Commit Graph

182 Commits

Author SHA1 Message Date
Jeremy Hylton de80f2efb5 Expose three OpenSSL API calls for dealing with the PRNG.
Quoth the OpenSSL RAND_add man page:

    OpenSSL makes sure that the PRNG state is unique for each
    thread. On systems that provide /dev/urandom, the
    randomness device is used to seed the PRNG transparently.
    However, on all other systems, the application is
    responsible for seeding the PRNG by calling RAND_add(),
    RAND_egd(3) or RAND_load_file(3).

I decided to expose RAND_add() because it's general and RAND_egd()
because it's a useful special case.  RAND_load_file() didn't seem to
offer much over RAND_add(), so I skipped it.  Also supplied
RAND_status() which returns true if the PRNG is seeded and false if
not.
2001-10-18 00:28:50 +00:00
Guido van Rossum 17209fcf1f Fix a bunch of warnings reported by Skip.
To whoever who changed a bunch of (PyCFunction) casts to
(PyNoArgsFunction) in PyMethodDef initializers: don't do that.  The
cast is to shut the compiler up.  The compiler wants the function
pointer initializer to be a PyCFunction.
2001-10-15 21:12:54 +00:00
Martin v. Löwis 1c07b4b4fb Test for __sun instead of __sun__, since SUNWspro only defines the latter;
gcc defines both.
2001-10-13 09:00:42 +00:00
Guido van Rossum 716aac0448 PySocket_getaddrinfo(): fix two refcount bugs, both having to do with
a misunderstanding of the refcont behavior of the 'O' format code in
PyArg_ParseTuple() and Py_BuildValue(), respectively.

- pobj is only a borrowed reference, so should *not* be DECREF'ed at
  the end.  This was the cause of SF bug #470635.

- The Py_BuildValue() call would leak the object produced by
  makesockaddr().  (I found this by eyeballing the code.)
2001-10-12 18:59:27 +00:00
Jeremy Hylton e2adc6c205 Use PySocket_Err() instead of PyErr_SetFromErrno().
The former does the right thing on Windows, the latter does not.
2001-10-11 17:27:58 +00:00
Jeremy Hylton ba69936037 Commit parts of SF patch #462759
Use #define X509_NAME_MAXLEN for server/issuer length on an SSL
object.

Update doc strings for socket.ssl() and ssl methods read() and
write().

PySSL_SSLwrite(): Check return value and raise exception on error.
Use int for len instead of size_t.  (All the function the size_t obj
was passed to our from expected an int!)

PySSL_SSLread(): Check return value of PyArg_ParseTuple()!  More
robust checks of return values from SSL_read().
2001-10-11 17:23:34 +00:00
Jeremy Hylton ae0013d3aa Convert socket methods to use METH_O and METH_NOARGS where possible. 2001-10-11 16:36:35 +00:00
Jeremy Hylton 57ca873c77 Add a bunch of SSL error constants 2001-10-11 00:00:17 +00:00
Jeremy Hylton 5b6ce5a2b5 Lots of code reorganization with a few small API changes.
Change all the local names that start with SSL to start with PySSL.
The OpenSSL library defines lots of calls that start with "SSL_".  The
calls for Python's SSL objects also started with "SSL_".  This choice
made it really confusing to figure out which calls were to the library
and which calls were local to the file.

Add PySSL_SetError() that sets an exception based on the information
from SSL_get_error().  This function will eventually replace all the
calls that set it with an error message that is based on the name of
the call that failed rather than the reason it failed.  (Example: If
SSL_connect() failed it used to report "SSL_connect error" now it will
offer a specific message about why SSL_connect failed.)

    XXX It might be helpful to augment the error message generated
    below with the name of the SSL function that generated the error.
    I expect it's obvious most of the time.

Remove several unnecessary INCREFs in the module's constructor call.
PyDict_SetItem() and friends do the INCREF for you.
2001-10-10 23:55:43 +00:00
Jeremy Hylton 22738b9bc1 Do simple error checking before doing any SSL calls. 2001-10-10 22:37:48 +00:00
Jeremy Hylton b0b0bd6cc6 USe PyObject_SetString() instead of PyObject_SetObject() in newSSLObject(). 2001-10-10 22:33:32 +00:00
Jeremy Hylton ec4b545014 In newSSLObject(), initialize the various members of an SSLObject to NULL.
In SSL_dealloc(), free/dealloc them only if they're non-NULL.

Fixes some obvious core dumps, but not sure yet if there are more
semantics to the SSL calls that would affect the dealloc.
2001-10-10 03:37:05 +00:00
Jeremy Hylton ab0064574b A bit of reformatting to match the standard style 2001-10-10 03:33:24 +00:00
Jeremy Hylton f86d63e4f0 Fix two memory leaks in socket.ssl().
XXX [1] These changes aren't tested very thoroughly, because regrtest
doesn't do any SSL tests.  I've done some trivial tests on my own, but
don't really know how to use the key and cert files.  In one case, an
SSL-level error causes Python to dump core.  I'll get the fixed in the
next round of changes.

