def pyssl_error(obj, ret):
errcode = lib.ERR_peek_last_error()
errstr = ""
errval = 0
errtype = SSLError
e = lib.ERR_peek_last_error()
if obj.ssl != ffi.NULL:
err = lib.SSL_get_error(obj.ssl, ret)
if err == SSL_ERROR_ZERO_RETURN:
errtype = SSLZeroReturnError
errstr = "TLS/SSL connection has been closed"
errval = SSL_ERROR_ZERO_RETURN
elif err == SSL_ERROR_WANT_READ:
errtype = SSLWantReadError
errstr = "The operation did not complete (read)"
errval = SSL_ERROR_WANT_READ
elif err == SSL_ERROR_WANT_WRITE:
errtype = SSLWantWriteError
errstr = "The operation did not complete (write)"
errval = SSL_ERROR_WANT_WRITE
elif err == SSL_ERROR_WANT_X509_LOOKUP:
errstr = "The operation did not complete (X509 lookup)"
errval = SSL_ERROR_WANT_X509_LOOKUP
elif err == SSL_ERROR_WANT_CONNECT:
errstr = "The operation did not complete (connect)"
errval = SSL_ERROR_WANT_CONNECT
elif err == SSL_ERROR_SYSCALL:
if e == 0:
if ret == 0 or obj.socket is not None:
errtype = SSLEOFError
errstr = "EOF occurred in violation of protocol"
errval = SSL_ERROR_EOF
elif ret == -1 and obj.socket is not None:
# the underlying BIO reported an I/0 error
lib.ERR_clear_error()
s = obj.get_socket_or_None()
s.errorhandler()
assert 0, "must not get here"
#errno = ffi.errno
#return IOError(errno)
else:
errtype = SSLSyscallError
errstr = "Some I/O error occurred"
errval = SSL_ERROR_SYSCALL
else:
errstr = _str_from_buf(lib.ERR_error_string(e, ffi.NULL))
errval = SSL_ERROR_SYSCALL
elif err == SSL_ERROR_SSL:
errval = SSL_ERROR_SSL
if errcode != 0:
errstr = _str_from_buf(lib.ERR_error_string(errcode, ffi.NULL))
else:
errstr = "A failure in the SSL library occurred"
else:
errstr = "Invalid error code"
errval = SSL_ERROR_INVALID_ERROR_CODE
return fill_sslerror(errtype, errval, errstr, e)
def ssl_error(errstr, errcode=0):
if errstr is None:
errcode = lib.ERR_peek_last_error()
try:
return fill_sslerror(SSLError, errcode, errstr, errcode)
finally:
lib.ERR_clear_error()
def pyssl_error(obj, ret):
errcode = lib.ERR_peek_last_error()
errstr = ""
errval = 0
errtype = SSLError
e = lib.ERR_peek_last_error()
if obj.ssl != ffi.NULL:
err = obj.err
if err.ssl == SSL_ERROR_ZERO_RETURN:
errtype = SSLZeroReturnError
errstr = "TLS/SSL connection has been closed (EOF)"
errval = SSL_ERROR_ZERO_RETURN
elif err.ssl == SSL_ERROR_WANT_READ:
errtype = SSLWantReadError
errstr = "The operation did not complete (read)"
errval = SSL_ERROR_WANT_READ
elif err.ssl == SSL_ERROR_WANT_WRITE:
errtype = SSLWantWriteError
errstr = "The operation did not complete (write)"
errval = SSL_ERROR_WANT_WRITE
elif err.ssl == SSL_ERROR_WANT_X509_LOOKUP:
errstr = "The operation did not complete (X509 lookup)"
errval = SSL_ERROR_WANT_X509_LOOKUP
elif err.ssl == SSL_ERROR_WANT_CONNECT:
errstr = "The operation did not complete (connect)"
errval = SSL_ERROR_WANT_CONNECT
elif err.ssl == SSL_ERROR_SYSCALL:
if e == 0:
if ret == 0 or obj.socket is None:
errtype = SSLEOFError
errstr = "EOF occurred in violation of protocol"
errval = SSL_ERROR_EOF
elif ret == -1 and obj.socket is not None:
# the underlying BIO reported an I/0 error
lib.ERR_clear_error()
# s = obj.get_socket_or_None()
if sys.platform == 'win32':
if err.ws:
return OSError(err.ws)
if err.c:
ffi.errno = err.c
errno = ffi.errno
return OSError(errno, os.strerror(errno))
else:
errtype = SSLSyscallError
errstr = "Some I/O error occurred"
errval = SSL_ERROR_SYSCALL
else:
errstr = _str_from_buf(lib.ERR_lib_error_string(e))
errval = SSL_ERROR_SYSCALL
elif err.ssl == SSL_ERROR_SSL:
errval = SSL_ERROR_SSL
if e == 0:
errstr = "A failure in the SSL library occurred"
else:
errstr = _str_from_buf(lib.ERR_lib_error_string(errcode))
err_lib = lib.ERR_GET_LIB(e)
err_reason = lib.ERR_GET_REASON(e)
reason_str = ERR_CODES_TO_NAMES.get((err_lib, err_reason), None)
if (lib.ERR_GET_LIB(e) == lib.ERR_LIB_SSL
and reason_str == 'CERTIFICATE_VERIFY_FAILED'):
errtype = SSLCertVerificationError
else:
errstr = "Invalid error code"
errval = SSL_ERROR_INVALID_ERROR_CODE
return fill_sslerror(obj, errtype, errval, errstr, e)
