From 6dff115f86279bfcd60a57ac4a1c0d79cbfcf10c Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Thu, 18 Apr 2013 20:07:27 +0200 Subject: [PATCH 01/11] Use a MANIFEST template instead. --- MANIFEST | 13 ------------- MANIFEST.in | 3 +++ 2 files changed, 3 insertions(+), 13 deletions(-) delete mode 100644 MANIFEST create mode 100644 MANIFEST.in diff --git a/MANIFEST b/MANIFEST deleted file mode 100644 index f7f1baf..0000000 --- a/MANIFEST +++ /dev/null @@ -1,13 +0,0 @@ -setup.py -Makefile -MANIFEST -ssl/__init__.py -ssl/_ssl2.c -ssl/2.3.6/socketmodule.h -ssl/2.5.1/socketmodule.h -test/badcert.pem -test/badkey.pem -test/keycert.pem -test/nullcert.pem -test/test_ssl.py -test/https_svn_python_org_root.pem diff --git a/MANIFEST.in b/MANIFEST.in new file mode 100644 index 0000000..00c4ffa --- /dev/null +++ b/MANIFEST.in @@ -0,0 +1,3 @@ +include Makefile +recursive-include test * +recursive-include ssl *.c *.h From 15e947674833eddaa17fa49eced9215f40e54bb4 Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Thu, 18 Apr 2013 20:07:39 +0200 Subject: [PATCH 02/11] Fixed the test make target. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 57f7eab..c89271a 100644 --- a/Makefile +++ b/Makefile @@ -16,4 +16,4 @@ clean: .PHONY: test test: - python setup.py test + python test/test_ssl.py From 905af72c916ff29f783f37443c6cb8413df4b268 Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Thu, 18 Apr 2013 20:11:37 +0200 Subject: [PATCH 03/11] Updated setup.py and README with PyPA adoption and cleaned up some duplication. --- README.rst | 104 ++++++++++++++++++++++++++++++++--- setup.py | 143 ++++++++++++------------------------------------ ssl/__init__.py | 4 ++ 3 files changed, 135 insertions(+), 116 deletions(-) diff --git a/README.rst b/README.rst index 9dc7ab7..eaf96a1 100644 --- a/README.rst +++ b/README.rst @@ -1,15 +1,101 @@ -This is a fixed version of ssl package (http://pypi.python.org/pypi/ssl). +ssl +=== -To install it, do +The old socket.ssl() support for TLS over sockets is being +superseded in Python 2.6 by a new 'ssl' module. This package +brings that module to older Python releases, 2.3.5 and up (it may +also work on older versions of 2.3, but we haven't tried it). - pip install sslfix +It's quite similar to the 2.6 ssl module. There's no stand-alone +documentation for this package; instead, just use the development +branch documentation for the SSL module at +http://docs.python.org/dev/library/ssl.html. -or download it from http://pypi.python.org/pypy/sslfix +Version 1.0 had a problem with Python 2.5.1 -- the structure of +the socket object changed from earlier versions. -Note, that the actual package installed is `ssl` and not `sslfix` (it's a drop-in replacement). +Version 1.1 was missing various package metadata information. -The fixes are: +Version 1.2 added more package metadata, and support for +ssl.get_server_certificate(), and the PEM-to-DER encode/decode +routines. Plus integrated Paul Moore's patch to setup.py for +Windows. Plus added support for asyncore, and asyncore HTTPS +server test. -- Remove installing tests system-wide (fixes "permission denied" error when installing into virtualenv). -- Add /usr/lib/i386-linux-gnu and /usr/lib/x86_64-linux-gnu to search path (fixes compilation on ubuntu 12.04). -- Do not use SSLv2_method if not present (fixes ImportError: ssl/_ssl2.so: undefined symbol: SSLv2_method). +Version 1.3 fixed a bug in the test suite. + +Version 1.4 incorporated use of -static switch. + +Version 1.5 fixed bug in Python version check affecting build on +Python 2.5.0. + +Version 1.7 (and 1.6) fixed some bugs with asyncore support (recv and +send not being called on the SSLSocket class, wrong semantics for +sendall). + +Version 1.8 incorporated some code from Chris Stawarz to handle +sockets which are set to non-blocking before negotiating the SSL +session. + +Version 1.9 makes ssl.SSLError a subtype of socket.error. + +Version 1.10 fixes a bug in sendall(). + +Version 