From f4d6890b51b63bdfb0decc1d8ff129434f6cae4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 4 Sep 2016 18:31:53 -0300 Subject: [PATCH 01/47] adds basic files and exception classes. --- wrapper/python/wolfssl/.centos-provisioner.sh | 26 ++++ wrapper/python/wolfssl/.ubuntu-provisioner.sh | 23 +++ wrapper/python/wolfssl/LICENSING.rst | 23 +++ wrapper/python/wolfssl/MANIFEST.in | 1 + wrapper/python/wolfssl/README.rst | 144 ++++++++++++++++++ wrapper/python/wolfssl/Vagrantfile | 14 ++ .../python/wolfssl/requirements-testing.txt | 3 + wrapper/python/wolfssl/setup.py | 55 +++++++ wrapper/python/wolfssl/tox.ini | 7 + wrapper/python/wolfssl/wolfssl/__about__.py | 45 ++++++ wrapper/python/wolfssl/wolfssl/_exceptions.py | 77 ++++++++++ 11 files changed, 418 insertions(+) create mode 100644 wrapper/python/wolfssl/.centos-provisioner.sh create mode 100644 wrapper/python/wolfssl/.ubuntu-provisioner.sh create mode 100644 wrapper/python/wolfssl/LICENSING.rst create mode 100644 wrapper/python/wolfssl/MANIFEST.in create mode 100644 wrapper/python/wolfssl/README.rst create mode 100644 wrapper/python/wolfssl/Vagrantfile create mode 100644 wrapper/python/wolfssl/requirements-testing.txt create mode 100755 wrapper/python/wolfssl/setup.py create mode 100644 wrapper/python/wolfssl/tox.ini create mode 100644 wrapper/python/wolfssl/wolfssl/__about__.py create mode 100644 wrapper/python/wolfssl/wolfssl/_exceptions.py diff --git a/wrapper/python/wolfssl/.centos-provisioner.sh b/wrapper/python/wolfssl/.centos-provisioner.sh new file mode 100644 index 000000000..8ce2cad66 --- /dev/null +++ b/wrapper/python/wolfssl/.centos-provisioner.sh @@ -0,0 +1,26 @@ +[ "$(whoami)" != "root" ] && echo "Sorry, you are not root." && exit 1 + +rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm +yum update +yum install -y git autoconf libtool + +git clone https://github.com/wolfssl/wolfssl.git +[ $? -ne 0 ] && echo "\n\nCouldn't download wolfssl.\n\n" && exit 1 + +pushd wolfssl + +./autogen.sh +./configure +make +make install +echo /usr/local/lib > wolfssl.conf +mv wolfssl.conf /etc/ld.so.conf +ldconfig + +popd +rm -rf wolfssl + +yum install -y libffi-devel python-devel python-pip + +pip install wolfssl +[ $? -ne 0 ] && echo "\n\nCouldn't install wolfssl.\n\n" && exit 1 diff --git a/wrapper/python/wolfssl/.ubuntu-provisioner.sh b/wrapper/python/wolfssl/.ubuntu-provisioner.sh new file mode 100644 index 000000000..c11d9c204 --- /dev/null +++ b/wrapper/python/wolfssl/.ubuntu-provisioner.sh @@ -0,0 +1,23 @@ +[ "$(whoami)" != "root" ] && echo "Sorry, you are not root." && exit 1 + +apt-get update +apt-get install -y git autoconf libtool + +git clone https://github.com/wolfssl/wolfssl.git +[ $? -ne 0 ] && echo "\n\nCouldn't download wolfssl.\n\n" && exit 1 + +pushd wolfssl + +./autogen.sh +./configure +make +make install +ldconfig + +popd +rm -rf wolfssl + +apt-get install -y libffi-dev python-dev python-pip + +pip install wolfssl +[ $? -ne 0 ] && echo "\n\nCouldn't install wolfssl.\n\n" && exit 1 diff --git a/wrapper/python/wolfssl/LICENSING.rst b/wrapper/python/wolfssl/LICENSING.rst new file mode 100644 index 000000000..88cfaea39 --- /dev/null +++ b/wrapper/python/wolfssl/LICENSING.rst @@ -0,0 +1,23 @@ +Licensing +--------- + +wolfSSL’s software is available under two distinct licensing models: +open source and standard commercial licensing. Please see the relevant +section below for information on each type of license. + +Open Source +~~~~~~~~~~~ + +wolfCrypt and wolfSSL software are free software downloads and may be modified +to the needs of the user as long as the user adheres to version two of the GPL +License. The GPLv2 license can be found on the `gnu.org website +`_. + +Commercial Licensing +~~~~~~~~~~~~~~~~~~~~ + +Businesses and enterprises who wish to incorporate wolfSSL products into +proprietary appliances or other commercial software products for +re-distribution must license commercial versions. Licenses are generally +issued for one product and include unlimited royalty-free distribution. +Custom licensing terms are also available at licensing@wolfssl.com. diff --git a/wrapper/python/wolfssl/MANIFEST.in b/wrapper/python/wolfssl/MANIFEST.in new file mode 100644 index 000000000..3c56fcf44 --- /dev/null +++ b/wrapper/python/wolfssl/MANIFEST.in @@ -0,0 +1 @@ +include LICENSING.rst diff --git a/wrapper/python/wolfssl/README.rst b/wrapper/python/wolfssl/README.rst new file mode 100644 index 000000000..f5c321c00 --- /dev/null +++ b/wrapper/python/wolfssl/README.rst @@ -0,0 +1,144 @@ + + +wolfssl: the wolfSSL Inc. SSL/TLS library +========================================= + +**wolfssl Python**, a.k.a. ``wolfssl`` is a Python library that encapsulates +**wolfSSL's C SSL/TLS library**. + +`wolfssl `_ is a +lightweight, portable, C-language-based crypto library +targeted at IoT, embedded, and RTOS environments primarily because of its size, +speed, and feature set. It works seamlessly in desktop, enterprise, and cloud +environments as well. It is the crypto engine behind `wolfSSl's embedded ssl +library `_. + + +Installation +------------ + +In order to use ``wolfssl``, first you'll need to install ``wolfssl`` C +embedded SSL/TLS library. + +Installing ``wolfssl`` C SSL/TLS library: +~~~~~~~~~~~~~~~~~~~~~~~~ + +**Mac OSX** + +.. code-block:: console + + brew install wolfssl + +or + +.. code-block:: console + + git clone https://github.com/wolfssl/wolfssl.git + cd wolfssl/ + ./autogen.sh + ./configure --enable-sha512 + make + sudo make install + + +**Ubuntu** + +.. code-block:: console + + sudo apt-get update + sudo apt-get install -y git autoconf libtool + + git clone https://github.com/wolfssl/wolfssl.git + cd wolfssl/ + ./autogen.sh + ./configure --enable-sha512 + make + sudo make install + + sudo ldconfig + +**CentOS** + +.. code-block:: console + + sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm + sudo yum update + sudo yum install -y git autoconf libtool + + git clone git@github.com:wolfssl/wolfssl.git + cd wolfssl + ./autogen.sh + ./configure --enable-sha512 + make + sudo make install + + echo /usr/local/lib > wolfssl.conf + sudo mv wolfssl.conf /etc/ld.so.conf + sudo ldconfig + + +Installing ``wolfssl`` python module: +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +**Mac OSX** + +.. code-block:: console + + sudo -H pip install wolfssl + + +**Ubuntu** + +.. code-block:: console + + sudo apt-get install -y python-dev python3-dev python-pip libffi-dev + sudo -H pip install wolfssl + + +**CentOS** + +.. code-block:: console + + sudo yum install -y python-devel python3-devel python-pip libffi-devel + sudo -H pip install wolfssl + + +Testing ``wolfssl`` python module: +~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: console + + python -c "from wolfssl.hashes import Sha; print Sha().hexdigest()" + +expected output: **da39a3ee5e6b4b0d3255bfef95601890afd80709** + + +Testing ``wolfssl``'s source code with ``tox`` : +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To run the unit tests in the source code, you'll need ``tox`` and a few other +requirements. The source code relies at 'WOLFSSL_DIR/wrapper/python/wolfssl' +where WOLFSSL_DIR is the path of ``wolfssl``'s source code. + +1. Make sure that the testing requirements are installed: + +.. code-block:: console + + $ sudo -H pip install -r requirements-testing.txt + + +2. Run ``tox``: + +.. code-block:: console + + $ tox + ... + _________________________________ summary _________________________________ + py27: commands succeeded + SKIPPED: py34: InterpreterNotFound: python3.4 + py35: commands succeeded + congratulations :) + +Note: the test is performed using multiple versions of python. If you are +missing a version the test will be skipped with an **InterpreterNotFound +error**. diff --git a/wrapper/python/wolfssl/Vagrantfile b/wrapper/python/wolfssl/Vagrantfile new file mode 100644 index 000000000..e164331df --- /dev/null +++ b/wrapper/python/wolfssl/Vagrantfile @@ -0,0 +1,14 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : +BOX = "ubuntu" +VAGRANTFILE_API_VERSION = "2" + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + if BOX == "ubuntu" + config.vm.box = "ubuntu/trusty64" + config.vm.provision "shell", path: ".ubuntu-provisioner.sh" + else + config.vm.box = "moisesguimaraes/centos72-64" + config.vm.provision "shell", path: ".centos-provisioner.sh" + end +end diff --git a/wrapper/python/wolfssl/requirements-testing.txt b/wrapper/python/wolfssl/requirements-testing.txt new file mode 100644 index 000000000..61def5278 --- /dev/null +++ b/wrapper/python/wolfssl/requirements-testing.txt @@ -0,0 +1,3 @@ +pytest>=2.9.1 +cffi>=1.6.0 +tox>=2.3.1 diff --git a/wrapper/python/wolfssl/setup.py b/wrapper/python/wolfssl/setup.py new file mode 100755 index 000000000..6184e1bff --- /dev/null +++ b/wrapper/python/wolfssl/setup.py @@ -0,0 +1,55 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# Python 2.7 Standard Library +from __future__ import absolute_import +import os +import sys +from wolfssl.__about__ import metadata +from setuptools import setup, find_packages + +os.chdir(os.path.dirname(sys.argv[0]) or ".") + +long_description = open("README.rst", "rt").read().replace( + ".. include:: LICENSING.rst\n", + open("LICENSING.rst", "rt").read() +) + +info = dict( + metadata = {k[2:-2]: metadata[k] for k in metadata}, + contents = { + "long_description": long_description, + "package_data": {"": ["*.txt"]}, + "packages": find_packages(), + "cffi_modules": ["./wolfssl/build_ffi.py:ffi"], + }, + requirements = { + "setup_requires": ["cffi>=1.6.0"], + "install_requires": ["cffi>=1.6.0"], + }, + scripts = {}, + plugins = {}, + tests = {}, +) + +if __name__ == "__main__": + kwargs = {k:v for dct in info.values() for (k,v) in dct.items()} + setup(**kwargs) diff --git a/wrapper/python/wolfssl/tox.ini b/wrapper/python/wolfssl/tox.ini new file mode 100644 index 000000000..98ec7f995 --- /dev/null +++ b/wrapper/python/wolfssl/tox.ini @@ -0,0 +1,7 @@ +[tox] +envlist=py27,py34,py35 +skip_missing_interpreters=true + +[testenv] +deps=-rrequirements-testing.txt +commands=py.test test/ diff --git a/wrapper/python/wolfssl/wolfssl/__about__.py b/wrapper/python/wolfssl/wolfssl/__about__.py new file mode 100644 index 000000000..e5d3a9054 --- /dev/null +++ b/wrapper/python/wolfssl/wolfssl/__about__.py @@ -0,0 +1,45 @@ +# __about__.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +metadata = dict( + __name__ = "wolfssl", + __version__ = "0.1.0", + __license__ = "GPLv2 or Commercial License", + __author__ = "wolfSSL Inc.", + __author_email__ = "info@wolfssl.com", + __url__ = "https://wolfssl.github.io/wolfssl-py", + __description__ = \ + u"A Python module that encapsulates wolfSSL's C SSL/TLS library.", + __keywords__ = "security, cryptography, ssl, embedded, embedded ssl", + __classifiers__ = [ + u"License :: OSI Approved :: GNU General Public License v2 (GPLv2)", + u"License :: Other/Proprietary License", + u"Operating System :: OS Independent", + u"Programming Language :: Python :: 2.7", + u"Programming Language :: Python :: 3.5", + u"Topic :: Security", + u"Topic :: Security :: Cryptography", + u"Topic :: Software Development" + ] +) + +globals().update(metadata) + +__all__ = list(metadata.keys()) \ No newline at end of file diff --git a/wrapper/python/wolfssl/wolfssl/_exceptions.py b/wrapper/python/wolfssl/wolfssl/_exceptions.py new file mode 100644 index 000000000..0c04bbfab --- /dev/null +++ b/wrapper/python/wolfssl/wolfssl/_exceptions.py @@ -0,0 +1,77 @@ +# _exceptions.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +from socket import error as socket_error + + +class SSLError(socket_error): + ''' + Raised to signal an error from the wolfSSL's SSL/TLS library. This signifies + some problem in the higher-level encryption and authentication layer that’s + superimposed on the underlying network connection. This error is a subtype + of socket.error, which in turn is a subtype of IOError. The error code and + message of SSLError instances are provided by the wolfSSL library. + ''' + pass + + +class SSLZeroReturnError(SSLError): + ''' + A subclass of SSLError raised when trying to read or write and the SSL + connection has been closed cleanly. Note that this doesn’t mean that the + underlying transport (read TCP) has been closed. + ''' + pass + + +class SSLWantReadError(SSLError): + ''' + A subclass of SSLError raised by a non-blocking SSL socket when trying to + read or write data, but more data needs to be received on the underlying TCP + transport before the request can be fulfilled. + ''' + pass + + +class SSLWantWriteError(SSLError): + ''' + A subclass of SSLError raised by a non-blocking SSL socket when trying to + read or write data, but more data needs to be sent on the underlying TCP + transport before the request can be fulfilled. + ''' + pass + + +class SSLSyscallError(SSLError): + ''' + A subclass of SSLError raised when a system error was encountered while + trying to fulfill an operation on a SSL socket. Unfortunately, there is no + easy way to inspect the original errno number. + ''' + pass + + +class SSLEOFError(SSLError): + ''' + A subclass of SSLError raised when the SSL connection has been terminated + abruptly. Generally, you shouldn’t try to reuse the underlying transport + when this error is encountered. + ''' + pass From 8b0edafef355bb9776b604f32fd9c8495689cac3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 4 Sep 2016 19:05:48 -0300 Subject: [PATCH 02/47] adds build_ffI.py --- wrapper/python/wolfssl/wolfssl/build_ffi.py | 60 +++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 wrapper/python/wolfssl/wolfssl/build_ffi.py diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py new file mode 100644 index 000000000..4f5ca8e00 --- /dev/null +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -0,0 +1,60 @@ +# build_ffi.