From 61c001a93942e5afc23d607f84f0ff04d01fc4b4 Mon Sep 17 00:00:00 2001 From: Bill Janssen Date: Mon, 8 Sep 2008 16:37:24 +0000 Subject: incorporate fixes from issue 3162; SSL doc patch --- Doc/library/ssl.rst | 5 ++- Lib/ssl.py | 44 ++++++++++++++++--- Lib/test/test_ssl.py | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 163 insertions(+), 7 deletions(-) diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index df161fd..4fcc2f4 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -327,9 +327,10 @@ SSLSocket Objects Performs the SSL shutdown handshake, which removes the TLS layer from the underlying socket, and returns the underlying socket object. This can be used to go from encrypted operation over a - connection to unencrypted. The returned socket should always be + connection to unencrypted. The socket instance returned should always be used for further communication with the other side of the - connection, rather than the original socket + connection, rather than the original socket instance (which may + not function properly after the unwrap). .. index:: single: certificates diff --git a/Lib/ssl.py b/Lib/ssl.py index c9ee71a..8a799bc 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -91,10 +91,12 @@ class SSLSocket (socket): suppress_ragged_eofs=True): socket.__init__(self, _sock=sock._sock) # the initializer for socket trashes the methods (tsk, tsk), so... - self.send = lambda x, flags=0: SSLSocket.send(self, x, flags) - self.recv = lambda x, flags=0: SSLSocket.recv(self, x, flags) + self.send = lambda data, flags=0: SSLSocket.send(self, data, flags) self.sendto = lambda data, addr, flags=0: SSLSocket.sendto(self, data, addr, flags) - self.recvfrom = lambda addr, buflen, flags: SSLSocket.recvfrom(self, addr, buflen, flags) + self.recv = lambda buflen=1024, flags=0: SSLSocket.recv(self, buflen, flags) + self.recvfrom = lambda addr, buflen=1024, flags=0: SSLSocket.recvfrom(self, addr, buflen, flags) + self.recv_into = lambda buffer, nbytes=None, flags=0: SSLSocket.recv_into(self, buffer, nbytes, flags) + self.recvfrom_into = lambda buffer, nbytes=None, flags=0: SSLSocket.recvfrom_into(self, buffer, nbytes, flags) if certfile and not keyfile: keyfile = certfile @@ -221,6 +223,30 @@ class SSLSocket (socket): else: return socket.recv(self, buflen, flags) + def recv_into (self, buffer, nbytes=None, flags=0): + if buffer and (nbytes is None): + nbytes = len(buffer) + elif nbytes is None: + nbytes = 1024 + if self._sslobj: + if flags != 0: + raise ValueError( + "non-zero flags not allowed in calls to recv_into() on %s" % + self.__class__) + while True: + try: + tmp_buffer = self.read(nbytes) + v = len(tmp_buffer) + buffer[:v] = tmp_buffer + return v + except SSLError as x: + if x.args[0] == SSL_ERROR_WANT_READ: + continue + else: + raise x + else: + return socket.recv_into(self, buffer, nbytes, flags) + def recvfrom (self, addr, buflen=1024, flags=0): if self._sslobj: raise ValueError("recvfrom not allowed on instances of %s" % @@ -228,6 +254,13 @@ class SSLSocket (socket): else: return socket.recvfrom(self, addr, buflen, flags) + def recvfrom_into (self, buffer, nbytes=None, flags=0): + if self._sslobj: + raise ValueError("recvfrom_into not allowed on instances of %s" % + self.