def pyssl_error(obj, ret): errcode = lib.ERR_peek_last_error() errstr = "" errval = 0 errtype = SSLError e = lib.ERR_peek_last_error() if obj.ssl != ffi.NULL: err = lib.SSL_get_error(obj.ssl, ret) if err == SSL_ERROR_ZERO_RETURN: errtype = SSLZeroReturnError errstr = "TLS/SSL connection has been closed" errval = SSL_ERROR_ZERO_RETURN elif err == SSL_ERROR_WANT_READ: errtype = SSLWantReadError errstr = "The operation did not complete (read)" errval = SSL_ERROR_WANT_READ elif err == SSL_ERROR_WANT_WRITE: errtype = SSLWantWriteError errstr = "The operation did not complete (write)" errval = SSL_ERROR_WANT_WRITE elif err == SSL_ERROR_WANT_X509_LOOKUP: errstr = "The operation did not complete (X509 lookup)" errval = SSL_ERROR_WANT_X509_LOOKUP elif err == SSL_ERROR_WANT_CONNECT: errstr = "The operation did not complete (connect)" errval = SSL_ERROR_WANT_CONNECT elif err == SSL_ERROR_SYSCALL: if e == 0: if ret == 0 or obj.socket is not None: errtype = SSLEOFError errstr = "EOF occurred in violation of protocol" errval = SSL_ERROR_EOF elif ret == -1 and obj.socket is not None: # the underlying BIO reported an I/0 error lib.ERR_clear_error() s = obj.get_socket_or_None() s.errorhandler() assert 0, "must not get here" #errno = ffi.errno #return IOError(errno) else: errtype = SSLSyscallError errstr = "Some I/O error occurred" errval = SSL_ERROR_SYSCALL else: errstr = _str_from_buf(lib.ERR_error_string(e, ffi.NULL)) errval = SSL_ERROR_SYSCALL elif err == SSL_ERROR_SSL: errval = SSL_ERROR_SSL if errcode != 0: errstr = _str_from_buf(lib.ERR_error_string(errcode, ffi.NULL)) else: errstr = "A failure in the SSL library occurred" else: errstr = "Invalid error code" errval = SSL_ERROR_INVALID_ERROR_CODE return fill_sslerror(errtype, errval, errstr, e)
def ssl_error(errstr, errcode=0): if errstr is None: errcode = lib.ERR_peek_last_error() try: return fill_sslerror(SSLError, errcode, errstr, errcode) finally: lib.ERR_clear_error()
def pyssl_error(obj, ret): errcode = lib.ERR_peek_last_error() errstr = "" errval = 0 errtype = SSLError e = lib.ERR_peek_last_error() if obj.ssl != ffi.NULL: err = obj.err if err.ssl == SSL_ERROR_ZERO_RETURN: errtype = SSLZeroReturnError errstr = "TLS/SSL connection has been closed (EOF)" errval = SSL_ERROR_ZERO_RETURN elif err.ssl == SSL_ERROR_WANT_READ: errtype = SSLWantReadError errstr = "The operation did not complete (read)" errval = SSL_ERROR_WANT_READ elif err.ssl == SSL_ERROR_WANT_WRITE: errtype = SSLWantWriteError errstr = "The operation did not complete (write)" errval = SSL_ERROR_WANT_WRITE elif err.ssl == SSL_ERROR_WANT_X509_LOOKUP: errstr = "The operation did not complete (X509 lookup)" errval = SSL_ERROR_WANT_X509_LOOKUP elif err.ssl == SSL_ERROR_WANT_CONNECT: errstr = "The operation did not complete (connect)" errval = SSL_ERROR_WANT_CONNECT elif err.ssl == SSL_ERROR_SYSCALL: if e == 0: if ret == 0 or obj.socket is None: errtype = SSLEOFError errstr = "EOF occurred in violation of protocol" errval = SSL_ERROR_EOF elif ret == -1 and obj.socket is not None: # the underlying BIO reported an I/0 error lib.ERR_clear_error() # s = obj.get_socket_or_None() if sys.platform == 'win32': if err.ws: return OSError(err.ws) if err.c: ffi.errno = err.c errno = ffi.errno return OSError(errno, os.strerror(errno)) else: errtype = SSLSyscallError errstr = "Some I/O error occurred" errval = SSL_ERROR_SYSCALL else: errstr = _str_from_buf(lib.ERR_lib_error_string(e)) errval = SSL_ERROR_SYSCALL elif err.ssl == SSL_ERROR_SSL: errval = SSL_ERROR_SSL if e == 0: errstr = "A failure in the SSL library occurred" else: errstr = _str_from_buf(lib.ERR_lib_error_string(errcode)) err_lib = lib.ERR_GET_LIB(e) err_reason = lib.ERR_GET_REASON(e) reason_str = ERR_CODES_TO_NAMES.get((err_lib, err_reason), None) if (lib.ERR_GET_LIB(e) == lib.ERR_LIB_SSL and reason_str == 'CERTIFICATE_VERIFY_FAILED'): errtype = SSLCertVerificationError else: errstr = "Invalid error code" errval = SSL_ERROR_INVALID_ERROR_CODE return fill_sslerror(obj, errtype, errval, errstr, e)