def do_handshake(self, block=False): # pylint: disable=unused-argument
"""
Perform a TLS/SSL handshake.
"""
self._check_closed("do_handshake")
self._check_connected()
if self._server_side:
ret = _lib.wolfSSL_accept(self.native_object)
else:
ret = _lib.wolfSSL_connect(self.native_object)
if ret != _SSL_SUCCESS:
err = _lib.wolfSSL_get_error(self.native_object, 0)
if err == _SSL_ERROR_WANT_READ:
raise SSLWantReadError()
elif err == _SSL_ERROR_WANT_WRITE:
raise SSLWantWriteError()
else:
eBuf = _ffi.new("char[80]")
eStr = _ffi.string(_lib.wolfSSL_ERR_error_string(
err, eBuf)).decode("ascii")
if 'ASN no signer error to confirm' in eStr or err is -188:
# Some Python ssl consumers explicitly check error message
# for 'certificate verify failed'
raise SSLError("do_handshake failed with error %d, "
"certificate verify failed" % err)
# get alert code and string to put in exception msg
alertHistoryPtr = _ffi.new("WOLFSSL_ALERT_HISTORY*")
alertRet = _lib.wolfSSL_get_alert_history(
self.native_object, alertHistoryPtr)
if alertRet == _SSL_SUCCESS:
alertHistory = alertHistoryPtr[0]
code = alertHistory.last_rx.code
alertDesc = _lib.wolfSSL_alert_type_string_long(code)
if alertDesc != _ffi.NULL:
alertStr = _ffi.string(alertDesc).decode("ascii")
else:
alertStr = ''
raise SSLError("do_handshake failed with error %d: %s. "
"alert (%d): %s" %
(err, eStr, code, alertStr))
else:
raise SSLError("do_handshake failed with error %d: %s" %
(err, eStr))
def get_next_altname(self):
sanPtr = _lib.wolfSSL_X509_get_next_altname(self.native_object)
if (sanPtr == _ffi.NULL):
return None
san = _ffi.string(sanPtr).decode("ascii")
return san
def get_subject_cn(self):
cnPtr = _lib.wolfSSL_X509_get_subjectCN(self.native_object)
if cnPtr == _ffi.NULL:
return ''
cn = _ffi.string(cnPtr).decode("ascii")
return cn