diff options
-rw-r--r-- | Misc/NEWS | 2 | ||||
-rw-r--r-- | Modules/_ssl_data.h | 297 | ||||
-rwxr-xr-x | Tools/ssl/make_ssl_data.py | 57 |
3 files changed, 336 insertions, 20 deletions
@@ -44,6 +44,8 @@ Core and Builtins Library ------- +- Issue #23248: Update ssl error codes from latest OpenSSL git master. + - Issue #23098: 64-bit dev_t is now supported in the os module. - Issue #23250: In the http.cookies module, capitalize "HttpOnly" and "Secure" diff --git a/Modules/_ssl_data.h b/Modules/_ssl_data.h index 81a8d7b..85165b9 100644 --- a/Modules/_ssl_data.h +++ b/Modules/_ssl_data.h @@ -1,5 +1,5 @@ /* File generated by Tools/ssl/make_ssl_data.py */ -/* Generated on 2012-05-16T23:56:40.981382 */ +/* Generated on 2015-01-17T20:33:43.377453 */ static struct py_ssl_library_code library_codes[] = { {"PEM", ERR_LIB_PEM}, @@ -179,6 +179,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"BAD_CHECKSUM", ERR_LIB_SSL, 104}, #endif + #ifdef SSL_R_BAD_DATA + {"BAD_DATA", ERR_LIB_SSL, SSL_R_BAD_DATA}, + #else + {"BAD_DATA", ERR_LIB_SSL, 390}, + #endif #ifdef SSL_R_BAD_DATA_RETURNED_BY_CALLBACK {"BAD_DATA_RETURNED_BY_CALLBACK", ERR_LIB_SSL, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK}, #else @@ -309,6 +314,46 @@ static struct py_ssl_error_code error_codes[] = { #else {"BAD_SIGNATURE", ERR_LIB_SSL, 123}, #endif + #ifdef SSL_R_BAD_SRP_A_LENGTH + {"BAD_SRP_A_LENGTH", ERR_LIB_SSL, SSL_R_BAD_SRP_A_LENGTH}, + #else + {"BAD_SRP_A_LENGTH", ERR_LIB_SSL, 347}, + #endif + #ifdef SSL_R_BAD_SRP_B_LENGTH + {"BAD_SRP_B_LENGTH", ERR_LIB_SSL, SSL_R_BAD_SRP_B_LENGTH}, + #else + {"BAD_SRP_B_LENGTH", ERR_LIB_SSL, 348}, + #endif + #ifdef SSL_R_BAD_SRP_G_LENGTH + {"BAD_SRP_G_LENGTH", ERR_LIB_SSL, SSL_R_BAD_SRP_G_LENGTH}, + #else + {"BAD_SRP_G_LENGTH", ERR_LIB_SSL, 349}, + #endif + #ifdef SSL_R_BAD_SRP_N_LENGTH + {"BAD_SRP_N_LENGTH", ERR_LIB_SSL, SSL_R_BAD_SRP_N_LENGTH}, + #else + {"BAD_SRP_N_LENGTH", ERR_LIB_SSL, 350}, + #endif + #ifdef SSL_R_BAD_SRP_PARAMETERS + {"BAD_SRP_PARAMETERS", ERR_LIB_SSL, SSL_R_BAD_SRP_PARAMETERS}, + #else + {"BAD_SRP_PARAMETERS", ERR_LIB_SSL, 371}, + #endif + #ifdef SSL_R_BAD_SRP_S_LENGTH + {"BAD_SRP_S_LENGTH", ERR_LIB_SSL, SSL_R_BAD_SRP_S_LENGTH}, + #else + {"BAD_SRP_S_LENGTH", ERR_LIB_SSL, 351}, + #endif + #ifdef SSL_R_BAD_SRTP_MKI_VALUE + {"BAD_SRTP_MKI_VALUE", ERR_LIB_SSL, SSL_R_BAD_SRTP_MKI_VALUE}, + #else + {"BAD_SRTP_MKI_VALUE", ERR_LIB_SSL, 352}, + #endif + #ifdef SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST + {"BAD_SRTP_PROTECTION_PROFILE_LIST", ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST}, + #else + {"BAD_SRTP_PROTECTION_PROFILE_LIST", ERR_LIB_SSL, 353}, + #endif #ifdef SSL_R_BAD_SSL_FILETYPE {"BAD_SSL_FILETYPE", ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE}, #else @@ -324,6 +369,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"BAD_STATE", ERR_LIB_SSL, 126}, #endif + #ifdef SSL_R_BAD_VALUE + {"BAD_VALUE", ERR_LIB_SSL, SSL_R_BAD_VALUE}, + #else + {"BAD_VALUE", ERR_LIB_SSL, 384}, + #endif #ifdef SSL_R_BAD_WRITE_RETRY {"BAD_WRITE_RETRY", ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY}, #else @@ -354,6 +404,16 @@ static struct py_ssl_error_code error_codes[] = { #else {"CA_DN_TOO_LONG", ERR_LIB_SSL, 132}, #endif + #ifdef SSL_R_CA_KEY_TOO_SMALL + {"CA_KEY_TOO_SMALL", ERR_LIB_SSL, SSL_R_CA_KEY_TOO_SMALL}, + #else + {"CA_KEY_TOO_SMALL", ERR_LIB_SSL, 397}, + #endif + #ifdef SSL_R_CA_MD_TOO_WEAK + {"CA_MD_TOO_WEAK", ERR_LIB_SSL, SSL_R_CA_MD_TOO_WEAK}, + #else + {"CA_MD_TOO_WEAK", ERR_LIB_SSL, 398}, + #endif #ifdef SSL_R_CCS_RECEIVED_EARLY {"CCS_RECEIVED_EARLY", ERR_LIB_SSL, SSL_R_CCS_RECEIVED_EARLY}, #else @@ -364,6 +424,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"CERTIFICATE_VERIFY_FAILED", ERR_LIB_SSL, 134}, #endif + #ifdef SSL_R_CERT_CB_ERROR + {"CERT_CB_ERROR", ERR_LIB_SSL, SSL_R_CERT_CB_ERROR}, + #else + {"CERT_CB_ERROR", ERR_LIB_SSL, 377}, + #endif #ifdef SSL_R_CERT_LENGTH_MISMATCH {"CERT_LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_CERT_LENGTH_MISMATCH}, #else @@ -454,6 +519,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"DECRYPTION_FAILED_OR_BAD_RECORD_MAC", ERR_LIB_SSL, 281}, #endif + #ifdef SSL_R_DH_KEY_TOO_SMALL + {"DH_KEY_TOO_SMALL", ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL}, + #else + {"DH_KEY_TOO_SMALL", ERR_LIB_SSL, 394}, + #endif #ifdef SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG {"DH_PUBLIC_VALUE_LENGTH_IS_WRONG", ERR_LIB_SSL, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG}, #else @@ -494,11 +564,26 @@ static struct py_ssl_error_code error_codes[] = { #else {"ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE", ERR_LIB_SSL, 323}, #endif + #ifdef SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE + {"ECDH_REQUIRED_FOR_SUITEB_MODE", ERR_LIB_SSL, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE}, + #else + {"ECDH_REQUIRED_FOR_SUITEB_MODE", ERR_LIB_SSL, 374}, + #endif #ifdef SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER {"ECGROUP_TOO_LARGE_FOR_CIPHER", ERR_LIB_SSL, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER}, #else {"ECGROUP_TOO_LARGE_FOR_CIPHER", ERR_LIB_SSL, 310}, #endif + #ifdef SSL_R_EE_KEY_TOO_SMALL + {"EE_KEY_TOO_SMALL", ERR_LIB_SSL, SSL_R_EE_KEY_TOO_SMALL}, + #else + {"EE_KEY_TOO_SMALL", ERR_LIB_SSL, 399}, + #endif + #ifdef SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST + {"EMPTY_SRTP_PROTECTION_PROFILE_LIST", ERR_LIB_SSL, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST}, + #else + {"EMPTY_SRTP_PROTECTION_PROFILE_LIST", ERR_LIB_SSL, 354}, + #endif #ifdef SSL_R_ENCRYPTED_LENGTH_TOO_LONG {"ENCRYPTED_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_ENCRYPTED_LENGTH_TOO_LONG}, #else @@ -529,6 +614,16 @@ static struct py_ssl_error_code error_codes[] = { #else {"GOT_A_FIN_BEFORE_A_CCS", ERR_LIB_SSL, 154}, #endif + #ifdef SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS + {"GOT_NEXT_PROTO_BEFORE_A_CCS", ERR_LIB_SSL, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS}, + #else + {"GOT_NEXT_PROTO_BEFORE_A_CCS", ERR_LIB_SSL, 355}, + #endif + #ifdef SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION + {"GOT_NEXT_PROTO_WITHOUT_EXTENSION", ERR_LIB_SSL, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION}, + #else + {"GOT_NEXT_PROTO_WITHOUT_EXTENSION", ERR_LIB_SSL, 356}, + #endif #ifdef SSL_R_HTTPS_PROXY_REQUEST {"HTTPS_PROXY_REQUEST", ERR_LIB_SSL, SSL_R_HTTPS_PROXY_REQUEST}, #else @@ -544,6 +639,16 @@ static struct py_ssl_error_code error_codes[] = { #else {"ILLEGAL_PADDING", ERR_LIB_SSL, 283}, #endif + #ifdef SSL_R_ILLEGAL_SUITEB_DIGEST + {"ILLEGAL_SUITEB_DIGEST", ERR_LIB_SSL, SSL_R_ILLEGAL_SUITEB_DIGEST}, + #else + {"ILLEGAL_SUITEB_DIGEST", ERR_LIB_SSL, 380}, + #endif + #ifdef SSL_R_INAPPROPRIATE_FALLBACK + {"INAPPROPRIATE_FALLBACK", ERR_LIB_SSL, SSL_R_INAPPROPRIATE_FALLBACK}, + #else + {"INAPPROPRIATE_FALLBACK", ERR_LIB_SSL, 373}, + #endif #ifdef SSL_R_INCONSISTENT_COMPRESSION {"INCONSISTENT_COMPRESSION", ERR_LIB_SSL, SSL_R_INCONSISTENT_COMPRESSION}, #else @@ -564,11 +669,26 @@ static struct py_ssl_error_code error_codes[] = { #else {"INVALID_COMPRESSION_ALGORITHM", ERR_LIB_SSL, 341}, #endif + #ifdef SSL_R_INVALID_NULL_CMD_NAME + {"INVALID_NULL_CMD_NAME", ERR_LIB_SSL, SSL_R_INVALID_NULL_CMD_NAME}, + #else + {"INVALID_NULL_CMD_NAME", ERR_LIB_SSL, 385}, + #endif #ifdef SSL_R_INVALID_PURPOSE {"INVALID_PURPOSE", ERR_LIB_SSL, SSL_R_INVALID_PURPOSE}, #else {"INVALID_PURPOSE", ERR_LIB_SSL, 278}, #endif + #ifdef SSL_R_INVALID_SERVERINFO_DATA + {"INVALID_SERVERINFO_DATA", ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA}, + #else + {"INVALID_SERVERINFO_DATA", ERR_LIB_SSL, 388}, + #endif + #ifdef SSL_R_INVALID_SRP_USERNAME + {"INVALID_SRP_USERNAME", ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME}, + #else + {"INVALID_SRP_USERNAME", ERR_LIB_SSL, 357}, + #endif #ifdef SSL_R_INVALID_STATUS_RESPONSE {"INVALID_STATUS_RESPONSE", ERR_LIB_SSL, SSL_R_INVALID_STATUS_RESPONSE}, #else @@ -689,6 +809,16 @@ static struct py_ssl_error_code error_codes[] = { #else {"MISSING_DSA_SIGNING_CERT", ERR_LIB_SSL, 165}, #endif + #ifdef SSL_R_MISSING_ECDH_CERT + {"MISSING_ECDH_CERT", ERR_LIB_SSL, SSL_R_MISSING_ECDH_CERT}, + #else + {"MISSING_ECDH_CERT", ERR_LIB_SSL, 382}, + #endif + #ifdef SSL_R_MISSING_ECDSA_SIGNING_CERT + {"MISSING_ECDSA_SIGNING_CERT", ERR_LIB_SSL, SSL_R_MISSING_ECDSA_SIGNING_CERT}, + #else + {"MISSING_ECDSA_SIGNING_CERT", ERR_LIB_SSL, 381}, + #endif #ifdef SSL_R_MISSING_EXPORT_TMP_DH_KEY {"MISSING_EXPORT_TMP_DH_KEY", ERR_LIB_SSL, SSL_R_MISSING_EXPORT_TMP_DH_KEY}, #else @@ -714,6 +844,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"MISSING_RSA_SIGNING_CERT", ERR_LIB_SSL, 170}, #endif + #ifdef SSL_R_MISSING_SRP_PARAM + {"MISSING_SRP_PARAM", ERR_LIB_SSL, SSL_R_MISSING_SRP_PARAM}, + #else + {"MISSING_SRP_PARAM", ERR_LIB_SSL, 358}, + #endif #ifdef SSL_R_MISSING_TMP_DH_KEY {"MISSING_TMP_DH_KEY", ERR_LIB_SSL, SSL_R_MISSING_TMP_DH_KEY}, #else @@ -739,6 +874,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"MISSING_VERIFY_MESSAGE", ERR_LIB_SSL, 174}, #endif + #ifdef SSL_R_MULTIPLE_SGC_RESTARTS + {"MULTIPLE_SGC_RESTARTS", ERR_LIB_SSL, SSL_R_MULTIPLE_SGC_RESTARTS}, + #else + {"MULTIPLE_SGC_RESTARTS", ERR_LIB_SSL, 346}, + #endif #ifdef SSL_R_NON_SSLV2_INITIAL_PACKET {"NON_SSLV2_INITIAL_PACKET", ERR_LIB_SSL, SSL_R_NON_SSLV2_INITIAL_PACKET}, #else @@ -819,6 +959,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"NO_METHOD_SPECIFIED", ERR_LIB_SSL, 188}, #endif + #ifdef SSL_R_NO_PEM_EXTENSIONS + {"NO_PEM_EXTENSIONS", ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS}, + #else + {"NO_PEM_EXTENSIONS", ERR_LIB_SSL, 389}, + #endif #ifdef SSL_R_NO_PRIVATEKEY {"NO_PRIVATEKEY", ERR_LIB_SSL, SSL_R_NO_PRIVATEKEY}, #else @@ -854,6 +999,16 @@ static struct py_ssl_error_code error_codes[] = { #else {"NO_SHARED_CIPHER", ERR_LIB_SSL, 193}, #endif + #ifdef SSL_R_NO_SHARED_SIGATURE_ALGORITHMS + {"NO_SHARED_SIGATURE_ALGORITHMS", ERR_LIB_SSL, SSL_R_NO_SHARED_SIGATURE_ALGORITHMS}, + #else + {"NO_SHARED_SIGATURE_ALGORITHMS", ERR_LIB_SSL, 376}, + #endif + #ifdef SSL_R_NO_SRTP_PROFILES + {"NO_SRTP_PROFILES", ERR_LIB_SSL, SSL_R_NO_SRTP_PROFILES}, + #else + {"NO_SRTP_PROFILES", ERR_LIB_SSL, 359}, + #endif #ifdef SSL_R_NO_VERIFY_CALLBACK {"NO_VERIFY_CALLBACK", ERR_LIB_SSL, SSL_R_NO_VERIFY_CALLBACK}, #else @@ -879,6 +1034,16 @@ static struct py_ssl_error_code error_codes[] = { #else {"OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED", ERR_LIB_SSL, 344}, #endif + #ifdef SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE + {"ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE", ERR_LIB_SSL, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE}, + #else + {"ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE", ERR_LIB_SSL, 387}, + #endif + #ifdef SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE + {"ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE", ERR_LIB_SSL, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE}, + #else + {"ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE", ERR_LIB_SSL, 379}, + #endif #ifdef SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE {"ONLY_TLS_ALLOWED_IN_FIPS_MODE", ERR_LIB_SSL, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE}, #else @@ -934,6 +1099,16 @@ static struct py_ssl_error_code error_codes[] = { #else {"PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE", ERR_LIB_SSL, 204}, #endif + #ifdef SSL_R_PEM_NAME_BAD_PREFIX + {"PEM_NAME_BAD_PREFIX", ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX}, + #else + {"PEM_NAME_BAD_PREFIX", ERR_LIB_SSL, 391}, + #endif + #ifdef SSL_R_PEM_NAME_TOO_SHORT + {"PEM_NAME_TOO_SHORT", ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT}, + #else + {"PEM_NAME_TOO_SHORT", ERR_LIB_SSL, 392}, + #endif #ifdef