WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

adds verify_mode to context

pull/683/head
Moisés Guimarães 2016-12-05 19:15:08 -03:00
parent 8eec3cb874
commit 368f2baf88
4 changed files with 50 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
wrapper/python/wolfssl/test/test_context.py
View File

@ -125,6 +125,13 @@ class TestSSLContext(unittest.TestCase):
def test_context_creation(self): def test_context_creation(self):
self.assertIsNotNone(self.ctx) self.assertIsNotNone(self.ctx)
self.assertEqual(self.ctx.verify_mode, self.provider.CERT_NONE)
self.ctx.verify_mode = self.provider.CERT_OPTIONAL
self.assertEqual(self.ctx.verify_mode, self.provider.CERT_OPTIONAL)
self.ctx.verify_mode = self.provider.CERT_REQUIRED
self.assertEqual(self.ctx.verify_mode, self.provider.CERT_REQUIRED)
def test_load_cert_chain_raises(self): def test_load_cert_chain_raises(self):
self.assertRaises(TypeError, self.ctx.load_cert_chain, None) self.assertRaises(TypeError, self.ctx.load_cert_chain, None)

31
wrapper/python/wolfssl/wolfssl/_context.py
View File

@ -33,10 +33,12 @@ CERT_NONE = 0
CERT_OPTIONAL = 1 CERT_OPTIONAL = 1
CERT_REQUIRED = 2 CERT_REQUIRED = 2
_VERIFY_MODE_LIST = [CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED]
_SSL_SUCCESS = 1 _SSL_SUCCESS = 1
_SSL_FILETYPE_PEM = 1 _SSL_FILETYPE_PEM = 1
class SSLContext: class SSLContext(object):
""" """
An SSLContext holds various SSL-related configuration options and An SSLContext holds various SSL-related configuration options and
data, such as certificates and possibly a private key. data, such as certificates and possibly a private key.
@ -47,6 +49,7 @@ class SSLContext:
self.protocol = protocol self.protocol = protocol
self._side = server_side self._side = server_side
self._verify_mode = None
self.native_object = _lib.wolfSSL_CTX_new(method.native_object) self.native_object = _lib.wolfSSL_CTX_new(method.native_object)
# wolfSSL_CTX_new() takes ownership of the method. # wolfSSL_CTX_new() takes ownership of the method.
@ -57,12 +60,38 @@ class SSLContext:
if self.native_object == _ffi.NULL: if self.native_object == _ffi.NULL:
raise MemoryError("Unnable to allocate context object") raise MemoryError("Unnable to allocate context object")
# verify_mode initialization needs a valid native_object.
self.verify_mode = CERT_NONE
def __del__(self): def __del__(self):
if self.native_object is not None: if self.native_object is not None:
_lib.wolfSSL_CTX_free(self.native_object) _lib.wolfSSL_CTX_free(self.native_object)
@property
def verify_mode(self):
"""
Whether to try to verify other peers certificates and how to behave
if verification fails. This attribute must be one of CERT_NONE,
CERT_OPTIONAL or CERT_REQUIRED.
"""
return self._verify_mode
@verify_mode.setter
def verify_mode(self, value):
if value not in _VERIFY_MODE_LIST:
raise ValueError("verify_mode must be one of CERT_NONE, "
"CERT_OPTIONAL or CERT_REQUIRED")
if value != self._verify_mode:
self._verify_mode = value
_lib.wolfSSL_CTX_set_verify(self.native_object,
self._verify_mode,
_ffi.NULL)
# def wrap_socket(self, sock, server_side=False, # def wrap_socket(self, sock, server_side=False,
# do_handshake_on_connect=True, # do_handshake_on_connect=True,
# suppress_ragged_eofs=True, # suppress_ragged_eofs=True,

2
wrapper/python/wolfssl/wolfssl/_methods.py
View File

@ -41,7 +41,7 @@ _PROTOCOL_LIST = [PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLS,
PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2] PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2]
class WolfSSLMethod: class WolfSSLMethod(object):
""" """
An SSLMethod holds SSL-related configuration options such as An SSLMethod holds SSL-related configuration options such as
protocol version and communication side. protocol version and communication side.

23
wrapper/python/wolfssl/wolfssl/build_ffi.py
View File

@ -19,18 +19,18 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software # along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
import os
from cffi import FFI from cffi import FFI
ffi = FFI() ffi = FFI()
ffi.set_source("wolfssl._ffi", ffi.set_source(
"wolfssl._ffi",
""" """
#include <wolfssl/options.h> #include <wolfssl/options.h>
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
void wolfSSL_Free(void *ptr, void* heap, int type); void wolfSSL_Free(void *ptr, void* heap, int type);
""", """,
include_dirs=["/usr/local/include"], include_dirs=["/usr/local/include"],
library_dirs=["/usr/local/lib"], library_dirs=["/usr/local/lib"],
@ -38,7 +38,7 @@ ffi.set_source("wolfssl._ffi",
) )
ffi.cdef( ffi.cdef(
""" """
typedef unsigned char byte; typedef unsigned char byte;
typedef unsigned int word32; typedef unsigned int word32;
@ -52,11 +52,12 @@ ffi.cdef(
void* wolfSSL_CTX_new(void*); void* wolfSSL_CTX_new(void*);
void wolfSSL_CTX_free(void*); void wolfSSL_CTX_free(void*);
int wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int); void wolfSSL_CTX_set_verify(void*, int, void*);
int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*); int wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int);
int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int); int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*);
int wolfSSL_CTX_use_certificate_chain_file(void*, const char *); int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int);
""" int wolfSSL_CTX_use_certificate_chain_file(void*, const char *);
"""
) )
if __name__ == "__main__": if __name__ == "__main__":