def __init__(self, sock=None, keyfile=None, certfile=None,
                 server_side=False, cert_reqs=CERT_NONE,
                 ssl_version=PROTOCOL_TLS, ca_certs=None,
                 do_handshake_on_connect=True, family=AF_INET,
                 sock_type=SOCK_STREAM, proto=0, fileno=None,
                 suppress_ragged_eofs=True, ciphers=None,
                 _context=None):

        # set options
        self.do_handshake_on_connect = do_handshake_on_connect
        self.suppress_ragged_eofs = suppress_ragged_eofs
        self.server_side = server_side

        # set context
        if _context:
            self._context = _context
        else:
            if server_side and not certfile:
                raise ValueError("certfile must be specified for server-side "
                                 "operations")

            if keyfile and not certfile:
                raise ValueError("certfile must be specified")

            if certfile and not keyfile:
                keyfile = certfile

            self._context = SSLContext(ssl_version, server_side)
            self._context.verify_mode = cert_reqs
            if ca_certs:
                self._context.load_verify_locations(ca_certs)
            if certfile:
                self._context.load_cert_chain(certfile, keyfile)
            if ciphers:
                self._context.set_ciphers(ciphers)

            self.keyfile = keyfile
            self.certfile = certfile
            self.cert_reqs = cert_reqs
            self.ssl_version = ssl_version
            self.ca_certs = ca_certs
            self.ciphers = ciphers

        # preparing socket
        if sock is not None:
            # Can't use sock.type as other flags (such as SOCK_NONBLOCK) get
            # mixed in.
            if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM:
                raise NotImplementedError("only stream sockets are supported")

            if _PY3:
                socket.__init__(self,
                                family=sock.family,
                                type=sock.type,
                                proto=sock.proto,
                                fileno=sock.fileno())
            else:
                socket.__init__(self, _sock=sock._sock)

            self.settimeout(sock.gettimeout())

            if _PY3:
                sock.detach()

        elif fileno is not None:
            socket.__init__(self, fileno=fileno)

        else:
            socket.__init__(self, family=family, type=sock_type,
                            proto=proto)

        # see if we are connected
        try:
            self.getpeername()
        except socket_error as exception:
            if exception.errno != errno.ENOTCONN:
                raise
            connected = False
        else:
            connected = True

        self._closed = False
        self._connected = connected

        # create the SSL object
        self.native_object = _lib.wolfSSL_new(self.context.native_object)
        if self.native_object == _ffi.NULL:
            raise MemoryError("Unnable to allocate ssl object")

        ret = _lib.wolfSSL_set_fd(self.native_object, self.fileno())
        if ret != _SSL_SUCCESS:
            self._release_native_object()
            raise ValueError("Unnable to set fd to ssl object")

        if connected:
            try:
                if do_handshake_on_connect:
                    self.do_handshake()
            except:
                self._release_native_object()
                self.close()
                raise
Example #2
0
    def __init__(self, sock=None, keyfile=None, certfile=None,
                 server_side=False, cert_reqs=CERT_NONE,
                 ssl_version=PROTOCOL_TLS, ca_certs=None,
                 do_handshake_on_connect=True, family=AF_INET,
                 sock_type=SOCK_STREAM, proto=0, fileno=None,
                 suppress_ragged_eofs=True, ciphers=None,
                 _context=None):

        # set options
        self.do_handshake_on_connect = do_handshake_on_connect
        self.suppress_ragged_eofs = suppress_ragged_eofs
        self.server_side = server_side

        # set context
        if _context:
            self._context = _context
        else:
            if server_side and not certfile:
                raise ValueError("certfile must be specified for server-side "
                                 "operations")

            if keyfile and not certfile:
                raise ValueError("certfile must be specified")

            if certfile and not keyfile:
                keyfile = certfile

            self._context = SSLContext(ssl_version, server_side)
            self._context.verify_mode = cert_reqs
            if ca_certs:
                self._context.load_verify_locations(ca_certs)
            if certfile:
                self._context.load_cert_chain(certfile, keyfile)
            if ciphers:
                self._context.set_ciphers(ciphers)

            self.keyfile = keyfile
            self.certfile = certfile
            self.cert_reqs = cert_reqs
            self.ssl_version = ssl_version
            self.ca_certs = ca_certs
            self.ciphers = ciphers