SSL_R_PRE_MAC_LENGTH_TOO_LONG {"PRE_MAC_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_PRE_MAC_LENGTH_TOO_LONG}, #else @@ -1069,11 +1244,36 @@ static struct py_ssl_error_code error_codes[] = { #else {"SHORT_READ", ERR_LIB_SSL, 219}, #endif + #ifdef SSL_R_SIGNATURE_ALGORITHMS_ERROR + {"SIGNATURE_ALGORITHMS_ERROR", ERR_LIB_SSL, SSL_R_SIGNATURE_ALGORITHMS_ERROR}, + #else + {"SIGNATURE_ALGORITHMS_ERROR", ERR_LIB_SSL, 360}, + #endif #ifdef SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE {"SIGNATURE_FOR_NON_SIGNING_CERTIFICATE", ERR_LIB_SSL, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE}, #else {"SIGNATURE_FOR_NON_SIGNING_CERTIFICATE", ERR_LIB_SSL, 220}, #endif + #ifdef SSL_R_SRP_A_CALC + {"SRP_A_CALC", ERR_LIB_SSL, SSL_R_SRP_A_CALC}, + #else + {"SRP_A_CALC", ERR_LIB_SSL, 361}, + #endif + #ifdef SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES + {"SRTP_COULD_NOT_ALLOCATE_PROFILES", ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES}, + #else + {"SRTP_COULD_NOT_ALLOCATE_PROFILES", ERR_LIB_SSL, 362}, + #endif + #ifdef SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG + {"SRTP_PROTECTION_PROFILE_LIST_TOO_LONG", ERR_LIB_SSL, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG}, + #else + {"SRTP_PROTECTION_PROFILE_LIST_TOO_LONG", ERR_LIB_SSL, 363}, + #endif + #ifdef SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE + {"SRTP_UNKNOWN_PROTECTION_PROFILE", ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE}, + #else + {"SRTP_UNKNOWN_PROTECTION_PROFILE", ERR_LIB_SSL, 364}, + #endif #ifdef SSL_R_SSL23_DOING_SESSION_ID_REUSE {"SSL23_DOING_SESSION_ID_REUSE", ERR_LIB_SSL, SSL_R_SSL23_DOING_SESSION_ID_REUSE}, #else @@ -1179,6 +1379,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"SSL_LIBRARY_HAS_NO_CIPHERS", ERR_LIB_SSL, 230}, #endif + #ifdef SSL_R_SSL_NEGATIVE_LENGTH + {"SSL_NEGATIVE_LENGTH", ERR_LIB_SSL, SSL_R_SSL_NEGATIVE_LENGTH}, + #else + {"SSL_NEGATIVE_LENGTH", ERR_LIB_SSL, 372}, + #endif #ifdef SSL_R_SSL_SESSION_ID_CALLBACK_FAILED {"SSL_SESSION_ID_CALLBACK_FAILED", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED}, #else @@ -1229,6 +1434,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"TLSV1_ALERT_EXPORT_RESTRICTION", ERR_LIB_SSL, 1060}, #endif + #ifdef SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK + {"TLSV1_ALERT_INAPPROPRIATE_FALLBACK", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK}, + #else + {"TLSV1_ALERT_INAPPROPRIATE_FALLBACK", ERR_LIB_SSL, 1086}, + #endif #ifdef SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY {"TLSV1_ALERT_INSUFFICIENT_SECURITY", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY}, #else @@ -1294,6 +1504,21 @@ static struct py_ssl_error_code error_codes[] = { #else {"TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER", ERR_LIB_SSL, 232}, #endif + #ifdef SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT + {"TLS_HEARTBEAT_PEER_DOESNT_ACCEPT", ERR_LIB_SSL, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT}, + #else + {"TLS_HEARTBEAT_PEER_DOESNT_ACCEPT", ERR_LIB_SSL, 365}, + #endif + #ifdef SSL_R_TLS_HEARTBEAT_PENDING + {"TLS_HEARTBEAT_PENDING", ERR_LIB_SSL, SSL_R_TLS_HEARTBEAT_PENDING}, + #else + {"TLS_HEARTBEAT_PENDING", ERR_LIB_SSL, 366}, + #endif + #ifdef SSL_R_TLS_ILLEGAL_EXPORTER_LABEL + {"TLS_ILLEGAL_EXPORTER_LABEL", ERR_LIB_SSL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL}, + #else + {"TLS_ILLEGAL_EXPORTER_LABEL", ERR_LIB_SSL, 367}, + #endif #ifdef SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST {"TLS_INVALID_ECPOINTFORMAT_LIST", ERR_LIB_SSL, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST}, #else @@ -1399,6 +1624,16 @@ static struct py_ssl_error_code error_codes[] = { #else {"UNKNOWN_CIPHER_TYPE", ERR_LIB_SSL, 249}, #endif + #ifdef SSL_R_UNKNOWN_CMD_NAME + {"UNKNOWN_CMD_NAME", ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME}, + #else + {"UNKNOWN_CMD_NAME", ERR_LIB_SSL, 386}, + #endif + #ifdef SSL_R_UNKNOWN_DIGEST + {"UNKNOWN_DIGEST", ERR_LIB_SSL, SSL_R_UNKNOWN_DIGEST}, + #else + {"UNKNOWN_DIGEST", ERR_LIB_SSL, 368}, + #endif #ifdef SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE {"UNKNOWN_KEY_EXCHANGE_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE}, #else @@ -1469,16 +1704,36 @@ static struct py_ssl_error_code error_codes[] = { #else {"UNSUPPORTED_STATUS_TYPE", ERR_LIB_SSL, 329}, #endif + #ifdef SSL_R_USE_SRTP_NOT_NEGOTIATED + {"USE_SRTP_NOT_NEGOTIATED", ERR_LIB_SSL, SSL_R_USE_SRTP_NOT_NEGOTIATED}, + #else + {"USE_SRTP_NOT_NEGOTIATED", ERR_LIB_SSL, 369}, + #endif + #ifdef SSL_R_VERSION_TOO_LOW + {"VERSION_TOO_LOW", ERR_LIB_SSL, SSL_R_VERSION_TOO_LOW}, + #else + {"VERSION_TOO_LOW", ERR_LIB_SSL, 396}, + #endif #ifdef SSL_R_WRITE_BIO_NOT_SET {"WRITE_BIO_NOT_SET", ERR_LIB_SSL, SSL_R_WRITE_BIO_NOT_SET}, #else {"WRITE_BIO_NOT_SET", ERR_LIB_SSL, 260}, #endif + #ifdef SSL_R_WRONG_CERTIFICATE_TYPE + {"WRONG_CERTIFICATE_TYPE", ERR_LIB_SSL, SSL_R_WRONG_CERTIFICATE_TYPE}, + #else + {"WRONG_CERTIFICATE_TYPE", ERR_LIB_SSL, 383}, + #endif #ifdef SSL_R_WRONG_CIPHER_RETURNED {"WRONG_CIPHER_RETURNED", ERR_LIB_SSL, SSL_R_WRONG_CIPHER_RETURNED}, #else {"WRONG_CIPHER_RETURNED", ERR_LIB_SSL, 261}, #endif + #ifdef SSL_R_WRONG_CURVE + {"WRONG_CURVE", ERR_LIB_SSL, SSL_R_WRONG_CURVE}, + #else + {"WRONG_CURVE", ERR_LIB_SSL, 378}, + #endif #ifdef SSL_R_WRONG_MESSAGE_TYPE {"WRONG_MESSAGE_TYPE", ERR_LIB_SSL, SSL_R_WRONG_MESSAGE_TYPE}, #else @@ -1499,6 +1754,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"WRONG_SIGNATURE_SIZE", ERR_LIB_SSL, 265}, #endif + #ifdef SSL_R_WRONG_SIGNATURE_TYPE + {"WRONG_SIGNATURE_TYPE", ERR_LIB_SSL, SSL_R_WRONG_SIGNATURE_TYPE}, + #else + {"WRONG_SIGNATURE_TYPE", ERR_LIB_SSL, 370}, + #endif #ifdef SSL_R_WRONG_SSL_VERSION {"WRONG_SSL_VERSION", ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION}, #else @@ -1519,6 +1779,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"X509_VERIFICATION_SETUP_PROBLEMS", ERR_LIB_SSL, 