Ejemplo n.º 1
0
def fill_sslerror(obj, errtype, ssl_errno, errstr, errcode):
    reason_str = None
    lib_str = None
    if errcode != 0:
        err_lib = lib.ERR_GET_LIB(errcode)
        err_reason = lib.ERR_GET_REASON(errcode)
        reason_str = ERR_CODES_TO_NAMES.get((err_lib, err_reason), None)
        lib_str = LIB_CODES_TO_NAMES.get(err_lib, None)
        # Set last part of msg to a lower-case version of reason_str
        errstr = _str_from_buf(lib.ERR_reason_error_string(errcode))
    msg = errstr
    if not errstr:
        msg = "unknown error"
    # verify code for cert validation error
    verify_str = None
    if (obj and errtype is SSLCertVerificationError):
        verify_code = lib.SSL_get_verify_result(obj.ssl)
        if lib.Cryptography_HAS_102_VERIFICATION_ERROR_CODES:
            if verify_code == lib.X509_V_ERR_HOSTNAME_MISMATCH:
                verify_str = ("Host name mismatch, certificate is not "
                              f"valid for '{obj.server_hostname}'.")
            elif verify_code == lib.X509_V_ERR_IP_ADDRESS_MISMATCH:
                verify_str = ("IP address name mismatch, certificate is not "
                              f"valid for '{obj.server_hostname}'.")
        if not verify_str:
            verify_str = ffi.string(
                lib.X509_verify_cert_error_string(verify_code)).decode()
    if verify_str and reason_str and lib_str:
        msg = f"[{lib_str}: {reason_str}] {errstr}: {verify_str}"
    elif reason_str and lib_str:
        msg = "[%s: %s] %s" % (lib_str, reason_str, errstr)
    elif lib_str:
        msg = "[%s] %s" % (lib_str, errstr)

    err_value = errtype(ssl_errno, msg)
    err_value.reason = reason_str if reason_str else None
    err_value.library = lib_str if lib_str else None
    if (obj and errtype is SSLCertVerificationError):
        err_value.verify_code = verify_code
        err_value.verify_message = verify_str
    return err_value
Ejemplo n.º 2
0
def fill_sslerror(errtype, ssl_errno, errstr, errcode):
    reason_str = None
    lib_str = None
    if errcode != 0:
        err_lib = lib.ERR_GET_LIB(errcode)
        err_reason = lib.ERR_GET_REASON(errcode)
        reason_str = ERR_CODES_TO_NAMES.get((err_lib, err_reason), None)
        lib_str = LIB_CODES_TO_NAMES.get(err_lib, None)
        # Set last part of msg to a lower-case version of reason_str
        errstr = _str_from_buf(lib.ERR_reason_error_string(errcode))
    msg = errstr
    if not errstr:
        msg = "unknown error"
    if reason_str and lib_str:
        msg = "[%s: %s] %s" % (lib_str, reason_str, errstr)
    elif lib_str:
        msg = "[%s] %s" % (lib_str, errstr)

    err_value = errtype(ssl_errno, msg)
    err_value.reason = reason_str if reason_str else None
    err_value.library = lib_str if lib_str else None
    return err_value
Ejemplo n.º 3
0
def pyssl_error(obj, ret):
    errcode = lib.ERR_peek_last_error()

    errstr = ""
    errval = 0
    errtype = SSLError
    e = lib.ERR_peek_last_error()

    if obj.ssl != ffi.NULL:
        err = obj.err

        if err.ssl == SSL_ERROR_ZERO_RETURN:
            errtype = SSLZeroReturnError
            errstr = "TLS/SSL connection has been closed (EOF)"
            errval = SSL_ERROR_ZERO_RETURN
        elif err.ssl == SSL_ERROR_WANT_READ:
            errtype = SSLWantReadError
            errstr = "The operation did not complete (read)"
            errval = SSL_ERROR_WANT_READ
        elif err.ssl == SSL_ERROR_WANT_WRITE:
            errtype = SSLWantWriteError
            errstr = "The operation did not complete (write)"
            errval = SSL_ERROR_WANT_WRITE
        elif err.ssl == SSL_ERROR_WANT_X509_LOOKUP:
            errstr = "The operation did not complete (X509 lookup)"
            errval = SSL_ERROR_WANT_X509_LOOKUP
        elif err.ssl == SSL_ERROR_WANT_CONNECT:
            errstr = "The operation did not complete (connect)"
            errval = SSL_ERROR_WANT_CONNECT
        elif err.ssl == SSL_ERROR_SYSCALL:
            if e == 0:
                if ret == 0 or obj.socket is None:
                    errtype = SSLEOFError
                    errstr = "EOF occurred in violation of protocol"
                    errval = SSL_ERROR_EOF
                elif ret == -1 and obj.socket is not None:
                    # the underlying BIO reported an I/0 error
                    lib.ERR_clear_error()
                    # s = obj.get_socket_or_None()
                    if sys.platform == 'win32':
                        if err.ws:
                            return OSError(err.ws)
                    if err.c:
                        ffi.errno = err.c
                    errno = ffi.errno
                    return OSError(errno, os.strerror(errno))
                else:
                    errtype = SSLSyscallError
                    errstr = "Some I/O error occurred"
                    errval = SSL_ERROR_SYSCALL
            else:
                errstr = _str_from_buf(lib.ERR_lib_error_string(e))
                errval = SSL_ERROR_SYSCALL
        elif err.ssl == SSL_ERROR_SSL:
            errval = SSL_ERROR_SSL
            if e == 0:
                errstr = "A failure in the SSL library occurred"
            else:
                errstr = _str_from_buf(lib.ERR_lib_error_string(errcode))
            err_lib = lib.ERR_GET_LIB(e)
            err_reason = lib.ERR_GET_REASON(e)
            reason_str = ERR_CODES_TO_NAMES.get((err_lib, err_reason), None)
            if (lib.ERR_GET_LIB(e) == lib.ERR_LIB_SSL
                    and reason_str == 'CERTIFICATE_VERIFY_FAILED'):
                errtype = SSLCertVerificationError
        else:
            errstr = "Invalid error code"
            errval = SSL_ERROR_INVALID_ERROR_CODE
    return fill_sslerror(obj, errtype, errval, errstr, e)