示例#1
0
def fill_sslerror(obj, errtype, ssl_errno, errstr, errcode):
    reason_str = None
    lib_str = None
    if errcode != 0:
        err_lib = lib.ERR_GET_LIB(errcode)
        err_reason = lib.ERR_GET_REASON(errcode)
        reason_str = ERR_CODES_TO_NAMES.get((err_lib, err_reason), None)
        lib_str = LIB_CODES_TO_NAMES.get(err_lib, None)
        # Set last part of msg to a lower-case version of reason_str
        errstr = _str_from_buf(lib.ERR_reason_error_string(errcode))
    msg = errstr
    if not errstr:
        msg = "unknown error"
    # verify code for cert validation error
    verify_str = None
    if (obj and errtype is SSLCertVerificationError):
        verify_code = lib.SSL_get_verify_result(obj.ssl)
        if lib.Cryptography_HAS_102_VERIFICATION_ERROR_CODES:
            if verify_code == lib.X509_V_ERR_HOSTNAME_MISMATCH:
                verify_str = ("Host name mismatch, certificate is not "
                              f"valid for '{obj.server_hostname}'.")
            elif verify_code == lib.X509_V_ERR_IP_ADDRESS_MISMATCH:
                verify_str = ("IP address name mismatch, certificate is not "
                              f"valid for '{obj.server_hostname}'.")
        if not verify_str:
            verify_str = ffi.string(
                lib.X509_verify_cert_error_string(verify_code)).decode()
    if verify_str and reason_str and lib_str:
        msg = f"[{lib_str}: {reason_str}] {errstr}: {verify_str}"
    elif reason_str and lib_str:
        msg = "[%s: %s] %s" % (lib_str, reason_str, errstr)
    elif lib_str:
        msg = "[%s] %s" % (lib_str, errstr)

    err_value = errtype(ssl_errno, msg)
    err_value.reason = reason_str if reason_str else None
    err_value.library = lib_str if lib_str else None
    if (obj and errtype is SSLCertVerificationError):
        err_value.verify_code = verify_code
        err_value.verify_message = verify_str
    return err_value
示例#2
0
def parseKeyUsage(pCertCtx, flags):
    pSize = ffi.new("DWORD *")
    if not lib.CertGetEnhancedKeyUsage(pCertCtx, flags, ffi.NULL, pSize):
        error_with_message = ffi.getwinerror()
        if error_with_message[0] == lib.CRYPT_E_NOT_FOUND:
            return True
        raise WindowsError(*error_with_message)

    pUsageMem = ffi.new("char[]", pSize[0])
    pUsage = ffi.cast("PCERT_ENHKEY_USAGE", pUsageMem)
    if not lib.CertGetEnhancedKeyUsage(pCertCtx, flags, pUsage, pSize):
        error_with_message = ffi.getwinerror()
        if error_with_message[0] == lib.CRYPT_E_NOT_FOUND:
            return True
        raise WindowsError(*error_with_message)

    retval = set()
    for i in range(pUsage.cUsageIdentifier):
        if pUsage.rgpszUsageIdentifier[i]:
            oid = ffi.string(pUsage.rgpszUsageIdentifier[i]).decode('ascii')
            retval.add(oid)
    return retval
示例#3
0
def _cstr_decode_fs(buf):
    if buf == ffi.NULL:
        return None
    return ffi.string(buf).decode(sys.getfilesystemencoding())
示例#4
0
def _str_from_buf(buf):
    return ffi.string(buf)
示例#5
0
def _str_from_buf(buf):
    return ffi.string(buf).decode('utf-8')