XXX [2] The checkin removes the x_attr member of the SSLObject struct.
I'm not sure if this is kosher for backwards compatibility at the
binary level.  Perhaps its safer to keep the member but keep it
assigned to NULL.

And the leaks?

newSSLObject() called PyDict_New(), stored the result in x_attr
without checking it, and later stored NULL in x_attr without doing
anything to the dict.  So the dict always leaks.  There is no further
reference to x_attr, so I just removed it completely.

The error cases in newSSLObject() passed the return value of
PyString_FromString() directly to PyErr_SetObject().
PyErr_SetObject() expects a borrowed reference, so the string leaked.
2001-10-10 03:19:39 +00:00
Tim Peters 79248aa1e4 SF bug [#456252] Python should never stomp on [u]intptr_t.
pyport.h:  typedef a new Py_intptr_t type.
    DELICATE ASSUMPTION:  That HAVE_UINTPTR_T implies intptr_t is
    available as well as uintptr_t.  If that turns out not to be
    true, things must get uglier (C99 wants both, so I think it's
    an assumption we're *likely* to get away with).
thread_nt.h, PyThread_start_new_thread:  MS _beginthread is documented
    as returning unsigned long; no idea why uintptr_t was being used.
Others:  Always use Py_[u]intptr_t, never [u]intptr_t directly.
2001-08-29 21:37:10 +00:00
Barry Warsaw cfb1675736 SSL_dealloc(): Apply the change suggested in SF bug #425370 which
changes the order of the free calls to be the reverse of the alloc
    calls.  Closes that bug.
2001-08-20 22:26:24 +00:00
Jeremy Hylton 1ba6bada67 It will always be a string, because it is created just before this call. 2001-08-20 19:06:36 +00:00
Martin v. Löwis f95dd0a298 Fix portability problems with glibc 2.0, as reported in #449157. 2001-08-15 17:14:33 +00:00
Martin v. Löwis f65b1a175f Bump size of sprintf buffer. Suggested by Alex Coventry. 2001-08-12 09:28:40 +00:00
Martin v. Löwis 1ba3fd5d51 Autotest for netpacket/packet.h, as it is not available on all Linux versions.
Depend AF_PACKET on HAVE_NETPACKET_PACKET_H. Fixes #449157
2001-08-10 20:29:40 +00:00
Martin v. Löwis bcf4b35871 Add more constants. Contributed by itojun. 2001-08-04 22:37:23 +00:00
Martin v. Löwis 864e9ffb14 Auto-detect hstrerror. Raise socket.herror in PyH_Error. Register the three
exception classes in the module dictionary.
2001-08-04 22:32:03 +00:00
Martin v. Löwis ae26dc23a9 Do not use the system getaddrinfo on Mac OS X. Fixes bug #445928.
Since getnameinfo is not implemented, remove __APPLE__ check here.
2001-08-03 10:02:29 +00:00
Marc-André Lemburg 03d1b1814b Enable PyOS_snprintf() et al. during alpha phase of 2.2.0 and
add another use case to the socketmodule.
2001-07-31 18:05:33 +00:00
Martin v. Löwis 0b8de98f08 Temporarily work around bug #445928: Force usage of getaddrinfo emulation
code on Darwin, since the C library version of that seems to be broken.
2001-07-30 16:52:55 +00:00
Thomas Wouters 7aeb6ef941 Use HAVE_SNPRINTF, not HAVE_SPRINTF, for checking the availability of
snprintf.
2001-07-24 11:03:34 +00:00
Martin v. Löwis 791bfda2b3 Autocheck for snprintf, and use sprintf if it is not available.
Remove declaration of h_errno, since it is supposedly declared in netdb.h.
Changes proposed by itojun.
2001-07-24 06:33:08 +00:00
Martin v. Löwis fe36fc91ed Before declaring h_errno, do not check for Win32 only. Instead, do check
whether h_errno is a macro.
2001-07-23 07:27:16 +00:00
Martin v. Löwis 9db2f571c3 Instead of accessing ss_family, cast sockaddr_storage to sockaddr and access sa_family. 2001-07-23 01:30:10 +00:00
Martin v. Löwis 2d8d4276c6 Patch #401196: IPv6 extensions to the socket module.
New functions getnameinfo, getaddrinfo. New exceptions socket.gaierror,
socket.herror. Various new constants, in particular AF_INET6 and error
codes and parameters for getaddrinfo.
AF_INET6 support in setipaddr, makesockaddr, getsockaddr, getsockaddrlen,
gethost_common, PySocket_gethostbyaddr.
2001-07-21 18:05:31 +00:00
Martin v. Löwis c925b1538a Silence warnings in MSVC++: hide unused variables, add constness back to
inet_pton/ntop, convert htons argument to u_short.
2001-07-21 09:42:15 +00:00
Fred Drake e5065290e7 Clean up some warnings from the SGI compiler.
This is part of SF patch #434992.
2001-07-19 21:16:41 +00:00
Martin v. Löwis d783041a14 Port getaddrinfo to MSVC++. 2001-07-19 17:37:46 +00:00
Martin v. Löwis 51777ce758 Remove const-ness in inet_pton declaration. 2001-06-25 06:38:03 +00:00
Martin v. Löwis a2ca1ae3ca Fix typos in inet_pton/inet_ntop. 2001-06-24 21:35:43 +00:00
Martin v. Löwis a45ecae474 Provide a definition for offsetof. 2001-06-24 21:28:42 +00:00
Martin v. Löwis b9ab159052 Emulate inet_{pton,ntop} on systems that don't provide it. 2001-06-24 21:18:26 +00:00
Tim Peters 7e82b9cc6b Pure brute-force hackery to allow Python to build on Windows again,
because I need to make progress and don't have time now to think about
whatever it is the new code is trying to accomplish.
2001-06-24 05:08:52 +00:00
Martin v. Löwis 01dfdb3d35 Patch #401196: Configuration machinery for IPv6.
Contributed by Jun-ichiro "itojun" Hagino. get{addr,name}info emulation
code taken from WIDE.
2001-06-23 16:30:13 +00:00
Fred Drake 564a6cc8ca Fix a minor style consistency issue.
When getting a string buffer for a string we just created, use
PyString_AS_STRING() instead of PyString_AsString() to avoid the
call overhead and extra type check.
2001-05-11 20:12:26 +00:00
Fred Drake fd16834ca7 Three uses of makesockaddr() used sockaddr buffers that had not be cleared;
this could cause invalid paths to be returned for AF_UNIX sockets on some
platforms (including FreeBSD 4.2-RELEASE), appearantly because there is
no assurance that the address will be nul-terminated when filled in by the
kernel.

