def do_handshake(self, block=False): # pylint: disable=unused-argument """ Perform a TLS/SSL handshake. """ self._check_closed("do_handshake") self._check_connected() if self._server_side: ret = _lib.wolfSSL_accept(self.native_object) else: ret = _lib.wolfSSL_connect(self.native_object) if ret != _SSL_SUCCESS: err = _lib.wolfSSL_get_error(self.native_object, 0) if err == _SSL_ERROR_WANT_READ: raise SSLWantReadError() elif err == _SSL_ERROR_WANT_WRITE: raise SSLWantWriteError() else: eBuf = _ffi.new("char[80]") eStr = _ffi.string(_lib.wolfSSL_ERR_error_string( err, eBuf)).decode("ascii") if 'ASN no signer error to confirm' in eStr or err is -188: # Some Python ssl consumers explicitly check error message # for 'certificate verify failed' raise SSLError("do_handshake failed with error %d, " "certificate verify failed" % err) # get alert code and string to put in exception msg alertHistoryPtr = _ffi.new("WOLFSSL_ALERT_HISTORY*") alertRet = _lib.wolfSSL_get_alert_history( self.native_object, alertHistoryPtr) if alertRet == _SSL_SUCCESS: alertHistory = alertHistoryPtr[0] code = alertHistory.last_rx.code alertDesc = _lib.wolfSSL_alert_type_string_long(code) if alertDesc != _ffi.NULL: alertStr = _ffi.string(alertDesc).decode("ascii") else: alertStr = '' raise SSLError("do_handshake failed with error %d: %s. " "alert (%d): %s" % (err, eStr, code, alertStr)) else: raise SSLError("do_handshake failed with error %d: %s" % (err, eStr))
def get_next_altname(self): sanPtr = _lib.wolfSSL_X509_get_next_altname(self.native_object) if (sanPtr == _ffi.NULL): return None san = _ffi.string(sanPtr).decode("ascii") return san
def get_subject_cn(self): cnPtr = _lib.wolfSSL_X509_get_subjectCN(self.native_object) if cnPtr == _ffi.NULL: return '' cn = _ffi.string(cnPtr).decode("ascii") return cn