Lines Matching defs:ssl
8 This module is imported by ssl.py. It should *not* be used
58 #include "openssl/ssl.h"
168 * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
183 /* these mirror ssl.h */
192 /* start of non ssl.h errorcodes */
299 int ssl; /* last seen error from SSL */
309 SSL *ssl;
337 static inline _PySSLError _PySSL_errno(int failed, const SSL *ssl, int retcode)
346 err.ssl = SSL_get_error(ssl, retcode);
435 .name = "ssl.SSLError",
482 verify_code = SSL_get_verify_result(sslsock->ssl);
595 if (sslsock->ssl != NULL) {
598 switch (err.ssl) {
754 if (!SSL_set_tlsext_host_name(self->ssl, server_hostname)) {
760 X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl);
814 self->ssl = NULL;
830 self->ssl = SSL_new(ctx);
832 if (self->ssl == NULL) {
839 X509_VERIFY_PARAM *ssl_params = SSL_get0_param(self->ssl);
842 SSL_set_app_data(self->ssl, self);
844 SSL_set_fd(self->ssl, Py_SAFE_DOWNCAST(sock->sock_fd, SOCKET_T, int));
851 SSL_set_bio(self->ssl, inbio->bio, outbio->bio);
853 SSL_set_mode(self->ssl,
862 int mode = SSL_get_verify_mode(self->ssl);
865 verify_cb = SSL_get_verify_callback(self->ssl);
867 SSL_set_verify(self->ssl, mode, verify_cb);
871 SSL_set_post_handshake_auth(self->ssl, 1);
886 BIO_set_nbio(SSL_get_rbio(self->ssl), 1);
887 BIO_set_nbio(SSL_get_wbio(self->ssl), 1);
892 SSL_set_connect_state(self->ssl);
894 SSL_set_accept_state(self->ssl);
950 BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
951 BIO_set_nbio(SSL_get_wbio(self->ssl), nonblocking);
964 ret = SSL_do_handshake(self->ssl);
965 err = _PySSL_errno(ret < 1, self->ssl, ret);
975 if (err.ssl == SSL_ERROR_WANT_READ) {
977 } else if (err.ssl == SSL_ERROR_WANT_WRITE) {
998 } while (err.ssl == SSL_ERROR_WANT_READ ||
999 err.ssl == SSL_ERROR_WANT_WRITE);
1826 if (!SSL_is_init_finished(self->ssl)) {
1831 peer_cert = SSL_get_peer_certificate(self->ssl);
1839 verification = SSL_CTX_get_verify_mode(SSL_get_SSL_CTX(self->ssl));
1859 STACK_OF(X509) *chain = SSL_get0_verified_chain(self->ssl);
1878 STACK_OF(X509) *chain = SSL_get_peer_cert_chain(self->ssl);
1889 X509 *peer = SSL_get_peer_certificate(self->ssl);
2027 server_ciphers = SSL_get_ciphers(self->ssl);
2030 client_ciphers = SSL_get_client_ciphers(self->ssl);
2064 if (self->ssl == NULL)
2066 current = SSL_get_current_cipher(self->ssl);
2082 if (self->ssl == NULL)
2084 if (!SSL_is_init_finished(self->ssl)) {
2088 version = SSL_get_version(self->ssl);
2105 SSL_get0_alpn_selected(self->ssl, &out, &outlen);
2126 if (self->ssl == NULL)
2128 comp_method = SSL_get_current_compression(self->ssl);
2149 SSL_set_SSL_CTX(self->ssl, self->ctx->ctx);
2152 self->ssl,
2243 if (self->ssl) {
2244 SSL_free(self->ssl);
2360 BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
2361 BIO_set_nbio(SSL_get_wbio(self->ssl), nonblocking);
2387 retval = SSL_write_ex(self->ssl, b->buf, (size_t)b->len, &count);
2388 err = _PySSL_errno(retval == 0, self->ssl, retval);
2399 if (err.ssl == SSL_ERROR_WANT_READ) {
2401 } else if (err.ssl == SSL_ERROR_WANT_WRITE) {
