From 39295c2650fe3f7d0a94bfa172e95cfedb28433f Mon Sep 17 00:00:00 2001
From: Bill Janssen <janssen@parc.com>
Date: Tue, 12 Aug 2008 16:31:21 +0000
Subject: remove duplicate close() from ssl.py; expose unwrap and add test for
 it

---
 Lib/ssl.py           | 12 ++++++++----
 Lib/test/test_ssl.py | 19 +++++++++++++++++--
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/Lib/ssl.py b/Lib/ssl.py
index e45e16b..c9ee71a 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -234,15 +234,19 @@ class SSLSocket (socket):
         else:
             return 0
 
+    def unwrap (self):
+        if self._sslobj:
+            s = self._sslobj.shutdown()
+            self._sslobj = None
+            return s
+        else:
+            raise ValueError("No SSL wrapper around " + str(self))
+
     def shutdown (self, how):
         self._sslobj = None
         socket.shutdown(self, how)
 
     def close (self):
-        self._sslobj = None
-        socket.close(self)
-
-    def close (self):
         if self._makefile_refs < 1:
             self._sslobj = None
             socket.close(self)
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 79dad64..fca8a57 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -282,6 +282,14 @@ else:
                             self.write("OK\n")
                             if not self.wrap_conn():
                                 return
+                        elif self.server.starttls_server and self.sslconn and msg.strip() == 'ENDTLS':
+                            if test_support.verbose and self.server.connectionchatty:
+                                sys.stdout.write(" server: read ENDTLS from client, sending OK...\n")
+                            self.write("OK\n")
+                            self.sslconn.unwrap()
+                            self.sslconn = None
+                            if test_support.verbose and self.server.connectionchatty:
+                                sys.stdout.write(" server: connection is now unencrypted...\n")
                         else:
                             if (test_support.verbose and
                                 self.server.connectionchatty):
@@ -867,7 +875,7 @@ else:
 
         def testSTARTTLS (self):
 
-            msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4")
+            msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6")
 
             server = ThreadedEchoServer(CERTFILE,
                                         ssl_version=ssl.PROTOCOL_TLSv1,
@@ -907,8 +915,15 @@ else:
                                     " client:  read %s from server, starting TLS...\n"
                                     % repr(outdata))
                             conn = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
-
                             wrapped = True
+                        elif (indata == "ENDTLS" and
+                            outdata.strip().lower().startswith("ok")):
+                            if test_support.verbose:
+                                sys.stdout.write(
+                                    " client:  read %s from server, ending TLS...\n"
+                                    % repr(outdata))
+                            s = conn.unwrap()
+                            wrapped = False
                         else:
                             if test_support.verbose:
                                 sys.stdout.write(
-- 
cgit v0.12