search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updated documentation for findCaller() to indicate that a 3-tuple is now returned...
[python.git] / Modules / _ssl.c
blobf1e1092ac7dad9eea6798c4e32db052d80f341b8
1 /* SSL socket module
2
3 SSL support based on patches by Brian E Gallew and Laszlo Kovacs.
4
5 This module is imported by socket.py. It should *not* be used
6 directly.
7
8 */
9
10 #include "Python.h"
11 enum py_ssl_error {
12 /* these mirror ssl.h */
13 PY_SSL_ERROR_NONE,
14 PY_SSL_ERROR_SSL,
15 PY_SSL_ERROR_WANT_READ,
16 PY_SSL_ERROR_WANT_WRITE,
17 PY_SSL_ERROR_WANT_X509_LOOKUP,
18 PY_SSL_ERROR_SYSCALL, /* look at error stack/return value/errno */
19 PY_SSL_ERROR_ZERO_RETURN,
20 PY_SSL_ERROR_WANT_CONNECT,
21 /* start of non ssl.h errorcodes */
22 PY_SSL_ERROR_EOF, /* special case of SSL_ERROR_SYSCALL */
23 PY_SSL_ERROR_INVALID_ERROR_CODE
24 };
25
26 /* Include symbols from _socket module */
27 #include "socketmodule.h"
28
29 #if defined(HAVE_POLL_H)
30 #include <poll.h>
31 #elif defined(HAVE_SYS_POLL_H)
32 #include <sys/poll.h>
33 #endif
34
35 /* Include OpenSSL header files */
36 #include "openssl/rsa.h"
37 #include "openssl/crypto.h"
38 #include "openssl/x509.h"
39 #include "openssl/pem.h"
40 #include "openssl/ssl.h"
41 #include "openssl/err.h"
42 #include "openssl/rand.h"
43
44 /* SSL error object */
45 static PyObject *PySSLErrorObject;
46
47 /* SSL socket object */
48
49 #define X509_NAME_MAXLEN 256
50
51 /* RAND_* APIs got added to OpenSSL in 0.9.5 */
52 #if OPENSSL_VERSION_NUMBER >= 0x0090500fL
53 # define HAVE_OPENSSL_RAND 1
54 #else
55 # undef HAVE_OPENSSL_RAND
56 #endif
57
58 typedef struct {
59 PyObject_HEAD
60 PySocketSockObject *Socket; /* Socket on which we're layered */
61 SSL_CTX* ctx;
62 SSL* ssl;
63 X509* server_cert;
64 char server[X509_NAME_MAXLEN];
65 char issuer[X509_NAME_MAXLEN];
66
67 } PySSLObject;
68
69 static PyTypeObject PySSL_Type;
70 static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args);
71 static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args);
72 static int check_socket_and_wait_for_timeout(PySocketSockObject *s,
73 int writing);
74
75 #define PySSLObject_Check(v) ((v)->ob_type == &PySSL_Type)
76
77 typedef enum {
78 SOCKET_IS_NONBLOCKING,
79 SOCKET_IS_BLOCKING,
80 SOCKET_HAS_TIMED_OUT,
81 SOCKET_HAS_BEEN_CLOSED,
82 SOCKET_TOO_LARGE_FOR_SELECT,
83 SOCKET_OPERATION_OK
84 } timeout_state;
85
86 /* XXX It might be helpful to augment the error message generated
87 below with the name of the SSL function that generated the error.
