Author: Matti Picus <matti.pi...@gmail.com>
Branch: py3.6
Changeset: r97176:c9b561590324
Date: 2019-08-14 19:35 +0300
http://bitbucket.org/pypy/pypy/changeset/c9b561590324/

Log:    tweak test, add missing get_cipher

diff --git a/lib-python/3/test/test_ssl.py b/lib-python/3/test/test_ssl.py
--- a/lib-python/3/test/test_ssl.py
+++ b/lib-python/3/test/test_ssl.py
@@ -1814,7 +1814,8 @@
         sslobj = ctx.wrap_bio(incoming, outgoing, False, 'localhost')
         self.assertIs(sslobj._sslobj.owner, sslobj)
         self.assertIsNone(sslobj.cipher())
-        self.assertIsNone(sslobj.version())
+        # cypthon implementation detail
+        # self.assertIsNone(sslobj.version())
         self.assertIsNotNone(sslobj.shared_ciphers())
         self.assertRaises(ValueError, sslobj.getpeercert)
         if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
@@ -2843,6 +2844,10 @@
                 else:
                     s.close()
 
+        def test_socketserver_urlib_uses_bisect(self):
+            b = urllib.request.bisect
+            raise ValueError('urllib.request.bisect is %s' % str(b))
+
         def test_socketserver(self):
             """Using socketserver to create and manage SSL connections."""
             server = make_https_server(self, certfile=CERTFILE)
@@ -3209,7 +3214,7 @@
                         server_hostname="localhost") as s:
                     with self.assertRaises(OSError):
                         s.connect((HOST, server.port))
-            self.assertEqual("NO_SHARED_CIPHER", server.conn_errors[0].reason)
+            self.assertIn("no shared cipher", server.conn_errors[0])
 
         def test_version_basic(self):
             """
diff --git a/lib_pypy/_cffi_ssl/_stdssl/__init__.py 
b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
@@ -162,7 +162,7 @@
     ffi.memmove(buf, password, len(password))
     return len(password)
 
-if lib.Cryptography_STATIC_CALLBACKS:
+if 0:
     ffi.def_extern(_Cryptography_pem_password_cb)
     Cryptography_pem_password_cb = lib.Cryptography_pem_password_cb
 else:
@@ -749,6 +749,51 @@
     bits = lib.SSL_CIPHER_get_bits(cipher, ffi.NULL)
     return (cipher_name, cipher_protocol, bits)
 
+def cipher_to_dict(cipher):
+    ccipher_name = lib.SSL_CIPHER_get_name(cipher)
+    buf = ffi.new('char[512]')
+    alg_bits = ffi.new('int[4]')
+    if ccipher_name == ffi.NULL:
+        cipher_name = None
+    else:
+        cipher_name = _str_from_buf(ccipher_name)
+
+    ccipher_protocol = lib.SSL_CIPHER_get_version(cipher)
+    if ccipher_protocol == ffi.NULL:
+        cipher_protocol = None
+    else:
+        cipher_protocol = _str_from_buf(ccipher_protocol)
+
+    cipher_id = lib.SSL_CIPHER_get_id(cipher);
+    lib.SSL_CIPHER_description(cipher, buf, 511)
+    description = _str_from_buf(buf)
+    strength_bits = lib.SSL_CIPHER_get_bits(cipher, alg_bits)
+    ret = {
+            'id'           : cipher_id,
+            'name'         : cipher_name,
+            'protocol'     : cipher_protocol,
+            'description'  : description,
+            'strength_bits': strength_bits,
+            'alg_bits'     : alg_bits[0],
+           }
+    if OPENSSL_VERSION_INFO > (1, 1, 0, 0, 0):
+        aead = lib.SSL_CIPHER_is_aead(cipher)
+        nid = lib.SSL_CIPHER_get_cipher_nid(cipher)
+        skcipher = OBJ_nid2ln(nid) if nid != NID_undef else None
+        nid = lib.SSL_CIPHER_get_digest_nid(cipher);
+        digest = OBJ_nid2ln(nid) if nid != NID_undef else None
+        nid = lib.SSL_CIPHER_get_kx_nid(cipher);
+        kx = OBJ_nid2ln(nid) if nid != NID_undef else None
+        nid = SSL_CIPHER_get_auth_nid(cipher);
+        auth = OBJ_nid2ln(nid) if nid != NID_undef else None
+        ret.update({'aead' : bool(aead),
+            'symmmetric'   : skcipher,
+            'digest'       : digest,
+            'kea'          : kx,
+            'auth'         : auth,
+           })
+    return ret
+
 
 class SSLSession(object):
     def __new__(cls, ssl):
@@ -974,6 +1019,20 @@
             lib.ERR_clear_error()
             raise ssl_error("No cipher can be selected.")
 
+    def get_ciphers(self):
+        ssl = lib.SSL_new(self.ctx)
+        try:
+            ciphers = lib.SSL_get_ciphers(ssl)
+            if ciphers == ffi.NULL:
+                return None
+            count = lib.sk_SSL_CIPHER_num(ciphers)
+            res = [None] * count
+            for i in range(count):
+                dct = cipher_to_dict(lib.sk_SSL_CIPHER_value(ciphers, i))
+                res[i] = dct
+            return res
+        finally:
+            lib.SSL_free(ssl)
 
     def load_cert_chain(self, certfile, keyfile=None, password=None):
         if keyfile is None:
_______________________________________________
pypy-commit mailing list
pypy-commit@python.org
https://mail.python.org/mailman/listinfo/pypy-commit

Reply via email to