def fill_sslerror(obj, errtype, ssl_errno, errstr, errcode):
reason_str = None
lib_str = None
if errcode != 0:
err_lib = lib.ERR_GET_LIB(errcode)
err_reason = lib.ERR_GET_REASON(errcode)
reason_str = ERR_CODES_TO_NAMES.get((err_lib, err_reason), None)
lib_str = LIB_CODES_TO_NAMES.get(err_lib, None)
# Set last part of msg to a lower-case version of reason_str
errstr = _str_from_buf(lib.ERR_reason_error_string(errcode))
msg = errstr
if not errstr:
msg = "unknown error"
# verify code for cert validation error
verify_str = None
if (obj and errtype is SSLCertVerificationError):
verify_code = lib.SSL_get_verify_result(obj.ssl)
if lib.Cryptography_HAS_102_VERIFICATION_ERROR_CODES:
if verify_code == lib.X509_V_ERR_HOSTNAME_MISMATCH:
verify_str = ("Host name mismatch, certificate is not "
f"valid for '{obj.server_hostname}'.")
elif verify_code == lib.X509_V_ERR_IP_ADDRESS_MISMATCH:
verify_str = ("IP address name mismatch, certificate is not "
f"valid for '{obj.server_hostname}'.")
if not verify_str:
verify_str = ffi.string(
lib.X509_verify_cert_error_string(verify_code)).decode()
if verify_str and reason_str and lib_str:
msg = f"[{lib_str}: {reason_str}] {errstr}: {verify_str}"
elif reason_str and lib_str:
msg = "[%s: %s] %s" % (lib_str, reason_str, errstr)
elif lib_str:
msg = "[%s] %s" % (lib_str, errstr)
err_value = errtype(ssl_errno, msg)
err_value.reason = reason_str if reason_str else None
err_value.library = lib_str if lib_str else None
if (obj and errtype is SSLCertVerificationError):
err_value.verify_code = verify_code
err_value.verify_message = verify_str
return err_value
def parseKeyUsage(pCertCtx, flags):
pSize = ffi.new("DWORD *")
if not lib.CertGetEnhancedKeyUsage(pCertCtx, flags, ffi.NULL, pSize):
error_with_message = ffi.getwinerror()
if error_with_message[0] == lib.CRYPT_E_NOT_FOUND:
return True
raise WindowsError(*error_with_message)
pUsageMem = ffi.new("char[]", pSize[0])
pUsage = ffi.cast("PCERT_ENHKEY_USAGE", pUsageMem)
if not lib.CertGetEnhancedKeyUsage(pCertCtx, flags, pUsage, pSize):
error_with_message = ffi.getwinerror()
if error_with_message[0] == lib.CRYPT_E_NOT_FOUND:
return True
raise WindowsError(*error_with_message)
retval = set()
for i in range(pUsage.cUsageIdentifier):
if pUsage.rgpszUsageIdentifier[i]:
oid = ffi.string(pUsage.rgpszUsageIdentifier[i]).decode('ascii')
retval.add(oid)
return retval
def _cstr_decode_fs(buf):
if buf == ffi.NULL:
return None
return ffi.string(buf).decode(sys.getfilesystemencoding())
def _str_from_buf(buf):
return ffi.string(buf)
def _str_from_buf(buf):
return ffi.string(buf).decode('utf-8')