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import os + +from cffi import FFI + +ffi = FFI() + +ffi.set_source("wolfssl._ffi", + """ + #include + + #include + """, + include_dirs=["/usr/local/include"], + library_dirs=["/usr/local/lib"], + libraries=["wolfssl"], +) + +ffi.cdef( +""" + typedef unsigned char byte; + typedef unsigned int word32; + + typedef struct { ...; } WOLFSSL_METHOD; + typedef struct { ...; } WOLFSSL_CTX; + typedef struct { ...; } WOLFSSL; + + WOLFSSL_METHOD* wolfSSLv23_client_method(void); + WOLFSSL_METHOD* wolfSSLv23_server_method(void); + WOLFSSL_METHOD* wolfSSLv3_server_method(void); + WOLFSSL_METHOD* wolfSSLv3_client_method(void); + WOLFSSL_METHOD* wolfTLSv1_server_method(void); + WOLFSSL_METHOD* wolfTLSv1_client_method(void); + WOLFSSL_METHOD* wolfTLSv1_1_server_method(void); + WOLFSSL_METHOD* wolfTLSv1_1_client_method(void); + WOLFSSL_METHOD* wolfTLSv1_2_server_method(void); + WOLFSSL_METHOD* wolfTLSv1_2_client_method(void); +""" +) + +if __name__ == "__main__": + ffi.compile(verbose=1) From 7b884ad72a1d0e466725be21016f0c95c874ad8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 6 Sep 2016 00:31:59 -0300 Subject: [PATCH 03/47] removes non-ASCII chars from docs. --- wrapper/python/wolfssl/wolfssl/_exceptions.py | 30 +++++++++---------- wrapper/python/wolfssl/wolfssl/build_ffi.py | 21 ++++--------- 2 files changed, 21 insertions(+), 30 deletions(-) diff --git a/wrapper/python/wolfssl/wolfssl/_exceptions.py b/wrapper/python/wolfssl/wolfssl/_exceptions.py index 0c04bbfab..915d76426 100644 --- a/wrapper/python/wolfssl/wolfssl/_exceptions.py +++ b/wrapper/python/wolfssl/wolfssl/_exceptions.py @@ -22,56 +22,56 @@ from socket import error as socket_error class SSLError(socket_error): - ''' + """ Raised to signal an error from the wolfSSL's SSL/TLS library. This signifies - some problem in the higher-level encryption and authentication layer that’s + some problem in the higher-level encryption and authentication layer that's superimposed on the underlying network connection. This error is a subtype of socket.error, which in turn is a subtype of IOError. The error code and message of SSLError instances are provided by the wolfSSL library. - ''' + """ pass class SSLZeroReturnError(SSLError): - ''' + """ A subclass of SSLError raised when trying to read or write and the SSL - connection has been closed cleanly. Note that this doesn’t mean that the + connection has been closed cleanly. Note that this doesn't mean that the underlying transport (read TCP) has been closed. - ''' + """ pass class SSLWantReadError(SSLError): - ''' + """ A subclass of SSLError raised by a non-blocking SSL socket when trying to read or write data, but more data needs to be received on the underlying TCP transport before the request can be fulfilled. - ''' + """ pass class SSLWantWriteError(SSLError): - ''' + """ A subclass of SSLError raised by a non-blocking SSL socket when trying to read or write data, but more data needs to be sent on the underlying TCP transport before the request can be fulfilled. - ''' + """ pass class SSLSyscallError(SSLError): - ''' + """ A subclass of SSLError raised when a system error was encountered while trying to fulfill an operation on a SSL socket. Unfortunately, there is no easy way to inspect the original errno number. - ''' + """ pass class SSLEOFError(SSLError): - ''' + """ A subclass of SSLError raised when the SSL connection has been terminated - abruptly. Generally, you shouldn’t try to reuse the underlying transport + abruptly. Generally, you shouldn't try to reuse the underlying transport when this error is encountered. - ''' + """ pass diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 4f5ca8e00..0fed4feb8 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -26,7 +26,6 @@ ffi = FFI() ffi.set_source("wolfssl._ffi", """ #include - #include """, include_dirs=["/usr/local/include"], @@ -39,20 +38,12 @@ ffi.cdef( typedef unsigned char byte; typedef unsigned int word32; - typedef struct { ...; } WOLFSSL_METHOD; - typedef struct { ...; } WOLFSSL_CTX; - typedef struct { ...; } WOLFSSL; - - WOLFSSL_METHOD* wolfSSLv23_client_method(void); - WOLFSSL_METHOD* wolfSSLv23_server_method(void); - WOLFSSL_METHOD* wolfSSLv3_server_method(void); - WOLFSSL_METHOD* wolfSSLv3_client_method(void); - WOLFSSL_METHOD* wolfTLSv1_server_method(void); - WOLFSSL_METHOD* wolfTLSv1_client_method(void); - WOLFSSL_METHOD* wolfTLSv1_1_server_method(void); - WOLFSSL_METHOD* wolfTLSv1_1_client_method(void); - WOLFSSL_METHOD* wolfTLSv1_2_server_method(void); - WOLFSSL_METHOD* wolfTLSv1_2_client_method(void); + void* wolfTLSv1_server_method(void); + void* wolfTLSv1_client_method(void); + void* wolfTLSv1_1_server_method(void); + void* wolfTLSv1_1_client_method(void); + void* wolfTLSv1_2_server_method(void); + void* wolfTLSv1_2_client_method(void); """ ) From 0df897d4b9291de76be8afcce81aafaa6edf1672 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 13 Sep 2016 00:55:05 -0300 Subject: [PATCH 04/47] adds methods --- wrapper/python/wolfssl/.gitignore | 15 +++++++ wrapper/python/wolfssl/wolfssl/_methods.py | 47 +++++++++++++++++++++ wrapper/python/wolfssl/wolfssl/build_ffi.py | 13 +++--- 3 files changed, 69 insertions(+), 6 deletions(-) create mode 100644 wrapper/python/wolfssl/.gitignore create mode 100644 wrapper/python/wolfssl/wolfssl/_methods.py diff --git a/wrapper/python/wolfssl/.gitignore b/wrapper/python/wolfssl/.gitignore new file mode 100644 index 000000000..421703396 --- /dev/null +++ b/wrapper/python/wolfssl/.gitignore @@ -0,0 +1,15 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# Distribution +build/ +dist/ +.eggs/ +*.egg-info/ + +# Unit test +.tox/ +# Sphinx documentation +docs/_build/ diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/wolfssl/_methods.py new file mode 100644 index 000000000..0b13bc2b7 --- /dev/null +++ b/wrapper/python/wolfssl/wolfssl/_methods.py @@ -0,0 +1,47 @@ +# _methods.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +from wolfssl._ffi import ffi as _ffi +from wolfssl._ffi import lib as _lib + +PROTOCOL_SSLv23 = 1 +PROTOCOL_SSLv3 = 2 +PROTOCOL_TLSv1 = 3 +PROTOCOL_TLSv1_1 = 4 +PROTOCOL_TLSv1_2 = 5 + +_PROTOCOL_LIST = [PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLSv1, + PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2] + +class WolfSSLMethod: + def __init__(self, protocol, server_side): + if protocol not in _PROTOCOL_LIST: + raise ValueError("this protocol is not supported") + elif protocol is PROTOCOL_SSLv3: + raise ValueError("this protocol is not supported") + elif protocol is PROTOCOL_TLSv1: + raise ValueError("this protocol is not supported") + elif protocol is PROTOCOL_TLSv1_1: + raise ValueError("this protocol is not supported") + elif protocol is PROTOCOL_TLSv1_2: + self._method = _lib.wolfTLSv1_2_server_method() if server_side else\ + _lib.wolfTLSv1_2_client_method() + elif protocol is PROTOCOL_SSLv23: + self._method = _lib.wolfSSLv23_server_method() if server_side else \ + _lib.wolfSSLv23_client_method() diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 0fed4feb8..ac18e0b0a 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -38,12 +38,13 @@ ffi.cdef( typedef unsigned char byte; typedef unsigned int word32; - void* wolfTLSv1_server_method(void); - void* wolfTLSv1_client_method(void); - void* wolfTLSv1_1_server_method(void); - void* wolfTLSv1_1_client_method(void); - void* wolfTLSv1_2_server_method(void); - void* wolfTLSv1_2_client_method(void); + int wolfSSL_Init(void); + int wolfSSL_Cleanup(void); + + void *wolfSSLv23_server_method(void); + void *wolfSSLv23_client_method(void); + void *wolfTLSv1_2_server_method(void); + void *wolfTLSv1_2_client_method(void); """ ) From e06b17e170fde2000442f27552b149117d36e1b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Thu, 22 Sep 2016 12:27:20 -0300 Subject: [PATCH 05/47] adds methods and client tests; adds context creation; adds memory module; removes init and cleanup functions. --- wrapper/python/wolfssl/test/test_client.py | 45 +++++++++++++ wrapper/python/wolfssl/test/test_methods.py | 71 ++++++++++++++++++++ wrapper/python/wolfssl/wolfssl/_context.py | 74 +++++++++++++++++++++ wrapper/python/wolfssl/wolfssl/_memory.py | 29 ++++++++ wrapper/python/wolfssl/wolfssl/_methods.py | 44 +++++++++--- wrapper/python/wolfssl/wolfssl/build_ffi.py | 16 +++-- 6 files changed, 264 insertions(+), 15 deletions(-) create mode 100644 wrapper/python/wolfssl/test/test_client.py create mode 100644 wrapper/python/wolfssl/test/test_methods.py create mode 100644 wrapper/python/wolfssl/wolfssl/_context.py create mode 100644 wrapper/python/wolfssl/wolfssl/_memory.py diff --git a/wrapper/python/wolfssl/test/test_client.py b/wrapper/python/wolfssl/test/test_client.py new file mode 100644 index 000000000..f5e26061c --- /dev/null +++ b/wrapper/python/wolfssl/test/test_client.py @@ -0,0 +1,45 @@ +# test_client.