summaryrefslogtreecommitdiffstats
path: root/Modules/_ssl.c
diff options
context:
space:
mode:
authorMartin v. Löwis <martin@v.loewis.de>2002-04-20 07:47:40 (GMT)
committerMartin v. Löwis <martin@v.loewis.de>2002-04-20 07:47:40 (GMT)
commit6af3e2dc315797e799a6ad0baedd393ff65ef1db (patch)
tree41bbaf629312ba815f1a827e5470842db08370c3 /Modules/_ssl.c
parent954aed8c8d93145347d10fd3ac6c2bc6634ef674 (diff)
downloadcpython-6af3e2dc315797e799a6ad0baedd393ff65ef1db.zip
cpython-6af3e2dc315797e799a6ad0baedd393ff65ef1db.tar.gz
cpython-6af3e2dc315797e799a6ad0baedd393ff65ef1db.tar.bz2
Forward port of patch # 500311: Work around for buggy https servers.
Fixes #494762.
Diffstat (limited to 'Modules/_ssl.c')
-rw-r--r--Modules/_ssl.c96
1 files changed, 72 insertions, 24 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 17ca3b0..f5ab2b6 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -8,6 +8,20 @@
*/
#include "Python.h"
+enum py_ssl_error {
+ /* these mirror ssl.h */
+ PY_SSL_ERROR_NONE,
+ PY_SSL_ERROR_SSL,
+ PY_SSL_ERROR_WANT_READ,
+ PY_SSL_ERROR_WANT_WRITE,
+ PY_SSL_ERROR_WANT_X509_LOOKUP,
+ PY_SSL_ERROR_SYSCALL, /* look at error stack/return value/errno */
+ PY_SSL_ERROR_ZERO_RETURN,
+ PY_SSL_ERROR_WANT_CONNECT,
+ /* start of non ssl.h errorcodes */
+ PY_SSL_ERROR_EOF, /* special case of SSL_ERROR_SYSCALL */
+ PY_SSL_ERROR_INVALID_ERROR_CODE
+};
/* Include symbols from _socket module */
#include "socketmodule.h"
@@ -64,53 +78,79 @@ PySSL_SetError(PySSLObject *obj, int ret)
PyObject *v, *n, *s;
char *errstr;
int err;
+ enum py_ssl_error p;
assert(ret <= 0);
err = SSL_get_error(obj->ssl, ret);
- n = PyInt_FromLong(err);
- if (n == NULL)
- return NULL;
- v = PyTuple_New(2);
- if (v == NULL) {
- Py_DECREF(n);
- return NULL;
- }
- switch (SSL_get_error(obj->ssl, ret)) {
+ switch (err) {
case SSL_ERROR_ZERO_RETURN:
errstr = "TLS/SSL connection has been closed";
+ p=PY_SSL_ERROR_ZERO_RETURN;
break;
case SSL_ERROR_WANT_READ:
errstr = "The operation did not complete (read)";
+ p=PY_SSL_ERROR_WANT_READ;
break;
case SSL_ERROR_WANT_WRITE:
+ p=PY_SSL_ERROR_WANT_WRITE;
errstr = "The operation did not complete (write)";
break;
case SSL_ERROR_WANT_X509_LOOKUP:
+ p=PY_SSL_ERROR_WANT_X509_LOOKUP;
errstr = "The operation did not complete (X509 lookup)";
break;
+ case SSL_ERROR_WANT_CONNECT:
+ p=PY_SSL_ERROR_WANT_CONNECT;
+ errstr = "The operation did not complete (connect)";
+ break;
case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
{
unsigned long e = ERR_get_error();
- if (e == 0) {
- /* an EOF was observed that violates the protocol */
- errstr = "EOF occurred in violation of protocol";
- } else if (e == -1) {
- /* the underlying BIO reported an I/O error */
- Py_DECREF(v);
- Py_DECREF(n);
- return obj->Socket->errorhandler();
+ if(e==0){
+ if(ret==0){
+ p=PY_SSL_ERROR_EOF;
+ errstr = "EOF occurred in violation of protocol";
+ }else if(ret==-1){
+ /* the underlying BIO reported an I/O error */
+ return obj->Socket->errorhandler();
+ }else{ /* possible? */
+ p=PY_SSL_ERROR_SYSCALL;
+ errstr = "Some I/O error occurred";
+ }
} else {
+ p=PY_SSL_ERROR_SYSCALL;
+ /* XXX Protected by global interpreter lock */
+ errstr = ERR_error_string(e, NULL);
+ }
+ break;
+ }
+ case SSL_ERROR_SSL:
+ {
+ unsigned long e = ERR_get_error();
+ p=PY_SSL_ERROR_SSL;
+ if (e !=0) {
/* XXX Protected by global interpreter lock */
errstr = ERR_error_string(e, NULL);
+ } else { /* possible? */
+ errstr="A failure in the SSL library occurred";
}
break;
}
default:
+ p=PY_SSL_ERROR_INVALID_ERROR_CODE;
errstr = "Invalid error code";
}
+ n = PyInt_FromLong((long) p);
+ if (n == NULL)
+ return NULL;
+ v = PyTuple_New(2);
+ if (v == NULL) {
+ Py_DECREF(n);
+ return NULL;
+ }
+
s = PyString_FromString(errstr);
if (s == NULL) {
Py_DECREF(v);
@@ -447,15 +487,23 @@ init_ssl(void)
(PyObject *)&PySSL_Type) != 0)
return;
PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
- SSL_ERROR_ZERO_RETURN);
+ PY_SSL_ERROR_ZERO_RETURN);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
- SSL_ERROR_WANT_READ);
+ PY_SSL_ERROR_WANT_READ);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE",
- SSL_ERROR_WANT_WRITE);
+ PY_SSL_ERROR_WANT_WRITE);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP",
- SSL_ERROR_WANT_X509_LOOKUP);
+ PY_SSL_ERROR_WANT_X509_LOOKUP);
PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL",
- SSL_ERROR_SYSCALL);
+ PY_SSL_ERROR_SYSCALL);
PyModule_AddIntConstant(m, "SSL_ERROR_SSL",
- SSL_ERROR_SSL);
+ PY_SSL_ERROR_SSL);
+ PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT",
+ PY_SSL_ERROR_WANT_CONNECT);
+ /* non ssl.h errorcodes */
+ PyModule_AddIntConstant(m, "SSL_ERROR_EOF",
+ PY_SSL_ERROR_EOF);
+ PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE",
+ PY_SSL_ERROR_INVALID_ERROR_CODE);
+
}