1.11 includes the MANIFEST file, and by default will turne +unexpected EOFs occurring during a read into a regular EOF. It also +removes the code for SSLFileStream, to use the regular socket module's +_fileobject instead. + +Version 1.12 fixes the bug in SSLSocket.accept() reported by Georg +Brandl, and adds a test case for that fix. + +Version 1.13 fixes a bug in calling do_handshake() automatically +on non-blocking sockets. Thanks to Giampaolo Rodola. Now includes +real asyncore test case. + +Version 1.14 incorporates some fixes to naming (rename "recv_from" to +"recvfrom" and "send_to" to "sendto"), and a fix to the asyncore test +case to unregister the connection handler when the connection is +closed. It also exposes the SSL shutdown via the "unwrap" method +on an SSLSocket. It exposes "subjectPublicKey" in the data received +from a peer cert. + +Version 1.15 fixes a bug in write retries, where the output buffer has +changed location because of garbage collection during the interim. +It also provides the new flag, PROTOCOL_NOSSLv2, which selects SSL23, +but disallows actual use of SSL2. + +Version 1.16 removes installing tests system-wide (which fixes the +"permission denied" error when installing in virtualenvs), adds +``/usr/lib/i386-linux-gnu`` and ``/usr/lib/x86_64-linux-gnu`` to the +search path (which fixes compilation on ubuntu 12.04) and stopped using +``SSLv2_method`` if it's not present. Many thanks to `Denis Bilenko`_ +for providing those fixes through his temporary sslfix_ fork. + +The package is now maintained (bugfix only) by PyPA_. + +Authorship: A cast of dozens over the years have written the Python +SSL support, including Marc-Alan Lemburg, Robin Dunn, GvR, Kalle +Svensson, Skip Montanaro, Mark Hammond, Martin von Loewis, Jeremy +Hylton, Andrew Kuchling, Georg Brandl, Bill Janssen, Chris Stawarz, +Neal Norwitz, and many others. Thanks to Paul Moore, David Bolen and +Mark Hammond for help with the Windows side of the house. And it's +all based on OpenSSL, which has its own cast of dozens! + +.. _PyPA: https://github.com/pypa +.. _`Denis Bilenko`: https://github.com/denik +.. _`sslfix`: https://pypi.python.org/pypi/sslfix + +Installation +------------ + +To install it, run: + + pip install ssl + +or download it from https://pypi.python.org/pypi/ssl + +Issues +------ + +Feel free to report issues at https://github.com/pypa/ssl/issues diff --git a/setup.py b/setup.py index e358b7e..e7c60e0 100644 --- a/setup.py +++ b/setup.py @@ -1,4 +1,8 @@ -import os, sys +import codecs +import os +import re +import sys + from distutils.core import setup, Extension if (sys.version_info >= (2, 6, 0)): @@ -27,7 +31,8 @@ def find_file(filename, std_dirs, paths): for dir in std_dirs: f = os.path.join(dir, filename) print 'looking for', f - if os.path.exists(f): return [] + if os.path.exists(f): + return [] # Check the additional directories for dir in paths: @@ -39,6 +44,7 @@ def find_file(filename, std_dirs, paths): # Not found anywhere return None + def find_library_file(compiler, libname, std_dirs, paths): result = compiler.find_library_file(std_dirs + paths, libname) if result is None: @@ -50,7 +56,7 @@ def find_library_file(compiler, libname, std_dirs, paths): # Ensure path doesn't end with path separator p = p.rstrip(os.sep) if p == dirname: - return [ ] + return [] # Otherwise, it must have been in one of the additional directories, # so we have to figure out which one. @@ -72,12 +78,10 @@ def find_ssl(): inc_dirs = compiler.include_dirs + ['/usr/include'] search_for_ssl_incs_in = [ - '/usr/local/ssl/include', - '/usr/contrib/ssl/include/' - ] - ssl_incs = find_file('openssl/ssl.h', inc_dirs, - search_for_ssl_incs_in - ) + '/usr/local/ssl/include', + '/usr/contrib/ssl/include/', + ] + ssl_incs = find_file('openssl/ssl.h', inc_dirs, search_for_ssl_incs_in) if ssl_incs is not None: krb5_h = find_file('krb5.h', inc_dirs, ['/usr/kerberos/include']) @@ -85,11 +89,8 @@ def find_ssl(): ssl_incs += krb5_h ssl_libs = find_library_file(compiler, 'ssl', - ['/usr/lib', '/usr/lib/i386-linux-gnu', '/usr/lib/x86_64-linux-gnu'], - ['/usr/local/lib', - '/usr/local/ssl/lib', - '/usr/contrib/ssl/lib/' - ] ) + ['/usr/lib', '/usr/lib/i386-linux-gnu', '/usr/lib/x86_64-linux-gnu'], + ['/usr/local/lib', '/usr/local/ssl/lib', '/usr/contrib/ssl/lib/']) if (ssl_incs is not None and ssl_libs is not None): return ssl_incs, ssl_libs, ['ssl', 'crypto'] @@ -116,110 +117,38 @@ def find_ssl(): ssl_libs = [os.environ.get("C_LIB_DIR") or os.path.join(gnuwin32_dir, "lib")] libs = ['ssl', 'crypto', 'wsock32'] if not dynamic: - libs = libs + ['gdi32', 'gw32c', 'ole32', 'uuid'] + libs = libs + ['gdi32', 'gw32c', 'ole32', 'uuid'] link_args = ['-static'] else: ssl_incs, ssl_libs, libs = find_ssl() -setup(name='sslfix', - version='1.15', - description='SSL wrapper for socket objects (2.3, 2.4, 2.5 compatible) (fixed setup.py)', - long_description= -""" -**This is a fixed version of ssl-1.15. It's a drop-in replacement for 'ssl' package.** - -The fixes are: - - Remove installing tests system-wide (fixes "permission denied" error when installing into virtualenv). - - Add /usr/lib/i386-linux-gnu and /usr/lib/x86_64-linux-gnu to search path (fixes compilation on ubuntu 12.04). - - Do not use SSLv2_method if not present (fixes ImportError: ssl/_ssl2.so: undefined symbol: SSLv2_method). - -See https://github.com/denik/sslfix - -------- - -The old socket.ssl() support for TLS over sockets is being -superseded in Python 2.6 by a new 'ssl' module. This package -brings that module to older Python releases, 2.3.5 and up (it may -also work on older versions of 2.3, but we haven't tried it). - -It's quite similar to the 2.6 ssl module. There's no stand-alone -documentation for this package; instead, just use the development -branch documentation for the SSL module at -http://docs.python.org/dev/library/ssl.html. - -Version 1.0 had a problem with Python 2.5.1 -- the structure of -the socket object changed from earlier versions. - -Version 1.1 was missing various package metadata information. - -Version 1.2 added more package metadata, and support for -ssl.get_server_certificate(), and the PEM-to-DER encode/decode -routines. Plus integrated Paul Moore's patch to setup.py for -Windows. Plus added support for asyncore, and asyncore HTTPS -server test. - -Version 1.3 fixed a bug in the test suite. - -Version 1.4 incorporated use of -static switch. - -Version 1.5 fixed bug in Python version check affecting build on -Python 2.5.0. - -Version 1.7 (and 1.6) fixed some bugs with asyncore support (recv and -send not being called on the SSLSocket class, wrong semantics for -sendall). - -Version 1.8 incorporated some code from Chris Stawarz to handle -sockets which are set to non-blocking before negotiating the SSL -session. - -Version 1.9 makes ssl.SSLError a subtype of socket.error. - -Version 1.10 fixes a bug in sendall(). - -Version 1.11 includes the MANIFEST file, and by default will turne -unexpected EOFs occurring during a read into a regular EOF. It also -removes the code for SSLFileStream, to use the regular socket module's -_fileobject instead. - -Version 1.12 fixes the bug in SSLSocket.accept() reported by Georg -Brandl, and adds a test case for that fix. - -Version 1.13 fixes a bug in calling do_handshake() automatically -on non-blocking sockets. Thanks to Giampaolo Rodola. Now includes -real asyncore test case. - -Version 1.14 incorporates some fixes to naming (rename "recv_from" to -"recvfrom" and "send_to" to "sendto"), and a fix to the asyncore test -case to unregister the connection handler when the connection is -closed. It also exposes the SSL shutdown via the "unwrap" method -on an SSLSocket. It exposes "subjectPublicKey" in the data received -from a peer cert. +def read(*parts): + here = os.path.abspath(os.path.dirname(__file__)) + return codecs.open(os.path.join(here, *parts), 'r').read() -Version 1.15 fixes a bug in write