mirror of
https://github.com/python/cpython.git
synced 2025-09-26 10:19:53 +00:00
Merged revisions 88664 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines Issue #11326: Add the missing connect_ex() implementation for SSL sockets, and make it work for non-blocking connects. ........
This commit is contained in:
Antoine Pitrou
parent
8059e1e214
commit
d3f6ea1d1e
3 changed files with 72 additions and 9 deletions
35
Lib/ssl.py
35
Lib/ssl.py
|
|
@ -110,9 +110,11 @@ class SSLSocket(socket):
|
||||||
if e.errno != errno.ENOTCONN:
|
if e.errno != errno.ENOTCONN:
|
||||||
raise
|
raise
|
||||||
# no, no connection yet
|
# no, no connection yet
|
||||||
|
self._connected = False
|
||||||
self._sslobj = None
|
self._sslobj = None
|
||||||
else:
|
else:
|
||||||
# yes, create the SSL object
|
# yes, create the SSL object
|
||||||
|
self._connected = True
|
||||||
self._sslobj = _ssl.sslwrap(self._sock, server_side,
|
self._sslobj = _ssl.sslwrap(self._sock, server_side,
|
||||||
keyfile, certfile,
|
keyfile, certfile,
|
||||||
cert_reqs, ssl_version, ca_certs,
|
cert_reqs, ssl_version, ca_certs,
|
||||||
|
|
@ -282,21 +284,36 @@ class SSLSocket(socket):
|
||||||
|
|
||||||
self._sslobj.do_handshake()
|
self._sslobj.do_handshake()
|
||||||
|
|
||||||
def connect(self, addr):
|
def _real_connect(self, addr, return_errno):
|
||||||
|
|
||||||
"""Connects to remote ADDR, and then wraps the connection in
|
|
||||||
an SSL channel."""
|
|
||||||
|
|
||||||
# Here we assume that the socket is client-side, and not
|
# Here we assume that the socket is client-side, and not
|
||||||
# connected at the time of the call. We connect it, then wrap it.
|
# connected at the time of the call. We connect it, then wrap it.
|
||||||
if self._sslobj:
|
if self._connected:
|
||||||
raise ValueError("attempt to connect already-connected SSLSocket!")
|
raise ValueError("attempt to connect already-connected SSLSocket!")
|
||||||
socket.connect(self, addr)
|
|
||||||
self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile,
|
self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile,
|
||||||
self.cert_reqs, self.ssl_version,
|
self.cert_reqs, self.ssl_version,
|
||||||
self.ca_certs, self.ciphers)
|
self.ca_certs, self.ciphers)
|
||||||
if self.do_handshake_on_connect:
|
try:
|
||||||
self.do_handshake()
|
socket.connect(self, addr)
|
||||||
|
if self.do_handshake_on_connect:
|
||||||
|
self.do_handshake()
|
||||||
|
except socket_error as e:
|
||||||
|
if return_errno:
|
||||||
|
return e.errno
|
||||||
|
else:
|
||||||
|
self._sslobj = None
|
||||||
|
raise e
|
||||||
|
self._connected = True
|
||||||
|
return 0
|
||||||
|
|
||||||
|
def connect(self, addr):
|
||||||
|
"""Connects to remote ADDR, and then wraps the connection in
|
||||||
|
an SSL channel."""
|
||||||
|
self._real_connect(addr, False)
|
||||||
|
|
||||||
|
def connect_ex(self, addr):
|
||||||
|
"""Connects to remote ADDR, and then wraps the connection in
|
||||||
|
an SSL channel."""
|
||||||
|
return self._real_connect(addr, True)
|
||||||
|
|
||||||
def accept(self):
|
def accept(self):
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -225,6 +225,49 @@ class NetworkedTests(unittest.TestCase):
|
||||||
finally:
|
finally:
|
||||||
s.close()
|
s.close()
|
||||||
|
|
||||||
|
def test_connect_ex(self):
|
||||||
|
# Issue #11326: check connect_ex() implementation
|
||||||
|
with test_support.transient_internet("svn.python.org"):
|
||||||
|
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
|
cert_reqs=ssl.CERT_REQUIRED,
|
||||||
|
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
|
||||||
|
try:
|
||||||
|
self.assertEqual(0, s.connect_ex(("svn.python.org", 443)))
|
||||||
|
self.assertTrue(s.getpeercert())
|
||||||
|
finally:
|
||||||
|
s.close()
|
||||||
|
|
||||||
|
def test_non_blocking_connect_ex(self):
|
||||||
|
# Issue #11326: non-blocking connect_ex() should allow handshake
|
||||||
|
# to proceed after the socket gets ready.
|
||||||
|
with test_support.transient_internet("svn.python.org"):
|
||||||
|
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
|
cert_reqs=ssl.CERT_REQUIRED,
|
||||||
|
ca_certs=SVN_PYTHON_ORG_ROOT_CERT,
|
||||||
|
do_handshake_on_connect=False)
|
||||||
|
try:
|
||||||
|
s.setblocking(False)
|
||||||
|
rc = s.connect_ex(('svn.python.org', 443))
|
||||||
|
self.assertIn(rc, (0, errno.EINPROGRESS))
|
||||||
|
# Wait for connect to finish
|
||||||
|
select.select([], [s], [], 5.0)
|
||||||
|
# Non-blocking handshake
|
||||||
|
while True:
|
||||||
|
try:
|
||||||
|
s.do_handshake()
|
||||||
|
break
|
||||||
|
except ssl.SSLError as err:
|
||||||
|
if err.args[0] == ssl.SSL_ERROR_WANT_READ:
|
||||||
|
select.select([s], [], [], 5.0)
|
||||||
|
elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
|
||||||
|
select.select([], [s], [], 5.0)
|
||||||
|
else:
|
||||||
|
raise
|
||||||
|
# SSL established
|
||||||
|
self.assertTrue(s.getpeercert())
|
||||||
|
finally:
|
||||||
|
s.close()
|
||||||
|
|
||||||
@unittest.skipIf(os.name == "nt", "Can't use a socket as a file under Windows")
|
@unittest.skipIf(os.name == "nt", "Can't use a socket as a file under Windows")
|
||||||
def test_makefile_close(self):
|
def test_makefile_close(self):
|
||||||
# Issue #5238: creating a file-like object with makefile() shouldn't
|
# Issue #5238: creating a file-like object with makefile() shouldn't
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,9 @@ Core and Builtins
|
||||||
Library
|
Library
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
- Issue #11326: Add the missing connect_ex() implementation for SSL sockets,
|
||||||
|
and make it work for non-blocking connects.
|
||||||
|
|
||||||
- Issue #10956: Buffered I/O classes retry reading or writing after a signal
|
- Issue #10956: Buffered I/O classes retry reading or writing after a signal
|
||||||
has arrived and the handler returned successfully.
|
has arrived and the handler returned successfully.
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue