[pypy-svn] pypy default: Fix the basic ssl.sslwrap() test

Tue Jan 18 00:29:57 CET 2011

Author: Amaury Forgeot d'Arc <amauryfa at gmail.com>
Branch: 
Changeset: r40823:4b31c730ac1a
Date: 2011-01-18 00:27 +0100
http://bitbucket.org/pypy/pypy/changeset/4b31c730ac1a/

Log:	Fix the basic ssl.sslwrap() test

diff --git a/pypy/module/_ssl/test/test_ssl.py b/pypy/module/_ssl/test/test_ssl.py
--- a/pypy/module/_ssl/test/test_ssl.py
+++ b/pypy/module/_ssl/test/test_ssl.py
@@ -60,6 +60,12 @@
             skip("This test needs a running entropy gathering daemon")
         _ssl.RAND_egd("entropy")
 
+    def test_sslwrap(self):
+        import _ssl
+        import _socket
+        s = _socket.socket()
+        _ssl.sslwrap(s, 0)
+
 class AppTestConnectedSSL:
     def setup_class(cls):
         space = gettestobjspace(usemodules=('_ssl', '_socket'))

diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -23,6 +23,8 @@
 
 PY_SSL_CERT_NONE, PY_SSL_CERT_OPTIONAL, PY_SSL_CERT_REQUIRED = 0, 1, 2
 
+PY_SSL_CLIENT, PY_SSL_SERVER = 0, 1
+
 (PY_SSL_VERSION_SSL2, PY_SSL_VERSION_SSL3,
  PY_SSL_VERSION_SSL23, PY_SSL_VERSION_TLS1) = range(4)
 
@@ -260,7 +262,7 @@
 
 def new_sslobject(space, w_sock, side, w_key_file, w_cert_file):
     ss = SSLObject(space)
-    
+
     sock_fd = space.int_w(space.call_method(w_sock, "fileno"))
     w_timeout = space.call_method(w_sock, "gettimeout")
     if space.is_w(w_timeout, space.w_None):
@@ -274,27 +276,33 @@
     if space.is_w(w_cert_file, space.w_None):
         cert_file = None
     else:
-        cert_file = space.str_w(w_cert_file)    
-    
+        cert_file = space.str_w(w_cert_file)
 
-    if ((key_file and not cert_file) or (not key_file and cert_file)):
-        raise ssl_error(space, "Both the key & certificate files must be specified")
+    if side == PY_SSL_SERVER and (not key_file or not cert_file):
+        raise ssl_error(space, "Both the key & certificate files "
+                        "must be specified for server-side operation")
 
     ss.ctx = libssl_SSL_CTX_new(libssl_SSLv23_method()) # set up context
     if not ss.ctx:
-        raise ssl_error(space, "SSL_CTX_new error")
+        raise ssl_error(space, "Invalid SSL protocol variant specified")
+
+    # XXX SSL_CTX_set_cipher_list?
+
+    # XXX SSL_CTX_load_verify_locations?
 
     if key_file:
         ret = libssl_SSL_CTX_use_PrivateKey_file(ss.ctx, key_file,
-            SSL_FILETYPE_PEM)
+                                                 SSL_FILETYPE_PEM)
         if ret < 1:
             raise ssl_error(space, "SSL_CTX_use_PrivateKey_file error")
 
         ret = libssl_SSL_CTX_use_certificate_chain_file(ss.ctx, cert_file)
-        libssl_SSL_CTX_ctrl(ss.ctx, SSL_CTRL_OPTIONS, SSL_OP_ALL, None)
         if ret < 1:
             raise ssl_error(space, "SSL_CTX_use_certificate_chain_file error")
 
+    # ssl compatibility
+    libssl_SSL_CTX_set_options(ss.ctx, SSL_OP_ALL)
+
     libssl_SSL_CTX_set_verify(ss.ctx, SSL_VERIFY_NONE, None) # set verify level
     ss.ssl = libssl_SSL_new(ss.ctx) # new ssl struct
     libssl_SSL_set_fd(ss.ssl, sock_fd) # set the socket for SSL
@@ -307,44 +315,10 @@
         libssl_BIO_ctrl(libssl_SSL_get_wbio(ss.ssl), BIO_C_SET_NBIO, 1, None)
     libssl_SSL_set_connect_state(ss.ssl)
 
-    # Actually negotiate SSL connection
-    # XXX If SSL_connect() returns 0, it's also a failure.
-    sockstate = 0
-    while True:
-        ret = libssl_SSL_connect(ss.ssl)
-        err = libssl_SSL_get_error(ss.ssl, ret)
-        
-        if err == SSL_ERROR_WANT_READ:
-            sockstate = check_socket_and_wait_for_timeout(space, w_sock, False)
-        elif err == SSL_ERROR_WANT_WRITE:
-            sockstate = check_socket_and_wait_for_timeout(space, w_sock, True)
-        else:
-            sockstate = SOCKET_OPERATION_OK
-        
-        if sockstate == SOCKET_HAS_TIMED_OUT:
-            raise ssl_error(space, "The connect operation timed out")
-        elif sockstate == SOCKET_HAS_BEEN_CLOSED:
-            raise ssl_error(space, "Underlying socket has been closed.")
-        elif sockstate == SOCKET_TOO_LARGE_FOR_SELECT:
-            raise ssl_error(space, "Underlying socket too large for select().")
-        elif sockstate == SOCKET_IS_NONBLOCKING:
-            break
-        
-        if err == SSL_ERROR_WANT_READ or err == SSL_ERROR_WANT_WRITE:
-            continue
-        else:
-            break
-    
-    if ret <= 0:
-        errstr, errval = _ssl_seterror(space, ss, ret)
-        raise ssl_error(space, "%s: %d" % (errstr, errval))
-    
-    ss.server_cert = libssl_SSL_get_peer_certificate(ss.ssl)
-    if ss.server_cert:
-        libssl_X509_NAME_oneline(libssl_X509_get_subject_name(ss.server_cert),
-            ss._server, X509_NAME_MAXLEN)
-        libssl_X509_NAME_oneline(libssl_X509_get_issuer_name(ss.server_cert),
-            ss._issuer, X509_NAME_MAXLEN)
+    if side == PY_SSL_CLIENT:
+        libssl_SSL_set_connect_state(ss.ssl)
+    else:
+        libssl_SSL_set_accept_state(ss.ssl)
 
     ss.w_socket = w_sock
     return ss

diff --git a/pypy/rlib/ropenssl.py b/pypy/rlib/ropenssl.py
--- a/pypy/rlib/ropenssl.py
+++ b/pypy/rlib/ropenssl.py
@@ -107,6 +107,7 @@
 ssl_external('SSL_get_rbio', [SSL], BIO)
 ssl_external('SSL_get_wbio', [SSL], BIO)
 ssl_external('SSL_set_connect_state', [SSL], lltype.Void)
+ssl_external('SSL_set_accept_state', [SSL], lltype.Void)
 ssl_external('SSL_connect', [SSL], rffi.INT)
 ssl_external('SSL_get_error', [SSL, rffi.INT], rffi.INT)
 
@@ -147,6 +148,9 @@
 EVP_MD_CTX_cleanup = external(
     'EVP_MD_CTX_cleanup', [EVP_MD_CTX], rffi.INT)
 
+def libssl_SSL_CTX_set_options(ctx, op):
+    return libssl_SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, op, None)
+
 def init_ssl():
     libssl_SSL_load_error_strings()
     libssl_SSL_library_init()
