix string into the OpenSSL PRNG state. entropy (a float) is a lower\n\
585 bound on the entropy contained in string.");
586
587 static PyObject *
588 PySSL_RAND_status(PyObject *self)
589 {
590 return PyInt_FromLong(RAND_status());
591 }
592
593 PyDoc_STRVAR(PySSL_RAND_status_doc,
594 "RAND_status() -> 0 or 1\n\
595 \n\
596 Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
597 It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
598 using the ssl() function.");
599
600 static PyObject *
601 PySSL_RAND_egd(PyObject *self, PyObject *arg)
602 {
603 int bytes;
604
605 if (!PyString_Check(arg))
606 return PyErr_Format(PyExc_TypeError,
607 "RAND_egd() expected string, found %s",
608 arg->ob_type->tp_name);
609 bytes = RAND_egd(PyString_AS_STRING(arg));
610 if (bytes == -1) {
611 PyErr_SetString(PySSLErrorObject,
612 "EGD connection failed or EGD did not return "
613 "enough data to seed the PRNG");
614 return NULL;
615 }
616 return PyInt_FromLong(bytes);
617 }
618
619 PyDoc_STRVAR(PySSL_RAND_egd_doc,
620 "RAND_egd(path) -> bytes\n\
621 \n\
622 Queries the entropy gather daemon (EGD) on socket path. Returns number\n\
623 of bytes read. Raises socket.sslerror if connection to EGD fails or\n\
624 if it does provide enough data to seed PRNG.");
625
626 #endif
627
628 /* List of functions exported by this module. */
629
630 static PyMethodDef PySSL_methods[] = {
631 {"ssl", PySocket_ssl,
632 METH_VARARGS, ssl_doc},
633 #ifdef HAVE_OPENSSL_RAND
634 {"RAND_add", PySSL_RAND_add, METH_VARARGS,
635 PySSL_RAND_add_doc},
636 {"RAND_egd", PySSL_RAND_egd, METH_O,
637 PySSL_RAND_egd_doc},
638 {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
639 PySSL_RAND_status_doc},
640 #endif
641 {NULL, NULL} /* Sentinel */
642 };
643
644
645 PyDoc_STRVAR(module_doc,
646 "Implementation module for SSL socket operations. See the socket module\n\
647 for documentation.");
648
649 PyMODINIT_FUNC
650 init_ssl(void)
651 {
652 PyObject *m, *d;
653
654 PySSL_Type.ob_type = &PyType_Type;
655
656 m = Py_InitModule3("_ssl", PySSL_methods, module_doc);
657 if (m == NULL)
658 return;
659 d = PyModule_GetDict(m);
660
661 /* Load _socket module and its C API */
662 if (PySocketModule_ImportModuleAndAPI())
663 return;
664
665 /* Init OpenSSL */
666 SSL_load_error_strings();
667 SSLeay_add_ssl_algorithms();
668
669 /* Add symbols to module dict */
670 PySSLErrorObject = PyErr_NewException("socket.sslerror",
671 PySocketModule.error,
672 NULL);
673 if (PySSLErrorObject == NULL)
674 return;
675 PyDict_SetItemString(d, "sslerror", PySSLErrorObject);
676 if (PyDict_SetItemString(d, "SSLType",
677 (PyObject *)&PySSL_Type) != 0)
678 return;
679 PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
680 PY_SSL_ERROR_ZERO_RETURN);
681 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
682 PY_SSL_ERROR_WANT_READ);
683 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE",
684 PY_SSL_ERROR_WANT_WRITE);
685 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP",
686 PY_SSL_ERROR_WANT_X509_LOOKUP);
687 PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL",
688 PY_SSL_ERROR_SYSCALL);
689 PyModule_AddIntConstant(m, "SSL_ERROR_SSL",
690 PY_SSL_ERROR_SSL);
691 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT",
692 PY_SSL_ERROR_WANT_CONNECT);
693 /* non ssl.h errorcodes */
694 PyModule_AddIntConstant(m, "SSL_ERROR_EOF",
695 PY_SSL_ERROR_EOF);
696 PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE",
697 PY_SSL_ERROR_INVALID_ERROR_CODE);
698
699 }
python git mirror