88 I expect it's obvious most of the time.
89 */
90
91 static PyObject *
92 PySSL_SetError(PySSLObject *obj, int ret)
93 {
94 PyObject *v, *n, *s;
95 char *errstr;
96 int err;
97 enum py_ssl_error p;
98
99 assert(ret <= 0);
100
101 err = SSL_get_error(obj->ssl, ret);
102
103 switch (err) {
104 case SSL_ERROR_ZERO_RETURN:
105 errstr = "TLS/SSL connection has been closed";
106 p = PY_SSL_ERROR_ZERO_RETURN;
107 break;
108 case SSL_ERROR_WANT_READ:
109 errstr = "The operation did not complete (read)";
110 p = PY_SSL_ERROR_WANT_READ;
111 break;
112 case SSL_ERROR_WANT_WRITE:
113 p = PY_SSL_ERROR_WANT_WRITE;
114 errstr = "The operation did not complete (write)";
115 break;
116 case SSL_ERROR_WANT_X509_LOOKUP:
117 p = PY_SSL_ERROR_WANT_X509_LOOKUP;
118 errstr = "The operation did not complete (X509 lookup)";
119 break;
120 case SSL_ERROR_WANT_CONNECT:
121 p = PY_SSL_ERROR_WANT_CONNECT;
122 errstr = "The operation did not complete (connect)";
123 break;
124 case SSL_ERROR_SYSCALL:
125 {
126 unsigned long e = ERR_get_error();
127 if (e == 0) {
128 if (ret == 0 || !obj->Socket) {
129 p = PY_SSL_ERROR_EOF;
130 errstr = "EOF occurred in violation of protocol";
131 } else if (ret == -1) {
132 /* the underlying BIO reported an I/O error */
133 return obj->Socket->errorhandler();
134 } else { /* possible? */
135 p = PY_SSL_ERROR_SYSCALL;
136 errstr = "Some I/O error occurred";
137 }
138 } else {
139 p = PY_SSL_ERROR_SYSCALL;
140 /* XXX Protected by global interpreter lock */
141 errstr = ERR_error_string(e, NULL);
142 }
143 break;
144 }
145 case SSL_ERROR_SSL:
146 {
147 unsigned long e = ERR_get_error();
148 p = PY_SSL_ERROR_SSL;
149 if (e != 0)
150 /* XXX Protected by global interpreter lock */
151 errstr = ERR_error_string(e, NULL);
152 else { /* possible? */
153 errstr = "A failure in the SSL library occurred";
154 }
155 break;
156 }
157 default:
158 p = PY_SSL_ERROR_INVALID_ERROR_CODE;
159 errstr = "Invalid error code";
160 }
161 n = PyInt_FromLong((long) p);
162 if (n == NULL)
163 return NULL;
164 v = PyTuple_New(2);
165 if (v == NULL) {
166 Py_DECREF(n);
167 return NULL;
168 }
169
170 s = PyString_FromString(errstr);
171 if (s == NULL) {
172 Py_DECREF(v);
173 Py_DECREF(n);
174 }
175 PyTuple_SET_ITEM(v, 0, n);
176 PyTuple_SET_ITEM(v, 1, s);
177 PyErr_SetObject(PySSLErrorObject, v);
178 Py_DECREF(v);
179 return NULL;
180 }
181
182 static PySSLObject *
183 newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file)
184 {
185 PySSLObject *self;
186 char *errstr = NULL;
187 int ret;
188 int err;
189 int sockstate;
190
191 self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
192 if (self == NULL)
193 return NULL;
194 memset(self->server, '\0', sizeof(char) * X509_NAME_MAXLEN);
195 memset(self->issuer, '\0', sizeof(char) * X509_NAME_MAXLEN);
196 self->server_cert = NULL;
197 self->ssl = NULL;
198 self->ctx = NULL;
199 self->Socket = NULL;
200
201 if ((key_file && !cert_file) || (!key_file && cert_file)) {
202 errstr = "Both the key & certificate files must be specified";
203 goto fail;
204 }
205
206 Py_BEGIN_ALLOW_THREADS
207 self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
208 Py_END_ALLOW_THREADS
209 if (self->ctx == NULL) {
210 errstr = "SSL_CTX_new error";
211 goto fail;
212 }
213
214 if (key_file) {
215 Py_BEGIN_ALLOW_THREADS
216 ret = SSL_CTX_use_PrivateKey_file(self->ctx, key_file,
217 SSL_FILETYPE_PEM);
218 Py_END_ALLOW_THREADS
219 if (ret < 1) {
220 errstr = "SSL_CTX_use_PrivateKey_file error";
221 goto fail;
222 }
223
224 Py_BEGIN_ALLOW_THREADS
225 ret = SSL_CTX_use_certificate_chain_file(self->ctx,
226 cert_file);
227 Py_END_ALLOW_THREADS
228 SSL_CTX_set_options(self->ctx, SSL_OP_ALL); /* ssl compatibility */
229 if (ret < 1) {
