Initial basic bindings for ssl

author: cyli <cyli@twistedmatrix.com> 2013-10-19 21:25:41 -0700
committer: cyli <cyli@twistedmatrix.com> 2013-12-20 13:39:43 -0800
commit: b87f7b55d8322358c9dfa73d29d744c14c44237b (patch)
tree: 5f60dfc1baa14d7ea0bb4566c1f27b92c7ff4874
parent: 9b9318d79ba5927603b120411d13b607938cae56 (diff)
download: cryptography-b87f7b55d8322358c9dfa73d29d744c14c44237b.tar.gz
cryptography-b87f7b55d8322358c9dfa73d29d744c14c44237b.tar.bz2
cryptography-b87f7b55d8322358c9dfa73d29d744c14c44237b.zip
1 files changed, 71 insertions, 3 deletions
diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py
index 04611309..e1dccf4c 100644
--- a/cryptography/hazmat/backends/openssl/ssl.py
+++ b/cryptography/hazmat/backends/openssl/ssl.py
@@ -48,6 +48,7 @@ static const int SSL_OP_PKCS1_CHECK_1;
 static const int SSL_OP_PKCS1_CHECK_2;
 static const int SSL_OP_NETSCAPE_CA_DN_BUG;
 static const int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG;
+static const int SSL_OP_NO_COMPRESSION;
 static const int SSL_OP_NO_QUERY_MTU;
 static const int SSL_OP_COOKIE_EXCHANGE;
 static const int SSL_OP_NO_TICKET;
@@ -84,6 +85,7 @@ static const int SSL_CB_CONNECT_LOOP;
 static const int SSL_CB_CONNECT_EXIT;
 static const int SSL_CB_HANDSHAKE_START;
 static const int SSL_CB_HANDSHAKE_DONE;
+static const int SSL_MODE_RELEASE_BUFFERS;
 static const int SSL_MODE_ENABLE_PARTIAL_WRITE;
 static const int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
 static const int SSL_MODE_AUTO_RETRY;
@@ -112,13 +114,38 @@ typedef struct {
 } SSL;
 
 static const int TLSEXT_NAMETYPE_host_name;
+
+typedef int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
+typedef void info_callback(const SSL *ssl, int where, int ret);
+typedef int tlsext_servername_callback(const SSL *ssl, int *alert, void *arg);
 """
 
 FUNCTIONS = """
-void SSL_load_error_strings();
-
+void *OPENSSL_malloc(int);
+void OPENSSL_free(void *);
 int SSL_library_init();
 
+/*  methods */
+
+const SSL_METHOD *SSLv3_method();
+const SSL_METHOD *SSLv3_server_method();
+const SSL_METHOD *SSLv3_client_method();
+const SSL_METHOD *TLSv1_method();
+const SSL_METHOD *TLSv1_server_method();
+const SSL_METHOD *TLSv1_client_method();
+const SSL_METHOD *SSLv23_method();
+const SSL_METHOD *SSLv23_server_method();
+const SSL_METHOD *SSLv23_client_method();
+
+/* SSLv2 support is compiled out of some versions of OpenSSL.  These will
+ * get special support when we generate the bindings so that if they are
+ * available they will be wrapped, but if they are not they won't cause
+ * problems (like link errors).
+ */
+SSL_METHOD *SSLv2_method();
+SSL_METHOD *SSLv2_server_method();
+SSL_METHOD *SSLv2_client_method();
+
 /*  SSL */
 SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *);
 SSL_SESSION *SSL_get1_session(SSL *);
@@ -126,6 +153,14 @@ int SSL_set_session(SSL *, SSL_SESSION *);
 int SSL_get_verify_mode(const SSL *);
 void SSL_set_verify_depth(SSL *, int);
 int SSL_get_verify_depth(const SSL *);
+int (*SSL_get_verify_callback(const SSL *))(int, X509_STORE_CTX *);
+long SSL_set_mode(SSL *, long);
+long SSL_get_mode(SSL *);
+long SSL_set_options(SSL *, long);
+long SSL_clear_options(SSL *, long);
+long SSL_get_options(SSL *);
+void SSL_set_info_callback(SSL *, void (*callback)());
+void (*SSL_get_info_callback(const SSL *))();
 SSL *SSL_new(SSL_CTX *);
 void SSL_free(SSL *);
 int SSL_set_fd(SSL *, int);
@@ -138,20 +173,43 @@ int SSL_pending(const SSL *);
 int SSL_write(SSL *, const void *, int);
 int SSL_read(SSL *, void *, int);
 X509 *SSL_get_peer_certificate(const SSL *);
+struct stack_st_X509 *SSL_get_peer_cert_chain(const SSL *);
+int SSL_want_read(const SSL *);
+int SSL_want_write(const SSL *);
+int SSL_total_renegotiations(const SSL *);
 int SSL_get_error(const SSL *, int);
 int SSL_do_handshake(SSL *);
 int SSL_shutdown(SSL *);
+void SSL_set_shutdown(SSL *, int);
+int SSL_get_shutdown(const SSL *);
+struct stack_st_SSL_CIPHER *SSL_get_ciphers(const SSL *);
 const char *SSL_get_cipher_list(const SSL *, int);
+struct stack_st_X509_NAME *SSL_get_client_CA_list(const SSL *);
 