2418 } while (err.ssl == SSL_ERROR_WANT_READ ||
2419 err.ssl == SSL_ERROR_WANT_WRITE);
2447 count = SSL_pending(self->ssl);
2448 err = _PySSL_errno(count < 0, self->ssl, count);
2529 BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
2530 BIO_set_nbio(SSL_get_wbio(self->ssl), nonblocking);
2540 retval = SSL_read_ex(self->ssl, mem, (size_t)len, &count);
2541 err = _PySSL_errno(retval == 0, self->ssl, retval);
2552 if (err.ssl == SSL_ERROR_WANT_READ) {
2554 } else if (err.ssl == SSL_ERROR_WANT_WRITE) {
2556 } else if (err.ssl == SSL_ERROR_ZERO_RETURN &&
2557 SSL_get_shutdown(self->ssl) == SSL_RECEIVED_SHUTDOWN)
2572 } while (err.ssl == SSL_ERROR_WANT_READ ||
2573 err.ssl == SSL_ERROR_WANT_WRITE);
2629 BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
2630 BIO_set_nbio(SSL_get_wbio(self->ssl), nonblocking);
2650 SSL_set_read_ahead(self->ssl, 0);
2651 ret = SSL_shutdown(self->ssl);
2652 err = _PySSL_errno(ret < 0, self->ssl, ret);
2675 if (err.ssl == SSL_ERROR_WANT_READ)
2677 else if (err.ssl == SSL_ERROR_WANT_WRITE)
2683 if (err.ssl == SSL_ERROR_WANT_READ)
2739 if (SSL_session_reused(self->ssl) ^ !self->socket_type) {
2741 len = SSL_get_finished(self->ssl, buf, PySSL_CB_MAXLEN);
2745 len = SSL_get_peer_finished(self->ssl, buf, PySSL_CB_MAXLEN);
2775 int err = SSL_verify_client_post_handshake(self->ssl);
2838 session = SSL_get0_session(self->ssl); /* borrowed reference */
2845 session = SSL_get1_session(self->ssl);
2886 if (SSL_is_init_finished(self->ssl)) {
2895 result = SSL_set_session(self->ssl, session);
2912 if (SSL_session_reused(self->ssl)) {
3039 PY_SSL_DEPRECATED("ssl.PROTOCOL_SSLv3 is deprecated", 2, NULL);
3047 PY_SSL_DEPRECATED("ssl.PROTOCOL_TLSv1 is deprecated", 2, NULL);
3055 PY_SSL_DEPRECATED("ssl.PROTOCOL_TLSv1_1 is deprecated", 2, NULL);
3063 PY_SSL_DEPRECATED("ssl.PROTOCOL_TLSv1_2 is deprecated", 2, NULL);
3068 PY_SSL_DEPRECATED("ssl.PROTOCOL_TLS is deprecated", 2, NULL);
3282 SSL *ssl = NULL;
3288 ssl = SSL_new(self->ctx);
3289 if (ssl == NULL) {
3293 sk = SSL_get_ciphers(ssl);
3311 if (ssl != NULL)
3312 SSL_free(ssl);
3488 PY_SSL_DEPRECATED("ssl.TLSVersion.SSLv3 is deprecated", 2, -1);
3491 PY_SSL_DEPRECATED("ssl.TLSVersion.TLSv1 is deprecated", 2, -1);
3494 PY_SSL_DEPRECATED("ssl.TLSVersion.TLSv1_1 is deprecated", 2, -1);
3638 if (_ssl_deprecated("ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are "
4390 PySSLSocket *ssl;
4392 /* The high-level ssl.SSLSocket object */
4404 ssl = SSL_get_app_data(s);
4405 assert(Py_IS_TYPE(ssl, get_state_ctx(sslctx)->PySSLSocket_Type));
4415 if (ssl->owner)
4416 ssl_socket = PyWeakref_GetObject(ssl->owner);
4417 else if (ssl->Socket)
4418 ssl_socket = PyWeakref_GetObject(ssl->Socket);
4420 ssl_socket = (PyObject *) ssl;
5266 PY_SSL_DEPRECATED("ssl.RAND_pseudo_bytes() is deprecated", 1, NULL);
5276 using the ssl() function.
5750 (exc) = PyErr_NewExceptionWithDoc("ssl." name, (doc), (base), NULL); \
5764 /* ssl.CertificateError used to be a subclass of ValueError */
5854 /* non ssl.h errorcodes */
5885 /* Alert Descriptions from ssl.h */