230 errstr = "SSL_CTX_use_certificate_chain_file error";
231 goto fail;
232 }
233 }
234
235 Py_BEGIN_ALLOW_THREADS
236 SSL_CTX_set_verify(self->ctx,
237 SSL_VERIFY_NONE, NULL); /* set verify lvl */
238 self->ssl = SSL_new(self->ctx); /* New ssl struct */
239 Py_END_ALLOW_THREADS
240 SSL_set_fd(self->ssl, Sock->sock_fd); /* Set the socket for SSL */
241
242 /* If the socket is in non-blocking mode or timeout mode, set the BIO
243 * to non-blocking mode (blocking is the default)
244 */
245 if (Sock->sock_timeout >= 0.0) {
246 /* Set both the read and write BIO's to non-blocking mode */
247 BIO_set_nbio(SSL_get_rbio(self->ssl), 1);
248 BIO_set_nbio(SSL_get_wbio(self->ssl), 1);
249 }
250
251 Py_BEGIN_ALLOW_THREADS
252 SSL_set_connect_state(self->ssl);
253 Py_END_ALLOW_THREADS
254
255 /* Actually negotiate SSL connection */
256 /* XXX If SSL_connect() returns 0, it's also a failure. */
257 sockstate = 0;
258 do {
259 Py_BEGIN_ALLOW_THREADS
260 ret = SSL_connect(self->ssl);
261 err = SSL_get_error(self->ssl, ret);
262 Py_END_ALLOW_THREADS
263 if(PyErr_CheckSignals()) {
264 goto fail;
265 }
266 if (err == SSL_ERROR_WANT_READ) {
267 sockstate = check_socket_and_wait_for_timeout(Sock, 0);
268 } else if (err == SSL_ERROR_WANT_WRITE) {
269 sockstate = check_socket_and_wait_for_timeout(Sock, 1);
270 } else {
271 sockstate = SOCKET_OPERATION_OK;
272 }
273 if (sockstate == SOCKET_HAS_TIMED_OUT) {
274 PyErr_SetString(PySSLErrorObject, "The connect operation timed out");
275 goto fail;
276 } else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
277 PyErr_SetString(PySSLErrorObject, "Underlying socket has been closed.");
278 goto fail;
279 } else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
280 PyErr_SetString(PySSLErrorObject, "Underlying socket too large for select().");
281 goto fail;
282 } else if (sockstate == SOCKET_IS_NONBLOCKING) {
283 break;
284 }
285 } while (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE);
286 if (ret <= 0) {
287 PySSL_SetError(self, ret);
288 goto fail;
289 }
290 self->ssl->debug = 1;
291
292 Py_BEGIN_ALLOW_THREADS
293 if ((self->server_cert = SSL_get_peer_certificate(self->ssl))) {
294 X509_NAME_oneline(X509_get_subject_name(self->server_cert),
295 self->server, X509_NAME_MAXLEN);
296 X509_NAME_oneline(X509_get_issuer_name(self->server_cert),
297 self->issuer, X509_NAME_MAXLEN);
298 }
299 Py_END_ALLOW_THREADS
300 self->Socket = Sock;
301 Py_INCREF(self->Socket);
302 return self;
303 fail:
304 if (errstr)
305 PyErr_SetString(PySSLErrorObject, errstr);
306 Py_DECREF(self);
307 return NULL;
308 }
309
310 static PyObject *
311 PySocket_ssl(PyObject *self, PyObject *args)
312 {
313 PySSLObject *rv;
314 PySocketSockObject *Sock;
315 char *key_file = NULL;
316 char *cert_file = NULL;
317
318 if (!PyArg_ParseTuple(args, "O!|zz:ssl",
319 PySocketModule.Sock_Type,
320 &Sock,
321 &key_file, &cert_file))
322 return NULL;
323
324 rv = newPySSLObject(Sock, key_file, cert_file);
325 if (rv == NULL)
326 return NULL;
327 return (PyObject *)rv;
328 }
329
330 PyDoc_STRVAR(ssl_doc,
331 "ssl(socket, [keyfile, certfile]) -> sslobject");
332
333 /* SSL object methods */
334
335 static PyObject *
336 PySSL_server(PySSLObject *self)
337 {
338 return PyString_FromString(self->server);
339 }
340
341 static PyObject *
342 PySSL_issuer(PySSLObject *self)
343 {
344 return PyString_FromString(self->issuer);
345 }
346
347
348 static void PySSL_dealloc(PySSLObject *self)
349 {
350 if (self->server_cert) /* Possible not to have one? */
351 X509_free (self->server_cert);
352 if (self->ssl)
353 SSL_free(self->ssl);
354 if (self->ctx)
355 SSL_CTX_free(self->ctx);
356 Py_XDECREF(self->Socket);
357 PyObject_Del(self);
358 }
359
360 /* If the socket has a timeout, do a select()/poll() on the socket.