 /*  context */
+SSL_CTX *SSL_CTX_new(SSL_METHOD *);
 void SSL_CTX_free(SSL_CTX *);
 long SSL_CTX_set_timeout(SSL_CTX *, long);
+long SSL_CTX_get_timeout(SSL_CTX *);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *);
+void SSL_CTX_set_verify(SSL_CTX *, int, verify_callback);
 void SSL_CTX_set_verify_depth(SSL_CTX *, int);
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *))(int, X509_STORE_CTX *);
+void SSL_CTX_set_info_callback(SSL_CTX *, info_callback);
+void (*SSL_CTX_get_info_callback(const SSL_CTX *))();
+long SSL_CTX_set_options(SSL_CTX *, long);
+long SSL_CTX_clear_options(SSL_CTX *, long);
+long SSL_CTX_get_options(SSL_CTX *);
+long SSL_CTX_set_mode(SSL_CTX *, long);
+long SSL_CTX_get_mode(SSL_CTX *);
+long SSL_CTX_set_session_cache_mode(SSL_CTX *, long);
+long SSL_CTX_get_session_cache_mode(SSL_CTX *);
 int SSL_CTX_get_verify_mode(const SSL_CTX *);
 int SSL_CTX_get_verify_depth(const SSL_CTX *);
 int SSL_CTX_set_cipher_list(SSL_CTX *, const char *);
 int SSL_CTX_load_verify_locations(SSL_CTX *, const char *, const char *);
+long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *);
+long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *);
 void SSL_CTX_set_default_passwd_cb(SSL_CTX *, pem_password_cb *);
 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *, void *);
 int SSL_CTX_use_certificate(SSL_CTX *, X509 *);
@@ -159,9 +217,11 @@ int SSL_CTX_use_certificate_file(SSL_CTX *, const char *, int);
 int SSL_CTX_use_certificate_chain_file(SSL_CTX *, const char *);
 int SSL_CTX_use_PrivateKey(SSL_CTX *, EVP_PKEY *);
 int SSL_CTX_use_PrivateKey_file(SSL_CTX *, const char *, int);
+struct stack_st_X509_NAME *SSL_CTX_get_client_CA_list(const SSL_CTX *);
 void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
 int SSL_CTX_add_client_CA(SSL_CTX *, X509 *);
+void SSL_CTX_set_client_CA_list(SSL_CTX *, struct stack_st_X509_NAME *);
 
 /*  X509_STORE_CTX */
 int X509_STORE_CTX_get_error(X509_STORE_CTX *);
@@ -173,7 +233,7 @@ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *);
 void SSL_SESSION_free(SSL_SESSION *);
 """
 
-MACROS = MACROS = """
+MACROS = """
 long SSL_set_mode(SSL *, long);
 long SSL_get_mode(SSL *);
 
@@ -210,6 +270,14 @@ const SSL_METHOD *SSLv23_client_method();
 /*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *);
 long SSL_CTX_get_timeout(const SSL_CTX *);
+
+/* SNI APIs were introduced in OpenSSL 1.0.0.  To continue to support
+ * earlier versions some special handling of these is necessary.
+ */
+void SSL_set_tlsext_host_name(SSL *, char *);
+const char *SSL_get_servername(const SSL *, const int);
+void SSL_CTX_set_tlsext_servername_callback(SSL_CTX *,
+                                            tlsext_servername_callback);
 """
 
 CUSTOMIZATIONS = """
author	cyli <cyli@twistedmatrix.com>	2013-10-19 21:25:41 -0700
committer	cyli <cyli@twistedmatrix.com>	2013-12-20 13:39:43 -0800
commit	b87f7b55d8322358c9dfa73d29d744c14c44237b (patch)
tree	5f60dfc1baa14d7ea0bb4566c1f27b92c7ff4874
parent	9b9318d79ba5927603b120411d13b607938cae56 (diff)
download	cryptography-b87f7b55d8322358c9dfa73d29d744c14c44237b.tar.gz cryptography-b87f7b55d8322358c9dfa73d29d744c14c44237b.tar.bz2 cryptography-b87f7b55d8322358c9dfa73d29d744c14c44237b.zip