diff options
author | Martin v. Löwis <martin@v.loewis.de> | 2002-04-20 07:47:40 (GMT) |
---|---|---|
committer | Martin v. Löwis <martin@v.loewis.de> | 2002-04-20 07:47:40 (GMT) |
commit | 6af3e2dc315797e799a6ad0baedd393ff65ef1db (patch) | |
tree | 41bbaf629312ba815f1a827e5470842db08370c3 /Modules/_ssl.c | |
parent | 954aed8c8d93145347d10fd3ac6c2bc6634ef674 (diff) | |
download | cpython-6af3e2dc315797e799a6ad0baedd393ff65ef1db.zip cpython-6af3e2dc315797e799a6ad0baedd393ff65ef1db.tar.gz cpython-6af3e2dc315797e799a6ad0baedd393ff65ef1db.tar.bz2 |
Forward port of patch # 500311: Work around for buggy https servers.
Fixes #494762.
Diffstat (limited to 'Modules/_ssl.c')
-rw-r--r-- | Modules/_ssl.c | 96 |
1 files changed, 72 insertions, 24 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 17ca3b0..f5ab2b6 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -8,6 +8,20 @@ */ #include "Python.h" +enum py_ssl_error { + /* these mirror ssl.h */ + PY_SSL_ERROR_NONE, + PY_SSL_ERROR_SSL, + PY_SSL_ERROR_WANT_READ, + PY_SSL_ERROR_WANT_WRITE, + PY_SSL_ERROR_WANT_X509_LOOKUP, + PY_SSL_ERROR_SYSCALL, /* look at error stack/return value/errno */ + PY_SSL_ERROR_ZERO_RETURN, + PY_SSL_ERROR_WANT_CONNECT, + /* start of non ssl.h errorcodes */ + PY_SSL_ERROR_EOF, /* special case of SSL_ERROR_SYSCALL */ + PY_SSL_ERROR_INVALID_ERROR_CODE +}; /* Include symbols from _socket module */ #include "socketmodule.h" @@ -64,53 +78,79 @@ PySSL_SetError(PySSLObject *obj, int ret) PyObject *v, *n, *s; char *errstr; int err; + enum py_ssl_error p; assert(ret <= 0); err = SSL_get_error(obj->ssl, ret); - n = PyInt_FromLong(err); - if (n == NULL) - return NULL; - v = PyTuple_New(2); - if (v == NULL) { - Py_DECREF(n); - return NULL; - } - switch (SSL_get_error(obj->ssl, ret)) { + switch (err) { case SSL_ERROR_ZERO_RETURN: errstr = "TLS/SSL connection has been closed"; + p=PY_SSL_ERROR_ZERO_RETURN; break; case SSL_ERROR_WANT_READ: errstr = "The operation did not complete (read)"; + p=PY_SSL_ERROR_WANT_READ; break; case SSL_ERROR_WANT_WRITE: + p=PY_SSL_ERROR_WANT_WRITE; errstr = "The operation did not complete (write)"; break; case SSL_ERROR_WANT_X509_LOOKUP: + p=PY_SSL_ERROR_WANT_X509_LOOKUP; errstr = "The operation did not complete (X509 lookup)"; break; + case SSL_ERROR_WANT_CONNECT: + p=PY_SSL_ERROR_WANT_CONNECT; + errstr = "The operation did not complete (connect)"; + break; case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: { unsigned long e = ERR_get_error(); - if (e == 0) { - /* an EOF was observed that violates the protocol */ - errstr = "EOF occurred in violation of protocol"; - } else if (e == -1) { - /* the underlying BIO reported an I/O error */ - Py_DECREF(v); - Py_DECREF(n); - return obj->Socket->errorhandler(); + if(e==0){ + if(ret==0){ + p=PY_SSL_ERROR_EOF; + errstr = "EOF occurred in violation of protocol"; + }else if(ret==-1){ + /* the underlying BIO reported an I/O error */ + return obj->Socket->errorhandler(); + }else{ /* possible? */ + p=PY_SSL_ERROR_SYSCALL; + errstr = "Some I/O error occurred"; + } } else { + p=PY_SSL_ERROR_SYSCALL; + /* XXX Protected by global interpreter lock */ + errstr = ERR_error_string(e, NULL); + } + break; + } + case SSL_ERROR_SSL: + { + unsigned long e = ERR_get_error(); + p=PY_SSL_ERROR_SSL; + if (e !=0) { /* XXX Protected by global interpreter lock */ errstr = ERR_error_string(e, NULL); + } else { /* possible? */ + errstr="A failure in the SSL library occurred"; } break; } default: + p=PY_SSL_ERROR_INVALID_ERROR_CODE; errstr = "Invalid error code"; } + n = PyInt_FromLong((long) p); + if (n == NULL) + return NULL; + v = PyTuple_New(2); + if (v == NULL) { + Py_DECREF(n); + return NULL; + } + s = PyString_FromString(errstr); if (s == NULL) { Py_DECREF(v); @@ -447,15 +487,23 @@ init_ssl(void) (PyObject *)&PySSL_Type) != 0) return; PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN", - SSL_ERROR_ZERO_RETURN); + PY_SSL_ERROR_ZERO_RETURN); PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ", - SSL_ERROR_WANT_READ); + PY_SSL_ERROR_WANT_READ); PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE", - SSL_ERROR_WANT_WRITE); + PY_SSL_ERROR_WANT_WRITE); PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP", - SSL_ERROR_WANT_X509_LOOKUP); + PY_SSL_ERROR_WANT_X509_LOOKUP); PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL", - SSL_ERROR_SYSCALL); + PY_SSL_ERROR_SYSCALL); PyModule_AddIntConstant(m, "SSL_ERROR_SSL", - SSL_ERROR_SSL); + PY_SSL_ERROR_SSL); + PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT", + PY_SSL_ERROR_WANT_CONNECT); + /* non ssl.h errorcodes */ + PyModule_AddIntConstant(m, "SSL_ERROR_EOF", + PY_SSL_ERROR_EOF); + PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE", + PY_SSL_ERROR_INVALID_ERROR_CODE); + } |