361 The argument writing indicates the direction.
362 Returns one of the possibilities in the timeout_state enum (above).
363 */
364
365 static int
366 check_socket_and_wait_for_timeout(PySocketSockObject *s, int writing)
367 {
368 fd_set fds;
369 struct timeval tv;
370 int rc;
371
372 /* Nothing to do unless we're in timeout mode (not non-blocking) */
373 if (s->sock_timeout < 0.0)
374 return SOCKET_IS_BLOCKING;
375 else if (s->sock_timeout == 0.0)
376 return SOCKET_IS_NONBLOCKING;
377
378 /* Guard against closed socket */
379 if (s->sock_fd < 0)
380 return SOCKET_HAS_BEEN_CLOSED;
381
382 /* Prefer poll, if available, since you can poll() any fd
383 * which can't be done with select(). */
384 #ifdef HAVE_POLL
385 {
386 struct pollfd pollfd;
387 int timeout;
388
389 pollfd.fd = s->sock_fd;
390 pollfd.events = writing ? POLLOUT : POLLIN;
391
392 /* s->sock_timeout is in seconds, timeout in ms */
393 timeout = (int)(s->sock_timeout * 1000 + 0.5);
394 Py_BEGIN_ALLOW_THREADS
395 rc = poll(&pollfd, 1, timeout);
396 Py_END_ALLOW_THREADS
397
398 goto normal_return;
399 }
400 #endif
401
402 /* Guard against socket too large for select*/
403 #ifndef Py_SOCKET_FD_CAN_BE_GE_FD_SETSIZE
404 if (s->sock_fd >= FD_SETSIZE)
405 return SOCKET_TOO_LARGE_FOR_SELECT;
406 #endif
407
408 /* Construct the arguments to select */
409 tv.tv_sec = (int)s->sock_timeout;
410 tv.tv_usec = (int)((s->sock_timeout - tv.tv_sec) * 1e6);
411 FD_ZERO(&fds);
412 FD_SET(s->sock_fd, &fds);
413
414 /* See if the socket is ready */
415 Py_BEGIN_ALLOW_THREADS
416 if (writing)
417 rc = select(s->sock_fd+1, NULL, &fds, NULL, &tv);
418 else
419 rc = select(s->sock_fd+1, &fds, NULL, NULL, &tv);
420 Py_END_ALLOW_THREADS
421
422 normal_return:
423 /* Return SOCKET_TIMED_OUT on timeout, SOCKET_OPERATION_OK otherwise
424 (when we are able to write or when there's something to read) */
425 return rc == 0 ? SOCKET_HAS_TIMED_OUT : SOCKET_OPERATION_OK;
426 }
427
428 static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args)
429 {
430 char *data;
431 int len;
432 int count;
433 int sockstate;
434 int err;
435
436 if (!PyArg_ParseTuple(args, "s#:write", &data, &count))
437 return NULL;
438
439 sockstate = check_socket_and_wait_for_timeout(self->Socket, 1);
440 if (sockstate == SOCKET_HAS_TIMED_OUT) {
441 PyErr_SetString(PySSLErrorObject, "The write operation timed out");
442 return NULL;
443 } else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
444 PyErr_SetString(PySSLErrorObject, "Underlying socket has been closed.");
445 return NULL;
446 } else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
447 PyErr_SetString(PySSLErrorObject, "Underlying socket too large for select().");
448 return NULL;
449 }
450 do {
451 err = 0;
452 Py_BEGIN_ALLOW_THREADS
453 len = SSL_write(self->ssl, data, count);
454 err = SSL_get_error(self->ssl, len);
455 Py_END_ALLOW_THREADS
456 if(PyErr_CheckSignals()) {
457 return NULL;
458 }
459 if (err == SSL_ERROR_WANT_READ) {
460 sockstate = check_socket_and_wait_for_timeout(self->Socket, 0);
461 } else if (err == SSL_ERROR_WANT_WRITE) {
462 sockstate = check_socket_and_wait_for_timeout(self->Socket, 1);
463 } else {
464 sockstate = SOCKET_OPERATION_OK;
465 }
466 if (sockstate == SOCKET_HAS_TIMED_OUT) {
467 PyErr_SetString(PySSLErrorObject, "The write operation timed out");
468 return NULL;
469 } else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
470 PyErr_SetString(PySSLErrorObject, "Underlying socket has been closed.");
471 return NULL;
472 } else if (sockstate == SOCKET_IS_NONBLOCKING) {
473 break;
474 }
475 } while (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE);
