mirror of
				https://github.com/python/cpython.git
				synced 2025-10-25 15:58:57 +00:00 
			
		
		
		
	 666991fc59
			
		
	
	
		666991fc59
		
			
		
	
	
	
	
		
			
			The internal `_ssl._SSLSocket` object now provides methods to retrieve the peer cert chain and verified cert chain as a list of Certificate objects. Certificate objects have methods to convert the cert to a dict, PEM, or DER (ASN.1). These are private APIs for now. There is a slim chance to stabilize the approach and provide a public API for 3.10. Otherwise I'll provide a stable API in 3.11. Signed-off-by: Christian Heimes <christian@python.org>
		
			
				
	
	
		
			74 lines
		
	
	
	
		
			2.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			74 lines
		
	
	
	
		
			2.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| #ifndef Py_SSL_H
 | |
| #define Py_SSL_H
 | |
| 
 | |
| /* OpenSSL header files */
 | |
| #include "openssl/evp.h"
 | |
| #include "openssl/x509.h"
 | |
| 
 | |
| /*
 | |
|  * ssl module state
 | |
|  */
 | |
| typedef struct {
 | |
|     /* Types */
 | |
|     PyTypeObject *PySSLContext_Type;
 | |
|     PyTypeObject *PySSLSocket_Type;
 | |
|     PyTypeObject *PySSLMemoryBIO_Type;
 | |
|     PyTypeObject *PySSLSession_Type;
 | |
|     PyTypeObject *PySSLCertificate_Type;
 | |
|     /* SSL error object */
 | |
|     PyObject *PySSLErrorObject;
 | |
|     PyObject *PySSLCertVerificationErrorObject;
 | |
|     PyObject *PySSLZeroReturnErrorObject;
 | |
|     PyObject *PySSLWantReadErrorObject;
 | |
|     PyObject *PySSLWantWriteErrorObject;
 | |
|     PyObject *PySSLSyscallErrorObject;
 | |
|     PyObject *PySSLEOFErrorObject;
 | |
|     /* Error mappings */
 | |
|     PyObject *err_codes_to_names;
 | |
|     PyObject *err_names_to_codes;
 | |
|     PyObject *lib_codes_to_names;
 | |
|     /* socket type from module CAPI */
 | |
|     PyTypeObject *Sock_Type;
 | |
| } _sslmodulestate;
 | |
| 
 | |
| static struct PyModuleDef _sslmodule_def;
 | |
| 
 | |
| Py_LOCAL_INLINE(_sslmodulestate*)
 | |
| get_ssl_state(PyObject *module)
 | |
| {
 | |
|     void *state = PyModule_GetState(module);
 | |
|     assert(state != NULL);
 | |
|     return (_sslmodulestate *)state;
 | |
| }
 | |
| 
 | |
| #define get_state_type(type) \
 | |
|     (get_ssl_state(_PyType_GetModuleByDef(type, &_sslmodule_def)))
 | |
| #define get_state_ctx(c) (((PySSLContext *)(c))->state)
 | |
| #define get_state_sock(s) (((PySSLSocket *)(s))->ctx->state)
 | |
| #define get_state_obj(o) ((_sslmodulestate *)PyType_GetModuleState(Py_TYPE(o)))
 | |
| #define get_state_mbio(b) get_state_obj(b)
 | |
| #define get_state_cert(c) get_state_obj(c)
 | |
| 
 | |
| /* ************************************************************************
 | |
|  * certificate
 | |
|  */
 | |
| 
 | |
| enum py_ssl_encoding {
 | |
|     PY_SSL_ENCODING_PEM=X509_FILETYPE_PEM,
 | |
|     PY_SSL_ENCODING_DER=X509_FILETYPE_ASN1,
 | |
|     PY_SSL_ENCODING_PEM_AUX=X509_FILETYPE_PEM + 0x100,
 | |
| };
 | |
| 
 | |
| typedef struct {
 | |
|     PyObject_HEAD
 | |
|     X509 *cert;
 | |
|     Py_hash_t hash;
 | |
| } PySSLCertificate;
 | |
| 
 | |
| /* ************************************************************************
 | |
|  * helpers and utils
 | |
|  */
 | |
| static PyObject *_PySSL_BytesFromBIO(_sslmodulestate *state, BIO *bio);
 | |
| static PyObject *_PySSL_UnicodeFromBIO(_sslmodulestate *state, BIO *bio, const char *error);
 | |
| 
 | |
| #endif /* Py_SSL_H */
 |