retries, where the output buffer has -changed location because of garbage collection during the interim. -It also provides the new flag, PROTOCOL_NOSSLv2, which selects SSL23, -but disallows actual use of SSL2. -Authorship: A cast of dozens over the years have written the Python -SSL support, including Marc-Alan Lemburg, Robin Dunn, GvR, Kalle -Svensson, Skip Montanaro, Mark Hammond, Martin von Loewis, Jeremy -Hylton, Andrew Kuchling, Georg Brandl, Bill Janssen, Chris Stawarz, -Neal Norwitz, and many others. Thanks to Paul Moore, David Bolen and -Mark Hammond for help with the Windows side of the house. And it's -all based on OpenSSL, which has its own cast of dozens! +def find_version(*file_paths): + version_file = read(*file_paths) + version_match = re.search(r"^__version__ = ['\"]([^'\"]*)['\"]", + version_file, re.M) + if version_match: + return version_match.group(1) + raise RuntimeError("Unable to find version string.") -""", +setup(name='ssl', + version=find_version('ssl', '__init__.py'), + description='SSL wrapper for socket objects (2.3, 2.4, 2.5 compatible)', + long_description=read('README.rst'), license='Python (MIT-like)', author='See long_description for details', - author_email='python.ssl.maintainer@gmail.com', - url='https://github.com/denik/sslfix', + author_email='pypa-dev@googlegroups.com', + url='https://github.com/pypa/ssl', packages=['ssl'], ext_modules=[Extension('ssl._ssl2', ['ssl/_ssl2.c'], - include_dirs = ssl_incs + [socket_inc], - library_dirs = ssl_libs, - libraries = libs, - extra_link_args = link_args)] + include_dirs=ssl_incs + [socket_inc], + library_dirs=ssl_libs, + libraries=libs, + extra_link_args=link_args)] ) diff --git a/ssl/__init__.py b/ssl/__init__.py index 8cf1866..3c1968d 100644 --- a/ssl/__init__.py +++ b/ssl/__init__.py @@ -80,6 +80,10 @@ import base64 # for DER-to-PEM translation import select # for handshake +# The version as used in the setup.py +__version__ = "1.16" + + class SSLSocket (socket): """This class implements a subtype of socket.socket that wraps From 7630d553616149e7cf426efb7fc6deba3d83e555 Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Thu, 18 Apr 2013 20:13:12 +0200 Subject: [PATCH 04/11] Started to fix the tests. - Removed the old root cert of the svn.python.org and added CaCert root cert. - Fixed some stylistic issues. - Added initial Travis config. --- .travis.yml | 9 +++ test/https_svn_python_org_root.pem | 26 ------- test/root.crt | 41 ++++++++++ test/test_ssl.py | 118 ++++++++++++++--------------- 4 files changed, 107 insertions(+), 87 deletions(-) create mode 100644 .travis.yml delete mode 100644 test/https_svn_python_org_root.pem create mode 100644 test/root.crt diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..e23433c --- /dev/null +++ b/.travis.yml @@ -0,0 +1,9 @@ +language: python +python: + - 2.5 +before_install: + - pip uninstall sslfix + - pip uninstall ssl # just to be sure +install: + - pip install . +script: python test/test_ssl.py diff --git a/test/https_svn_python_org_root.pem b/test/https_svn_python_org_root.pem deleted file mode 100644 index 807cb7d..0000000 --- a/test/https_svn_python_org_root.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB -lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug -Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho -dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt -SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG -A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe -MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v -d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh -cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn -0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ -M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a -MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd -oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI -DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy -oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0 -dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy -bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF -BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM -//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli -CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE -CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t -3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS -KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA== ------END CERTIFICATE----- \ No newline at end of file diff --git a/test/root.crt b/test/root.crt new file mode 100644 index 0000000..e7dfc82 --- /dev/null +++ b/test/root.crt @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- diff --git a/test/test_ssl.py b/test/test_ssl.py index 68dd631..d188bce 100644 --- a/test/test_ssl.py +++ b/test/test_ssl.py @@ -1,16 +1,13 @@ # Test the support for SSL and sockets - import sys import unittest from test import test_support import select import socket -import errno -import time import os import pprint -import urllib, urlparse -import shutil +import urllib +import urlparse import traceback import asyncore @@ -30,6 +27,10 @@ TESTPORT = 10025 +# simply enable the network resource here to be able to run the test file directly +test_support.use_resources = ['network'] + + def handle_error(prefix): exc_format = ' '.join(traceback.format_exception(*sys.exc_info())) if test_support.verbose: @@ -70,7 +71,6 @@ def testParseCert(self): sys.stdout.write("\n" + pprint.pformat(p) + "\n") def testDERtoPEM(self): - pem = open(SVN_PYTHON_ORG_ROOT_CERT, 'r').read() d1 = ssl.PEM_cert_to_DER_cert(pem) p2 = ssl.DER_cert_to_PEM_cert(d1) @@ -78,10 +78,10 @@ def testDERtoPEM(self): if (d1 != d2): raise test_support.TestFailed("PEM-to-DER or DER-to-PEM translation failed") + class NetworkedTests(unittest.TestCase): def testConnect(self): - import os s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_NONE) s.connect(("pop.gmail.com", 995)) @@ -113,7 +113,6 @@ def testConnect(self): finally: s.close() - def testNonBlockingHandshake(self): s = socket.socket(socket.AF_INET) s.connect(("svn.python.org", 443)) @@ -159,7 +158,6 @@ def testFetchServerCert(self): sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem) - try: import threading except ImportError: @@ -198,7 +196,7 @@ def show_conn_details(self): if test_support.verbose and self.server.chatty: sys.stdout.write(" server: connection cipher is now " + str(cipher) + "\n") - def wrap_conn (self): + def wrap_conn(self): try: self.sslconn = ssl.wrap_socket(self.sock, server_side=True, certfile=self.server.certificate, @@ -241,7 +239,7 @@ def close(self): # close is broken on sockets os.close(self.sock.fileno()) - def run (self): + def run(self): self.running = True if not self.server.starttls_server: if isinstance(self.sock, ssl.SSLSocket): @@ -277,7 +275,7 @@ def run (self): sys.stdout.write(" server: connection is now unencrypted...\n") else: if (test_support.verbose and - self.server.connectionchatty): + self.server.connectionchatty): ctype = (self.sslconn and "encrypted") or "unencrypted" sys.stdout.write(" server: read %s (%s), sending back %s (%s)...\n" % (repr(msg), ctype, repr(msg.lower()), ctype)) @@ -318,9 +316,9 @@ def __init__(self, port, certificate, ssl_version=None, if wrap_accepting_socket: self.sock = ssl.wrap_socket(self.sock, server_side=True, certfile=self.certificate, - cert_reqs = self.certreqs, - ca_certs = self.cacerts, - ssl_version = self.protocol) + cert_reqs=self.certreqs, + ca_certs=self.cacerts, + ssl_version=self.protocol) if test_support.verbose and self.chatty: sys.stdout.write(' server: wrapped server socket as %s\n' % str(self.sock)) self.sock.bind(('127.0.0.1', port)) @@ -328,11 +326,11 @@ def __init__(self, port, certificate, ssl_version=None, threading.Thread.