476 if (len > 0)
477 return PyInt_FromLong(len);
478 else
479 return PySSL_SetError(self, len);
480 }
481
482 PyDoc_STRVAR(PySSL_SSLwrite_doc,
483 "write(s) -> len\n\
484 \n\
485 Writes the string s into the SSL object. Returns the number\n\
486 of bytes written.");
487
488 static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args)
489 {
490 PyObject *buf;
491 int count = 0;
492 int len = 1024;
493 int sockstate;
494 int err;
495
496 if (!PyArg_ParseTuple(args, "|i:read", &len))
497 return NULL;
498
499 if (!(buf = PyString_FromStringAndSize((char *) 0, len)))
500 return NULL;
501
502 /* first check if there are bytes ready to be read */
503 Py_BEGIN_ALLOW_THREADS
504 count = SSL_pending(self->ssl);
505 Py_END_ALLOW_THREADS
506
507 if (!count) {
508 sockstate = check_socket_and_wait_for_timeout(self->Socket, 0);
509 if (sockstate == SOCKET_HAS_TIMED_OUT) {
510 PyErr_SetString(PySSLErrorObject, "The read operation timed out");
511 Py_DECREF(buf);
512 return NULL;
513 } else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
514 PyErr_SetString(PySSLErrorObject, "Underlying socket too large for select().");
515 return NULL;
516 }
517 }
518 do {
519 err = 0;
520 Py_BEGIN_ALLOW_THREADS
521 count = SSL_read(self->ssl, PyString_AsString(buf), len);
522 err = SSL_get_error(self->ssl, count);
523 Py_END_ALLOW_THREADS
524 if(PyErr_CheckSignals()) {
525 Py_DECREF(buf);
526 return NULL;
527 }
528 if (err == SSL_ERROR_WANT_READ) {
529 sockstate = check_socket_and_wait_for_timeout(self->Socket, 0);
530 } else if (err == SSL_ERROR_WANT_WRITE) {
531 sockstate = check_socket_and_wait_for_timeout(self->Socket, 1);
532 } else {
533 sockstate = SOCKET_OPERATION_OK;
534 }
535 if (sockstate == SOCKET_HAS_TIMED_OUT) {
536 PyErr_SetString(PySSLErrorObject, "The read operation timed out");
537 Py_DECREF(buf);
538 return NULL;
539 } else if (sockstate == SOCKET_IS_NONBLOCKING) {
540 break;
541 }
542 } while (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE);
543 if (count <= 0) {
544 Py_DECREF(buf);
545 return PySSL_SetError(self, count);
546 }
547 if (count != len)
548 _PyString_Resize(&buf, count);
549 return buf;
550 }
551
552 PyDoc_STRVAR(PySSL_SSLread_doc,
553 "read([len]) -> string\n\
554 \n\
555 Read up to len bytes from the SSL socket.");
556
557 static PyMethodDef PySSLMethods[] = {
558 {"write", (PyCFunction)PySSL_SSLwrite, METH_VARARGS,
559 PySSL_SSLwrite_doc},
560 {"read", (PyCFunction)PySSL_SSLread, METH_VARARGS,
561 PySSL_SSLread_doc},
562 {"server", (PyCFunction)PySSL_server, METH_NOARGS},
563 {"issuer", (PyCFunction)PySSL_issuer, METH_NOARGS},
564 {NULL, NULL}
565 };
566
567 static PyObject *PySSL_getattr(PySSLObject *self, char *name)
568 {
569 return Py_FindMethod(PySSLMethods, (PyObject *)self, name);
570 }
571
572 static PyTypeObject PySSL_Type = {
573 PyObject_HEAD_INIT(NULL)
574 0, /*ob_size*/
575 "socket.SSL", /*tp_name*/
576 sizeof(PySSLObject), /*tp_basicsize*/
577 0, /*tp_itemsize*/
578 /* methods */
579 (destructor)PySSL_dealloc, /*tp_dealloc*/
580 0, /*tp_print*/
581 (getattrfunc)PySSL_getattr, /*tp_getattr*/
582 0, /*tp_setattr*/
583 0, /*tp_compare*/
584 0, /*tp_repr*/
585 0, /*tp_as_number*/
586 0, /*tp_as_sequence*/
587 0, /*tp_as_mapping*/
588 0, /*tp_hash*/
589 };
590
591 #ifdef HAVE_OPENSSL_RAND
592
593 /* helper routines for seeding the SSL PRNG */
594 static PyObject *
595 PySSL_RAND_add(PyObject *self, PyObject *args)
596 {
597 char *buf;
598 int len;
599 double entropy;
600
601 if (!PyArg_ParseTuple(args, "s#d:RAND_add", &buf, &len, &entropy))
602 return NULL;
603 RAND_add(buf, len, entropy);
604 Py_INCREF(Py_None);