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import unittest +import socket +import wolfssl +import ssl + +class SSLClientTest(unittest.TestCase): + ssl_provider = ssl + host = "www.google.com" + port = 443 + + def setUp(self): + self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + + def test_wrap_socket(self): + self.secure_sock = self.ssl_provider.wrap_socket( + self.sock, ssl_version=ssl.PROTOCOL_TLSv1_2) + self.secure_sock.connect((self.host, self.port)) + + self.secure_sock.send(b"GET / HTTP/1.1\n\n") + self.assertEquals(b"HTTP", self.secure_sock.recv(4)) + + self.secure_sock.close() + + +#class TestWolfSSL(SSLClientTest): +# ssl_provider = wolfssl diff --git a/wrapper/python/wolfssl/test/test_methods.py b/wrapper/python/wolfssl/test/test_methods.py new file mode 100644 index 000000000..7548ed6f6 --- /dev/null +++ b/wrapper/python/wolfssl/test/test_methods.py @@ -0,0 +1,71 @@ +# test_methods.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import unittest +from wolfssl._methods import * +from wolfssl._ffi import ffi as _ffi + + +class TestMethods(unittest.TestCase): + def test_SSLv3_raises(self): + self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_SSLv3, False) + self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_SSLv3, True) + + + def test_TLSv1_raises(self): + self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_TLSv1, False) + self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_TLSv1, True) + + + def test_TLSv1_1_raises(self): + self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_TLSv1_1, False) + self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_TLSv1_1, True) + + + def test_SSLv23_doesnt_raises(self): + client = WolfSSLMethod(PROTOCOL_SSLv23, False) + server = WolfSSLMethod(PROTOCOL_SSLv23, True) + + self.assertIsInstance(client, WolfSSLMethod) + self.assertIsInstance(server, WolfSSLMethod) + + self.assertNotEquals(client.native_object, _ffi.NULL) + self.assertNotEquals(server.native_object, _ffi.NULL) + + + def test_TLS_doesnt_raises(self): + client = WolfSSLMethod(PROTOCOL_TLS, False) + server = WolfSSLMethod(PROTOCOL_TLS, True) + + self.assertIsInstance(client, WolfSSLMethod) + self.assertIsInstance(server, WolfSSLMethod) + + self.assertNotEquals(client.native_object, _ffi.NULL) + self.assertNotEquals(server.native_object, _ffi.NULL) + + + def test_TLSv1_2_doesnt_raises(self): + client = WolfSSLMethod(PROTOCOL_TLSv1_2, False) + server = WolfSSLMethod(PROTOCOL_TLSv1_2, True) + + self.assertIsInstance(client, WolfSSLMethod) + self.assertIsInstance(server, WolfSSLMethod) + + self.assertNotEquals(client.native_object, _ffi.NULL) + self.assertNotEquals(server.native_object, _ffi.NULL) diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py new file mode 100644 index 000000000..d7335d1a1 --- /dev/null +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -0,0 +1,74 @@ +# _context.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +try: + from wolfssl._ffi import ffi as _ffi + from wolfssl._ffi import lib as _lib +except ImportError: + pass + +from wolfssl._methods import WolfSSLMethod + +CERT_NONE = 0 +CERT_OPTIONAL = 1 +CERT_REQUIRED = 2 + +class SSLContext: + """An SSLContext holds various SSL-related configuration options and + data, such as certificates and possibly a private key.""" + + + def __init__(self, protocol, server_side=False): + method = WolfSSLMethod(protocol, server_side) + + self.protocol = protocol + self._side = server_side + self.native_object = _lib.wolfSSL_CTX_new(method.native_object) + + # wolfSSL_CTX_new() takes ownership of the method. + # the method is freed later inside wolfSSL_CTX_free() + # or if wolfSSL_CTX_new() failed to allocate the context object. + method.native_object = None + + if self.native_object == _ffi.NULL: + raise MemoryError("Unnable to allocate context object") + + + def __del__(self): + if self.native_object is not None: + _lib.wolfSSL_CTX_free(self.native_object) + + +# def wrap_socket(self, sock, server_side=False, +# do_handshake_on_connect=True, +# suppress_ragged_eofs=True, +# server_hostname=None): +# return SSLSocket(sock=sock, server_side=server_side, +# do_handshake_on_connect=do_handshake_on_connect, +# suppress_ragged_eofs=suppress_ragged_eofs, +# server_hostname=server_hostname, +# _context=self) +# +# +# def load_cert_chain(self, certfile, keyfile=None, password=None): +# pass +# +# +# def load_verify_locations(self, cafile=None, capath=None, cadata=None): +# pass \ No newline at end of file diff --git a/wrapper/python/wolfssl/wolfssl/_memory.py b/wrapper/python/wolfssl/wolfssl/_memory.py new file mode 100644 index 000000000..809508a4f --- /dev/null +++ b/wrapper/python/wolfssl/wolfssl/_memory.py @@ -0,0 +1,29 @@ +# _memory.