__init__(self) self.setDaemon(False) - def start (self, flag=None): + def start(self, flag=None): self.flag = flag threading.Thread.start(self) - def run (self): + def run(self): self.sock.settimeout(0.5) self.sock.listen(5) self.active = True @@ -356,10 +354,9 @@ def run (self): handle_error("Test server failure:\n") self.sock.close() - def stop (self): + def stop(self): self.active = False - class AsyncoreEchoServer(threading.Thread): class EchoServer (asyncore.dispatcher): @@ -406,7 +403,8 @@ def __init__(self, port, certfile): def handle_accept(self): sock_obj, addr = self.accept() if test_support.verbose: - sys.stdout.write(" server: new connection from %s:%s\n" %addr) + sys.stdout.write(" server: new connection from %s:%s\n" % + addr) self.ConnectionHandler(sock_obj, self.certfile) def handle_error(self): @@ -422,11 +420,11 @@ def __init__(self, port, certfile): def __str__(self): return "<%s %s>" % (self.__class__.__name__, self.server) - def start (self, flag=None): + def start(self, flag=None): self.flag = flag threading.Thread.start(self) - def run (self): + def run(self): self.active = True if self.flag: self.flag.set() @@ -436,7 +434,7 @@ def run (self): except: pass - def stop (self): + def stop(self): self.active = False self.server.close() @@ -458,7 +456,7 @@ def __str__(self): self.server_name, self.server_port)) - def get_request (self): + def get_request(self): # override this to wrap socket with SSL sock, addr = self.socket.accept() sslconn = ssl.wrap_socket(sock, server_side=True, @@ -484,7 +482,7 @@ def serve_forever(self): self.server_close() return except: - sys.stdout.write(''.join(traceback.format_exception(*sys.exc_info()))); + sys.stdout.write(''.join(traceback.format_exception(*sys.exc_info()))) def server_close(self): # Again, we want this to run in a thread, so we need to override @@ -520,7 +518,8 @@ def translate_path(self, path): for word in words: drive, word = os.path.splitdrive(word) head, word = os.path.split(word) - if word in self.root: continue + if word in self.root: + continue path = os.path.join(path, word) return path @@ -534,8 +533,7 @@ def log_message(self, format, *args): self.server.server_port, self.request.cipher(), self.log_date_time_string(), - format%args)) - + format % args)) def __init__(self, port, certfile): self.flag = None @@ -549,23 +547,22 @@ def __init__(self, port, certfile): def __str__(self): return "<%s %s>" % (self.__class__.__name__, self.server) - def start (self, flag=None): + def start(self, flag=None): self.flag = flag threading.Thread.start(self) - def run (self): + def run(self): self.active = True if self.flag: self.flag.set() self.server.serve_forever() self.active = False - def stop (self): + def stop(self): self.active = False self.server.server_close() - - def badCertTest (certfile): + def badCertTest(certfile): server = ThreadedEchoServer(TESTPORT, CERTFILE, certreqs=ssl.CERT_REQUIRED, cacerts=CERTFILE, chatty=False) @@ -590,10 +587,10 @@ def badCertTest (certfile): server.stop() server.join() - def serverParamsTest (certfile, protocol, certreqs, cacertsfile, - client_certfile, client_protocol=None, indata="FOO\n", - chatty=True, connectionchatty=False, - wrap_accepting_socket=False): + def serverParamsTest(certfile, protocol, certreqs, cacertsfile, + client_certfile, client_protocol=None, indata="FOO\n", + chatty=True, connectionchatty=False, + wrap_accepting_socket=False): server = ThreadedEchoServer(TESTPORT, certfile, certreqs=certreqs, @@ -634,8 +631,8 @@ def serverParamsTest (certfile, protocol, certreqs, cacertsfile, if outdata != indata.lower(): raise test_support.TestFailed( "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n" - % (outdata[:min(len(outdata),20)], len(outdata), - indata[:min(len(indata),20)].lower(), len(indata))) + % (outdata[:min(len(outdata), 20)], len(outdata), + indata[:min(len(indata), 20)].lower(), len(indata))) s.write("over\n") if connectionchatty: if test_support.verbose: @@ -645,12 +642,12 @@ def serverParamsTest (certfile, protocol, certreqs, cacertsfile, server.stop() server.join() - def tryProtocolCombo (server_protocol, - client_protocol, - expectedToWork, - certsreqs=None): + def tryProtocolCombo(server_protocol, + client_protocol, + expectedToWork, + certsreqs=None): - if certsreqs == None: + if certsreqs is None: certsreqs = ssl.CERT_NONE if certsreqs == ssl.CERT_NONE: @@ -678,7 +675,6 @@ def tryProtocolCombo (server_protocol, % (ssl.get_protocol_name(client_protocol), ssl.get_protocol_name(server_protocol))) - class ThreadedTests(unittest.TestCase): def testRudeShutdown(self): @@ -700,7 +696,7 @@ def listener(): s.listen(5) listener_ready.set() s.accept() - s = None # reclaim the socket object, which also closes it + s = None # reclaim the socket object, which also closes it listener_gone.set() def connector(): @@ -709,19 +705,19 @@ def connector(): s.connect(('127.0.0.1', TESTPORT)) listener_gone.wait() try: - ssl_sock = ssl.wrap_socket(s) + ssl.wrap_socket(s) except socket.error: pass else: raise test_support.TestFailed( - 'connecting to closed SSL socket should have failed') + 'connecting to closed SSL socket should have failed') t = threading.Thread(target=listener) t.start() connector() t.join() - def testEcho (self): + def testEcho(self): if test_support.verbose: sys.stdout.write("\n") @@ -775,10 +771,10 @@ def testReadCert(self): "No subject field in certificate: %s." % pprint.pformat(cert)) if ((('organizationName', 'Python Software Foundation'),) - not in cert['subject']): + not in cert['subject']): raise test_support.TestFailed( "Missing or invalid 'organizationName' field in certificate subject; " - "should be 'Python Software Foundation'."); + "should be 'Python Software Foundation'.") s.close() finally: server.stop() @@ -787,9 +783,11 @@ def testReadCert(self): def testNULLcert(self): badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir, "nullcert.pem")) + def testMalformedCert(self): badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir, "badcert.pem")) + def testMalformedKey(self): badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir, "badkey.pem")) @@ -847,7 +845,7 @@ def testProtocolTLS1(self): tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False) tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23, False) - def testSTARTTLS (self): + def testSTARTTLS(self): msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6") @@ -888,7 +886,7 @@ def testSTARTTLS (self): wrapped = True elif (indata == "ENDTLS" and - outdata.strip().lower().startswith("ok")): + outdata.strip().lower().startswith("ok")): if test_support.verbose: sys.stdout.write( " client: read %s from server, ending TLS...\n" @@ -945,7 +943,7 @@ def testSocketServer(self): server.stop() server.join() - def testWrappedAccept (self): + def testWrappedAccept(self): if test_support.verbose: sys.stdout.write("\n") @@ -954,8 +952,7 @@ def testWrappedAccept (self): chatty=True, connectionchatty=True, wrap_accepting_socket=True) - - def testAsyncoreServer (self): + def testAsyncoreServer(self): indata = "TEST MESSAGE of mixed case\n" @@ -986,8 +983,8 @@ def testAsyncoreServer (self): if outdata != indata.lower(): raise test_support.TestFailed( "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n" - % (outdata[:min(len(outdata),20)], len(outdata), - indata[:min(len(indata),20)].lower(), len(indata))) + % (outdata[:min(len(outdata), 20)], len(outdata), + indata[:min(len(indata), 20)].lower(), len(indata))) s.write("over\n") if test_support.verbose: sys.stdout.write(" client: closing connection.