Author: Ronan Lamy <[email protected]>
Branch: py3.7
Changeset: r97363:c45e8e15bf26
Date: 2019-09-01 17:01 +0100
http://bitbucket.org/pypy/pypy/changeset/c45e8e15bf26/
Log: Add some constants to _ssl
diff --git a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
@@ -8,10 +8,10 @@
_decode_certificate, _certificate_to_der)
from _cffi_ssl._stdssl.utility import (_str_with_len, _bytes_with_len,
_str_to_ffi_buffer, _str_from_buf, _cstr_decode_fs)
-from _cffi_ssl._stdssl.error import (ssl_error, pyssl_error,
- SSLError, SSLZeroReturnError, SSLWantReadError,
- SSLWantWriteError, SSLSyscallError,
- SSLEOFError)
+from _cffi_ssl._stdssl.error import (
+ ssl_error, pyssl_error, SSLError, SSLCertVerificationError,
+ SSLZeroReturnError, SSLWantReadError, SSLWantWriteError, SSLSyscallError,
+ SSLEOFError)
from _cffi_ssl._stdssl.error import (SSL_ERROR_NONE,
SSL_ERROR_SSL, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE,
SSL_ERROR_WANT_X509_LOOKUP, SSL_ERROR_SYSCALL,
@@ -100,8 +100,23 @@
PROTOCOL_TLSv1_2 = 5
PROTOCOL_TLS_CLIENT = 0x10
PROTOCOL_TLS_SERVER = 0x11
+HAS_SSLv2 = bool(lib.Cryptography_HAS_SSL2)
+HAS_SSLv3 = SSLv3_method_ok
+HAS_TLSv1 = True # XXX
+HAS_TLSv1_1 = bool(lib.Cryptography_HAS_TLSv1_1)
+HAS_TLSv1_2 = bool(lib.Cryptography_HAS_TLSv1_2)
HAS_TLSv1_3 = bool(lib.Cryptography_HAS_TLSv1_3)
+# Values brute-copied from CPython 3.7. They're documented as meaningless.
+PROTO_MINIMUM_SUPPORTED = -2
+PROTO_MAXIMUM_SUPPORTED = -1
+PROTO_SSLv3 = 0x300
+PROTO_TLSv1 = 0x301
+PROTO_TLSv1_1 = 0x302
+PROTO_TLSv1_2 = 0x303
+PROTO_TLSv1_3 = 0x304
+
+
_PROTOCOL_NAMES = (name for name in dir(lib) if name.startswith('PROTOCOL_'))
_IntEnum._convert('_SSLMethod', __name__,
@@ -118,6 +133,9 @@
if hasattr(lib, lib_attr):
globals()[attr] = getattr(lib, lib_attr)
+# from CPython
+_DEFAULT_CIPHERS =
"DEFAULT:!aNULL:!eNULL:!MD5:!3DES:!DES:!RC4:!IDEA:!SEED:!aDSS:!SRP:!PSK"
+
# init open ssl
lib.SSL_load_error_strings()
lib.SSL_library_init()
diff --git a/lib_pypy/_cffi_ssl/_stdssl/error.py
b/lib_pypy/_cffi_ssl/_stdssl/error.py
--- a/lib_pypy/_cffi_ssl/_stdssl/error.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/error.py
@@ -33,7 +33,10 @@
'SSL_ERROR_WANT_WRITE', 'SSL_ERROR_WANT_X509_LOOKUP', 'SSL_ERROR_SYSCALL',
'SSL_ERROR_SSL', 'SSL_ERROR_WANT_CONNECT', 'SSL_ERROR_EOF',
'SSL_ERROR_INVALID_ERROR_CODE' ]:
- setattr(socket, v, locals()[v])
+ setattr(socket, v, locals()[v])
+
+class SSLCertVerificationError(SSLError, ValueError):
+ """A certificate could not be verified."""
class SSLZeroReturnError(SSLError):
""" SSL/TLS session closed cleanly. """
diff --git a/lib_pypy/_ssl/__init__.py b/lib_pypy/_ssl/__init__.py
--- a/lib_pypy/_ssl/__init__.py
+++ b/lib_pypy/_ssl/__init__.py
@@ -1,5 +1,6 @@
-from _cffi_ssl._stdssl import (_PROTOCOL_NAMES, _OPENSSL_API_VERSION,
- _test_decode_cert, _SSLContext)
+from _cffi_ssl._stdssl import (
+ _PROTOCOL_NAMES, _OPENSSL_API_VERSION, _test_decode_cert, _SSLContext,
+ _DEFAULT_CIPHERS)
from _cffi_ssl import _stdssl
from _cffi_ssl._stdssl import *
_______________________________________________
pypy-commit mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-commit