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +try: + from wolfssl._ffi import ffi as _ffi + from wolfssl._ffi import lib as _lib +except ImportError: + pass + +_DYNAMIC_TYPE_METHOD = 11 + +def _native_free(native_object, dynamic_type): + _lib.wolfSSL_Free(native_object, _ffi.NULL, dynamic_type) \ No newline at end of file diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/wolfssl/_methods.py index 0b13bc2b7..c5d7901e6 100644 --- a/wrapper/python/wolfssl/wolfssl/_methods.py +++ b/wrapper/python/wolfssl/wolfssl/_methods.py @@ -17,31 +17,57 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -from wolfssl._ffi import ffi as _ffi -from wolfssl._ffi import lib as _lib +try: + from wolfssl._ffi import ffi as _ffi + from wolfssl._ffi import lib as _lib +except ImportError: + pass + +from wolfssl._memory import ( + _native_free, _DYNAMIC_TYPE_METHOD +) + PROTOCOL_SSLv23 = 1 PROTOCOL_SSLv3 = 2 +PROTOCOL_TLS = 1 PROTOCOL_TLSv1 = 3 PROTOCOL_TLSv1_1 = 4 PROTOCOL_TLSv1_2 = 5 -_PROTOCOL_LIST = [PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLSv1, - PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2] +_PROTOCOL_LIST = [PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLS, + PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2] + class WolfSSLMethod: + def __init__(self, protocol, server_side): if protocol not in _PROTOCOL_LIST: raise ValueError("this protocol is not supported") + elif protocol is PROTOCOL_SSLv3: raise ValueError("this protocol is not supported") + elif protocol is PROTOCOL_TLSv1: raise ValueError("this protocol is not supported") + elif protocol is PROTOCOL_TLSv1_1: raise ValueError("this protocol is not supported") + elif protocol is PROTOCOL_TLSv1_2: - self._method = _lib.wolfTLSv1_2_server_method() if server_side else\ - _lib.wolfTLSv1_2_client_method() - elif protocol is PROTOCOL_SSLv23: - self._method = _lib.wolfSSLv23_server_method() if server_side else \ - _lib.wolfSSLv23_client_method() + self.native_object = \ + _lib.wolfTLSv1_2_server_method() if server_side else \ + _lib.wolfTLSv1_2_client_method() + + elif protocol in [PROTOCOL_SSLv23, PROTOCOL_TLS]: + self.native_object = \ + _lib.wolfSSLv23_server_method() if server_side else \ + _lib.wolfSSLv23_client_method() + + if self.native_object == _ffi.NULL: + raise MemoryError("Unnable to allocate method object") + + + def __del__(self): + if self.native_object is not None: + _native_free(self.native_object, _DYNAMIC_TYPE_METHOD) diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index ac18e0b0a..55cf3431f 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -27,6 +27,8 @@ ffi.set_source("wolfssl._ffi", """ #include #include + + void wolfSSL_Free(void *ptr, void* heap, int type); """, include_dirs=["/usr/local/include"], library_dirs=["/usr/local/lib"], @@ -38,13 +40,15 @@ ffi.cdef( typedef unsigned char byte; typedef unsigned int word32; - int wolfSSL_Init(void); - int wolfSSL_Cleanup(void); + void wolfSSL_Free(void *ptr, void* heap, int type); - void *wolfSSLv23_server_method(void); - void *wolfSSLv23_client_method(void); - void *wolfTLSv1_2_server_method(void); - void *wolfTLSv1_2_client_method(void); + void* wolfSSLv23_server_method(void); + void* wolfSSLv23_client_method(void); + void* wolfTLSv1_2_server_method(void); + void* wolfTLSv1_2_client_method(void); + + void* wolfSSL_CTX_new(void* method); + void wolfSSL_CTX_free(void* ctx); """ ) From 20cfbe399c5145a152673e026e5afe014bcd803b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 13 Nov 2016 10:01:45 -0300 Subject: [PATCH 06/47] fixes integer comparison and adds virtual env to ignored files. --- wrapper/python/wolfssl/.gitignore | 3 +++ wrapper/python/wolfssl/wolfssl/_methods.py | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/wrapper/python/wolfssl/.gitignore b/wrapper/python/wolfssl/.gitignore index 421703396..5e6f6f9bd 100644 --- a/wrapper/python/wolfssl/.gitignore +++ b/wrapper/python/wolfssl/.gitignore @@ -13,3 +13,6 @@ dist/ .tox/ # Sphinx documentation docs/_build/ + +# Virtual env +.env diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/wolfssl/_methods.py