\n") @@ -1025,11 +1022,10 @@ def test_main(verbose=False): CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert.pem") SVN_PYTHON_ORG_ROOT_CERT = os.path.join( - os.path.dirname(__file__) or os.curdir, - "https_svn_python_org_root.pem") + os.path.dirname(__file__) or os.curdir, "root.crt") if (not os.path.exists(CERTFILE) or - not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)): + not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)): raise test_support.TestFailed("Can't read certificate files!") TESTPORT = findtestsocket(10025, 12000) From c2b414a012d19a0278e1b853ac761619368359f7 Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Thu, 18 Apr 2013 20:17:27 +0200 Subject: [PATCH 05/11] Added simple ignore file. --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..315e074 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +build +*.egg-info +*.so \ No newline at end of file From 804d41ff3983f10243b6975639e45286599d7f07 Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Thu, 18 Apr 2013 20:18:38 +0200 Subject: [PATCH 06/11] Minor rST fix. --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index eaf96a1..6a92b40 100644 --- a/README.rst +++ b/README.rst @@ -89,7 +89,7 @@ all based on OpenSSL, which has its own cast of dozens! Installation ------------ -To install it, run: +To install it, run:: pip install ssl From 7d290b0bae644bff165eedb46e3ac92e35a66417 Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Thu, 18 Apr 2013 20:43:16 +0200 Subject: [PATCH 07/11] Really uninstall those. --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index e23433c..4b7c802 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,8 +2,8 @@ language: python python: - 2.5 before_install: - - pip uninstall sslfix - - pip uninstall ssl # just to be sure + - pip uninstall -y sslfix + - pip uninstall -y ssl # just to be sure install: - pip install . script: python test/test_ssl.py From a0158a1256f5944f84878ae8971ee398e213bd78 Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Sat, 20 Apr 2013 12:04:24 +0200 Subject: [PATCH 08/11] Added README to manifest template. --- MANIFEST.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MANIFEST.in b/MANIFEST.in index 00c4ffa..714e1a0 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,3 +1,3 @@ -include Makefile +include Makefile README.rst recursive-include test * recursive-include ssl *.c *.h From 53b55dcb92c03edec70690d3cd9177b4c7f16f7b Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Fri, 29 May 2020 01:03:20 +0200 Subject: [PATCH 09/11] Update author email to be the distutils-sig list. Fix #11. --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index e7c60e0..8e16cd8 100644 --- a/setup.py +++ b/setup.py @@ -143,7 +143,7 @@ def find_version(*file_paths): long_description=read('README.rst'), license='Python (MIT-like)', author='See long_description for details', - author_email='pypa-dev@googlegroups.com', + author_email='distutils-sig@python.org', url='https://github.com/pypa/ssl', packages=['ssl'], ext_modules=[Extension('ssl._ssl2', ['ssl/_ssl2.c'], From 9c2eaafcee585f7db17c4f35be0e3c9ba6008955 Mon Sep 17 00:00:00 2001 From: Aniruddh Ramanujam Date: Sat, 22 Aug 2020 11:22:18 +0530 Subject: [PATCH 10/11] Update setup.py --- setup.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 8e16cd8..2b68a82 100644 --- a/setup.py +++ b/setup.py @@ -30,14 +30,14 @@ def find_file(filename, std_dirs, paths): # Check the standard locations for dir in std_dirs: f = os.path.join(dir, filename) - print 'looking for', f + print('looking for', f) if os.path.exists(f): return [] # Check the additional directories for dir in paths: f = os.path.join(dir, filename) - print 'looking for', f + print('looking for', f) if os.path.exists(f): return [dir] From 3536239c3becca8faa043ae2380bb45ac51a83da Mon Sep 17 00:00:00 2001 From: Aniruddh Ramanujam Date: Sat, 22 Aug 2020 11:26:44 +0530 Subject: [PATCH 11/11] Update setup.py setup.py "Missing parentheses in call to 'print' " error rectification --- setup.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 8e16cd8..2b68a82 100644 --- a/setup.py +++ b/setup.py @@ -30,14 +30,14 @@ def find_file(filename, std_dirs, paths): # Check the standard locations for dir in std_dirs: f = os.path.join(dir, filename) - print 'looking for', f + print('looking for', f) if os.path.exists(f): return [] # Check the additional directories for dir in paths: f = os.path.join(dir, filename) - print 'looking for', f + print('looking for', f) if os.path.exists(f): return [dir]