__class__) + else: + return socket.recvfrom_into(self, buffer, nbytes, flags) + def pending (self): if self._sslobj: return self._sslobj.pending() @@ -295,8 +328,9 @@ class SSLSocket (socket): def makefile(self, mode='r', bufsize=-1): - """Ouch. Need to make and return a file-like object that - works with the SSL connection.""" + """Make and return a file-like object that + works with the SSL connection. Just use the code + from the socket module.""" self._makefile_refs += 1 return _fileobject(self, mode, bufsize) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 05a9b57..98681f4 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1030,6 +1030,127 @@ else: server.join() + def testAllRecvAndSendMethods(self): + + if test_support.verbose: + sys.stdout.write("\n") + + server = ThreadedEchoServer(CERTFILE, + certreqs=ssl.CERT_NONE, + ssl_version=ssl.PROTOCOL_TLSv1, + cacerts=CERTFILE, + chatty=True, + connectionchatty=False) + flag = threading.Event() + server.start(flag) + # wait for it to start + flag.wait() + # try to connect + try: + s = ssl.wrap_socket(socket.socket(), + server_side=False, + certfile=CERTFILE, + ca_certs=CERTFILE, + cert_reqs=ssl.CERT_NONE, + ssl_version=ssl.PROTOCOL_TLSv1) + s.connect((HOST, server.port)) + except ssl.SSLError as x: + raise support.TestFailed("Unexpected SSL error: " + str(x)) + except Exception as x: + raise support.TestFailed("Unexpected exception: " + str(x)) + else: + # helper methods for standardising recv* method signatures + def _recv_into(): + b = bytearray("\0"*100) + count = s.recv_into(b) + return b[:count] + + def _recvfrom_into(): + b = bytearray("\0"*100) + count, addr = s.recvfrom_into(b) + return b[:count] + + # (name, method, whether to expect success, *args) + send_methods = [ + ('send', s.send, True, []), + ('sendto', s.sendto, False, ["some.address"]), + ('sendall', s.sendall, True, []), + ] + recv_methods = [ + ('recv', s.recv, True, []), + ('recvfrom', s.recvfrom, False, ["some.address"]), + ('recv_into', _recv_into, True, []), + ('recvfrom_into', _recvfrom_into, False, []), + ] + data_prefix = u"PREFIX_" + + for meth_name, send_meth, expect_success, args in send_methods: + indata = data_prefix + meth_name + try: + send_meth(indata.encode('ASCII', 'strict'), *args) + outdata = s.read() + outdata = outdata.decode('ASCII', 'strict') + if outdata != indata.lower(): + raise support.TestFailed( + "While sending with <<%s>> bad data " + "<<%r>> (%d) received; " + "expected <<%r>> (%d)\n" % ( + meth_name, outdata[:20], len(outdata), + indata[:20], len(indata) + ) + ) + except ValueError as e: + if expect_success: + raise support.TestFailed( + "Failed to send with method <<%s>>; " + "expected to succeed.\n" % (meth_name,) + ) + if not str(e).startswith(meth_name): + raise support.TestFailed( + "Method <<%s>> failed with unexpected " + "exception message: %s\n" % ( + meth_name, e + ) + ) + + for meth_name, recv_meth, expect_success, args in recv_methods: + indata = data_prefix + meth_name + try: + s.send(indata.encode('ASCII', 'strict')) + outdata = recv_meth(*args) + outdata = outdata.decode('ASCII', 'strict') + if outdata != indata.lower(): + raise support.TestFailed( + "While receiving with <<%s>> bad data " + "<<%r>> (%d) received; " + "expected <<%r>> (%d)\n" % ( + meth_name, outdata[:20], len(outdata), + indata[:20], len(indata) + ) + ) + except ValueError as e: + if expect_success: + raise support.TestFailed( + "Failed to receive with method <<%s>>; " + "expected to succeed.\n" % (meth_name,) + ) + if not str(e).startswith(meth_name): + raise support.TestFailed( + "Method <<%s>> failed with unexpected " + "exception message: %s\n" % ( + meth_name, e + ) + ) + # consume data + s.read() + + s.write("over\n".encode("ASCII", "strict")) + s.close() + finally: + server.stop() + server.join() + + def test_main(verbose=False): if skip_expected: raise test_support.TestSkipped("No SSL support") -- cgit v0.12