269}, #endif + #ifdef X509_R_AKID_MISMATCH + {"AKID_MISMATCH", ERR_LIB_X509, X509_R_AKID_MISMATCH}, + #else + {"AKID_MISMATCH", ERR_LIB_X509, 110}, + #endif #ifdef X509_R_BAD_X509_FILETYPE {"BAD_X509_FILETYPE", ERR_LIB_X509, X509_R_BAD_X509_FILETYPE}, #else @@ -1539,11 +1804,26 @@ static struct py_ssl_error_code error_codes[] = { #else {"CERT_ALREADY_IN_HASH_TABLE", ERR_LIB_X509, 101}, #endif + #ifdef X509_R_CRL_ALREADY_DELTA + {"CRL_ALREADY_DELTA", ERR_LIB_X509, X509_R_CRL_ALREADY_DELTA}, + #else + {"CRL_ALREADY_DELTA", ERR_LIB_X509, 127}, + #endif + #ifdef X509_R_CRL_VERIFY_FAILURE + {"CRL_VERIFY_FAILURE", ERR_LIB_X509, X509_R_CRL_VERIFY_FAILURE}, + #else + {"CRL_VERIFY_FAILURE", ERR_LIB_X509, 131}, + #endif #ifdef X509_R_ERR_ASN1_LIB {"ERR_ASN1_LIB", ERR_LIB_X509, X509_R_ERR_ASN1_LIB}, #else {"ERR_ASN1_LIB", ERR_LIB_X509, 102}, #endif + #ifdef X509_R_IDP_MISMATCH + {"IDP_MISMATCH", ERR_LIB_X509, X509_R_IDP_MISMATCH}, + #else + {"IDP_MISMATCH", ERR_LIB_X509, 128}, + #endif #ifdef X509_R_INVALID_DIRECTORY {"INVALID_DIRECTORY", ERR_LIB_X509, X509_R_INVALID_DIRECTORY}, #else @@ -1559,6 +1839,11 @@ static struct py_ssl_error_code error_codes[] = { #else {"INVALID_TRUST", ERR_LIB_X509, 123}, #endif + #ifdef X509_R_ISSUER_MISMATCH + {"ISSUER_MISMATCH", ERR_LIB_X509, X509_R_ISSUER_MISMATCH}, + #else + {"ISSUER_MISMATCH", ERR_LIB_X509, 129}, + #endif #ifdef X509_R_KEY_TYPE_MISMATCH {"KEY_TYPE_MISMATCH", ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH}, #else @@ -1584,11 +1869,21 @@ static struct py_ssl_error_code error_codes[] = { #else {"METHOD_NOT_SUPPORTED", ERR_LIB_X509, 124}, #endif + #ifdef X509_R_NEWER_CRL_NOT_NEWER + {"NEWER_CRL_NOT_NEWER", ERR_LIB_X509, X509_R_NEWER_CRL_NOT_NEWER}, + #else + {"NEWER_CRL_NOT_NEWER", ERR_LIB_X509, 132}, + #endif #ifdef X509_R_NO_CERT_SET_FOR_US_TO_VERIFY {"NO_CERT_SET_FOR_US_TO_VERIFY", ERR_LIB_X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY}, #else {"NO_CERT_SET_FOR_US_TO_VERIFY", ERR_LIB_X509, 105}, #endif + #ifdef X509_R_NO_CRL_NUMBER + {"NO_CRL_NUMBER", ERR_LIB_X509, X509_R_NO_CRL_NUMBER}, + #else + {"NO_CRL_NUMBER", ERR_LIB_X509, 130}, + #endif #ifdef X509_R_PUBLIC_KEY_DECODE_ERROR {"PUBLIC_KEY_DECODE_ERROR", ERR_LIB_X509, X509_R_PUBLIC_KEY_DECODE_ERROR}, #else diff --git a/Tools/ssl/make_ssl_data.py b/Tools/ssl/make_ssl_data.py index 10244d1..3fb4985 100755 --- a/Tools/ssl/make_ssl_data.py +++ b/Tools/ssl/make_ssl_data.py @@ -5,8 +5,7 @@ This script should be called *manually* when we want to upgrade SSLError `library` and `reason` mnemnonics to a more recent OpenSSL version. It takes two arguments: -- the path to the OpenSSL include files' directory - (e.g. openssl-1.0.1-beta3/include/openssl/) +- the path to the OpenSSL source tree (e.g. git checkout) - the path to the C file to be generated (probably Modules/_ssl_data.h) """ @@ -15,9 +14,10 @@ import datetime import os import re import sys +import _ssl -def parse_error_codes(h_file, prefix): +def parse_error_codes(h_file, prefix, libcode): pat = re.compile(r"#define\W+(%s([\w]+))\W+(\d+)\b" % re.escape(prefix)) codes = [] with open(h_file, "r", encoding="latin1") as f: @@ -26,7 +26,8 @@ def parse_error_codes(h_file, prefix): if match: code, name, num = match.groups() num = int(num) - codes.append((code, name, num)) + # e.g. ("SSL_R_BAD_DATA", ("ERR_LIB_SSL", "BAD_DATA", 390)) + codes.append((code, (libcode, name, num))) return codes if __name__ == "__main__": @@ -34,12 +35,32 @@ if __name__ == "__main__": outfile = sys.argv[2] use_stdout = outfile == '-' f = sys.stdout if use_stdout else open(outfile, "w") - error_libraries = ( - # (library code, mnemonic, error prefix, header file) - ('ERR_LIB_PEM', 'PEM', 'PEM_R_', 'pem.h'), - ('ERR_LIB_SSL', 'SSL', 'SSL_R_', 'ssl.h'), - ('ERR_LIB_X509', 'X509', 'X509_R_', 'x509.h'), - ) + error_libraries = { + # mnemonic -> (library code, error prefix, header file) + 'PEM': ('ERR_LIB_PEM', 'PEM_R_', 'crypto/pem/pem.h'), + 'SSL': ('ERR_LIB_SSL', 'SSL_R_', 'ssl/ssl.h'), + 'X509': ('ERR_LIB_X509', 'X509_R_', 'crypto/x509/x509.h'), + } + + # Read codes from libraries + new_codes = [] + for libcode, prefix, h_file in sorted(error_libraries.values()): + new_codes += parse_error_codes(os.path.join(openssl_inc, h_file), + prefix, libcode) + new_code_nums = set((libcode, num) + for (code, (libcode, name, num)) in new_codes) + + # Merge with existing codes (in case some old codes disappeared). + codes = {} + for errname, (libnum, errnum) in _ssl.err_names_to_codes.items(): + lib = error_libraries[_ssl.lib_codes_to_names[libnum]] + libcode = lib[0] # e.g. ERR_LIB_PEM + errcode = lib[1] + errname # e.g. SSL_R_BAD_SSL_SESSION_ID_LENGTH + # Only keep it if the numeric codes weren't reused + if (libcode, errnum) not in new_code_nums: + codes[errcode] = libcode, errname, errnum + codes.update(dict(new_codes)) + def w(l): f.write(l + "\n") w("/* File generated by Tools/ssl/make_ssl_data.py */") @@ -47,21 +68,19 @@ if __name__ == "__main__": w("") w("static struct py_ssl_library_code library_codes[] = {") - for libcode, mnemo, _, _ in error_libraries: + for mnemo, (libcode, _, _) in sorted(error_libraries.items()): w(' {"%s", %s},' % (mnemo, libcode)) w(' { NULL }') w('};') w("") w("static struct py_ssl_error_code error_codes[] = {") - for libcode, _, prefix, h_file in error_libraries: - codes = parse_error_codes(os.path.join(openssl_inc, h_file), prefix) - for code, name, num in sorted(codes): - w(' #ifdef %s' % (code)) - w(' {"%s", %s, %s},' % (name, libcode, code)) - w(' #else') - w(' {"%s", %s, %d},' % (name, libcode, num)) - w(' #endif') + for errcode, (libcode, name, num) in sorted(codes.items()): + w(' #ifdef %s' % (errcode)) + w(' {"%s", %s, %s},' % (name, libcode, errcode)) + w(' #else') + w(' {"%s", %s, %d},' % (name, libcode, num)) + w(' #endif') w(' { NULL }') w('};') if not use_stdout: |