605 return Py_None;
606 }
607
608 PyDoc_STRVAR(PySSL_RAND_add_doc,
609 "RAND_add(string, entropy)\n\
610 \n\
611 Mix string into the OpenSSL PRNG state. entropy (a float) is a lower\n\
612 bound on the entropy contained in string.");
613
614 static PyObject *
615 PySSL_RAND_status(PyObject *self)
616 {
617 return PyInt_FromLong(RAND_status());
618 }
619
620 PyDoc_STRVAR(PySSL_RAND_status_doc,
621 "RAND_status() -> 0 or 1\n\
622 \n\
623 Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
624 It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
625 using the ssl() function.");
626
627 static PyObject *
628 PySSL_RAND_egd(PyObject *self, PyObject *arg)
629 {
630 int bytes;
631
632 if (!PyString_Check(arg))
633 return PyErr_Format(PyExc_TypeError,
634 "RAND_egd() expected string, found %s",
635 arg->ob_type->tp_name);
636 bytes = RAND_egd(PyString_AS_STRING(arg));
637 if (bytes == -1) {
638 PyErr_SetString(PySSLErrorObject,
639 "EGD connection failed or EGD did not return "
640 "enough data to seed the PRNG");
641 return NULL;
642 }
643 return PyInt_FromLong(bytes);
644 }
645
646 PyDoc_STRVAR(PySSL_RAND_egd_doc,
647 "RAND_egd(path) -> bytes\n\
648 \n\
649 Queries the entropy gather daemon (EGD) on socket path. Returns number\n\
650 of bytes read. Raises socket.sslerror if connection to EGD fails or\n\
651 if it does provide enough data to seed PRNG.");
652
653 #endif
654
655 /* List of functions exported by this module. */
656
657 static PyMethodDef PySSL_methods[] = {
658 {"ssl", PySocket_ssl,
659 METH_VARARGS, ssl_doc},
660 #ifdef HAVE_OPENSSL_RAND
661 {"RAND_add", PySSL_RAND_add, METH_VARARGS,
662 PySSL_RAND_add_doc},
663 {"RAND_egd", PySSL_RAND_egd, METH_O,
664 PySSL_RAND_egd_doc},
665 {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
666 PySSL_RAND_status_doc},
667 #endif
668 {NULL, NULL} /* Sentinel */
669 };
670
671
672 PyDoc_STRVAR(module_doc,
673 "Implementation module for SSL socket operations. See the socket module\n\
674 for documentation.");
675
676 PyMODINIT_FUNC
677 init_ssl(void)
678 {
679 PyObject *m, *d;
680
681 PySSL_Type.ob_type = &PyType_Type;
682
683 m = Py_InitModule3("_ssl", PySSL_methods, module_doc);
684 if (m == NULL)
685 return;
686 d = PyModule_GetDict(m);
687
688 /* Load _socket module and its C API */
689 if (PySocketModule_ImportModuleAndAPI())
690 return;
691
692 /* Init OpenSSL */
693 SSL_load_error_strings();
694 SSLeay_add_ssl_algorithms();
695
696 /* Add symbols to module dict */
697 PySSLErrorObject = PyErr_NewException("socket.sslerror",
698 PySocketModule.error,
699 NULL);
700 if (PySSLErrorObject == NULL)
701 return;
702 PyDict_SetItemString(d, "sslerror", PySSLErrorObject);
703 if (PyDict_SetItemString(d, "SSLType",
704 (PyObject *)&PySSL_Type) != 0)
705 return;
706 PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
707 PY_SSL_ERROR_ZERO_RETURN);
708 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
709 PY_SSL_ERROR_WANT_READ);
710 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE",
711 PY_SSL_ERROR_WANT_WRITE);
712 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP",
713 PY_SSL_ERROR_WANT_X509_LOOKUP);
714 PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL",
715 PY_SSL_ERROR_SYSCALL);
716 PyModule_AddIntConstant(m, "SSL_ERROR_SSL",
717 PY_SSL_ERROR_SSL);
718 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT",
719 PY_SSL_ERROR_WANT_CONNECT);
720 /* non ssl.h errorcodes */
721 PyModule_AddIntConstant(m, "SSL_ERROR_EOF",
722 PY_SSL_ERROR_EOF);
723 PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE",
724 PY_SSL_ERROR_INVALID_ERROR_CODE);
725
726 }
python git mirror