PySocketSock_recvfrom():  Use PyString_AS_STRING() to get the data pointer
    of a string we create ourselves; there is no need for the extra type
    check from PyString_AsString().

This closes SF bug #416573.
2001-05-09 19:11:33 +00:00
Guido van Rossum 13324e1e1f Reverting Moshe's EGD patch *and* Martin's patch to make it work with
OpenSSL versions beore 0.9.5.  This just is too experimental to be
worth it, especially since the user would have to do some severe
hacking of the Modules/Setup file to even enable the EGD code, and
without the EGD code it would always spit out a warning on some
systems -- even when socket.ssl() is not used.  Fixing that properly
is not my job; the EGD patch is clearly not so important that it
should hold up the 2.1 release.
2001-04-16 00:21:33 +00:00
Guido van Rossum 058dae37a6 I am TENTATIVELY checking in Martin von Loewis's patch for the SSL
problem reported by Neil Schemenauer on python-dev on 4/12/01, wth
subject "Problem with SSL and socketmodule on Debian Potato?".

It's tentative because Moshe objected, but Martin rebutted, and Moshe
seems unavailable for comments.

(Note that with OpenSSL 0.9.6a, I get a lot of compilation warnings
for socketmodule.c -- I'm assuming I can safely ignore these until 2.1
is released.)
2001-04-13 17:54:04 +00:00
Moshe Zadka 8f4eab2345 Committing patch 405101 2001-03-18 17:11:56 +00:00
Guido van Rossum 48a680c097 RISCOS changes by dschwertberger. 2001-03-02 06:34:14 +00:00
Andrew M. Kuchling b38175ef3d Remove the optional integer argument to SSL_write; now it will always send
the entire string passed to it
2001-02-07 20:41:17 +00:00
Andrew M. Kuchling 8820a535c1 Patch #103636: Allow writing strings containing null bytes to an SSL socket 2001-02-06 22:58:05 +00:00
Jeremy Hylton dbfb66296c fix a couple last-minute bugs in the raw socket support 2001-02-02 19:55:17 +00:00
Jeremy Hylton 2230865043 SF patch 101137 from Grant Edwards
Adds support for raw packets (AF_PACKET) under Linux.  I haven't
tested this code thoroughly; it compiles and the basic calls all work
without crashing.  Not sure what to actually do with raw sockets though.

Not sure what other platforms this might be useful for.
2001-02-02 03:23:09 +00:00
Jeremy Hylton 42dd01add5 An ssl-wrapped socket now returns '' on EOF, just like a regular
socket -- as suggested by Clarence Gardner.

Fix httplib to comply with the new ssl-socket interface.
2001-02-01 23:35:20 +00:00