        # preparing socket
        if sock is not None:
            # Can't use sock.type as other flags (such as SOCK_NONBLOCK) get
            # mixed in.
            if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM:
                raise NotImplementedError("only stream sockets are supported")

            if _PY3:
                socket.__init__(self,
                                family=sock.family,
                                type=sock.type,
                                proto=sock.proto,
                                fileno=sock.fileno())
            else:
                socket.__init__(self, _sock=sock._sock)

            self.settimeout(sock.gettimeout())

            if _PY3:
                sock.detach()

        elif fileno is not None:
            socket.__init__(self, fileno=fileno)

        else:
            socket.__init__(self, family=family, type=sock_type,
                            proto=proto)

        # see if we are connected
        try:
            self.getpeername()
        except socket_error as exception:
            if exception.errno != errno.ENOTCONN:
                raise
            connected = False
        else:
            connected = True

        self._closed = False
        self._connected = connected

        # create the SSL object
        self.native_object = _lib.wolfSSL_new(self.context.native_object)
        if self.native_object == _ffi.NULL:
            raise MemoryError("Unnable to allocate ssl object")

        ret = _lib.wolfSSL_set_fd(self.native_object, self.fileno())
        if ret != _SSL_SUCCESS:
            self._release_native_object()
            raise ValueError("Unnable to set fd to ssl object")

        if connected:
            try:
                if do_handshake_on_connect:
                    self.do_handshake()
            except:
                self._release_native_object()
                self.close()
                raise
Example #3
0
    def __init__(self,
                 sock=None,
                 keyfile=None,
                 certfile=None,
                 server_side=False,
                 cert_reqs=CERT_NONE,
                 ssl_version=PROTOCOL_TLS,
                 ca_certs=None,
                 do_handshake_on_connect=True,
                 family=AF_INET,
                 sock_type=SOCK_STREAM,
                 proto=0,
                 fileno=None,
                 suppress_ragged_eofs=True,
                 ciphers=None,
                 _context=None,
                 server_hostname=None):

        # set options
        self.do_handshake_on_connect = do_handshake_on_connect
        self.suppress_ragged_eofs = suppress_ragged_eofs
        self._server_side = server_side

        # save socket
        self._sock = sock

        # set context
        if _context:
            self._context = _context
        else:
            if server_side and not certfile:
                raise ValueError("certfile must be specified for server-side "
                                 "operations")

            if keyfile and not certfile:
                raise ValueError("certfile must be specified")

            if certfile and not keyfile:
                keyfile = certfile

            self._context = SSLContext(ssl_version, server_side)
            self._context.verify_mode = cert_reqs
            if ca_certs:
                self._context.load_verify_locations(ca_certs)
            if certfile:
                self._context.load_cert_chain(certfile, keyfile)
            if ciphers:
                self._context.set_ciphers(ciphers)

            self.keyfile = keyfile
            self.certfile = certfile
            self.cert_reqs = cert_reqs
            self.ssl_version = ssl_version
            self.ca_certs = ca_certs
            self.ciphers = ciphers
            self.server_hostname = server_hostname

        # set SNI if passed in
        if server_hostname is not None:
            self._context.use_sni(server_hostname)

        # see if we are connected
        try:
            self._sock.getpeername()
        except socket_error as exception:
            if exception.errno != errno.ENOTCONN:
                raise
            connected = False
        else:
            connected = True

        self._closed = False
        self._connected = connected

        # create the SSL object
        self.native_object = _lib.wolfSSL_new(self.context.native_object)
        if self.native_object == _ffi.NULL:
            raise MemoryError("Unnable to allocate ssl object")

        ret = _lib.wolfSSL_set_fd(self.native_object, self._sock.fileno())
        if ret != _SSL_SUCCESS:
            self._release_native_object()
            raise ValueError("Unnable to set fd to ssl object")

        # match domain name / host name if set in context
        if server_hostname is not None:
            if self._context.check_hostname:

                sni = _ffi.new("char[]", server_hostname.encode("utf-8"))
                _lib.wolfSSL_check_domain_name(self.native_object, sni)

        if connected:
            try:
                if do_handshake_on_connect:
                    self.do_handshake()
            except SSLError:
                self._release_native_object()
                self._sock.close()
                raise