index c5d7901e6..ae0a03d9f 100644 --- a/wrapper/python/wolfssl/wolfssl/_methods.py +++ b/wrapper/python/wolfssl/wolfssl/_methods.py @@ -45,16 +45,16 @@ class WolfSSLMethod: if protocol not in _PROTOCOL_LIST: raise ValueError("this protocol is not supported") - elif protocol is PROTOCOL_SSLv3: + elif protocol == PROTOCOL_SSLv3: raise ValueError("this protocol is not supported") - elif protocol is PROTOCOL_TLSv1: + elif protocol == PROTOCOL_TLSv1: raise ValueError("this protocol is not supported") - elif protocol is PROTOCOL_TLSv1_1: + elif protocol == PROTOCOL_TLSv1_1: raise ValueError("this protocol is not supported") - elif protocol is PROTOCOL_TLSv1_2: + elif protocol == PROTOCOL_TLSv1_2: self.native_object = \ _lib.wolfTLSv1_2_server_method() if server_side else \ _lib.wolfTLSv1_2_client_method() From e1c01378c74a71a6ff1b13584494751a920f5b9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 13 Nov 2016 10:16:09 -0300 Subject: [PATCH 07/47] fixes ssl version in test to maintain backward compatibility. --- wrapper/python/wolfssl/test/test_client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wrapper/python/wolfssl/test/test_client.py b/wrapper/python/wolfssl/test/test_client.py index f5e26061c..e41e9df75 100644 --- a/wrapper/python/wolfssl/test/test_client.py +++ b/wrapper/python/wolfssl/test/test_client.py @@ -32,7 +32,7 @@ class SSLClientTest(unittest.TestCase): def test_wrap_socket(self): self.secure_sock = self.ssl_provider.wrap_socket( - self.sock, ssl_version=ssl.PROTOCOL_TLSv1_2) + self.sock, ssl_version=ssl.PROTOCOL_SSLv23) self.secure_sock.connect((self.host, self.port)) self.secure_sock.send(b"GET / HTTP/1.1\n\n") From c8ae6abb4346ad297d13f0725c33bae9b06463a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 13 Nov 2016 10:27:09 -0300 Subject: [PATCH 08/47] adds context functions. --- wrapper/python/wolfcrypt/.gitignore | 3 +++ wrapper/python/wolfssl/wolfssl/build_ffi.py | 10 +++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/wrapper/python/wolfcrypt/.gitignore b/wrapper/python/wolfcrypt/.gitignore index 421703396..5e6f6f9bd 100644 --- a/wrapper/python/wolfcrypt/.gitignore +++ b/wrapper/python/wolfcrypt/.gitignore @@ -13,3 +13,6 @@ dist/ .tox/ # Sphinx documentation docs/_build/ + +# Virtual env +.env diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 55cf3431f..10f54e0b5 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -40,15 +40,19 @@ ffi.cdef( typedef unsigned char byte; typedef unsigned int word32; - void wolfSSL_Free(void *ptr, void* heap, int type); + void wolfSSL_Free(void*, void*, int); void* wolfSSLv23_server_method(void); void* wolfSSLv23_client_method(void); void* wolfTLSv1_2_server_method(void); void* wolfTLSv1_2_client_method(void); - void* wolfSSL_CTX_new(void* method); - void wolfSSL_CTX_free(void* ctx); + void* wolfSSL_CTX_new(void*); + void wolfSSL_CTX_free(void*); + + int wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int); + int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*); + int wolfSSL_CTX_use_certificate_chain_file(void*, const char *); """ ) From bd146118794fbc3f1d391d71d344df544a59c4f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 13 Nov 2016 10:34:49 -0300 Subject: [PATCH 09/47] adds load_verify_locations and load_cert_chain implementations. --- wrapper/python/wolfssl/wolfssl/_context.py | 37 ++++++++++++++++++---- 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index d7335d1a1..47a84c988 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -24,11 +24,14 @@ except ImportError: pass from wolfssl._methods import WolfSSLMethod +from wolfssl._exceptions import * CERT_NONE = 0 CERT_OPTIONAL = 1 CERT_REQUIRED = 2 +_SSL_FILETYPE_PEM = 1 + class SSLContext: """An SSLContext holds various SSL-related configuration options and data, such as certificates and possibly a private key.""" @@ -66,9 +69,31 @@ class SSLContext: # _context=self) # # -# def load_cert_chain(self, certfile, keyfile=None, password=None): -# pass -# -# -# def load_verify_locations(self, cafile=None, capath=None, cadata=None): -# pass \ No newline at end of file + def load_cert_chain(self, certfile, keyfile=None, password=None): + if certfile: + ret = _lib.wolfSSL_CTX_use_certificate_chain_file( + self.native_object, certfile) + if ret != 0: + raise SSLError("Unnable to load certificate chain") + else: + raise TypeError( + "certfile needs to be string or buffer, NoneType found") + + if keyfile: + ret = _lib.wolfSSL_CTX_use_PrivateKey_file( + self.native_object, keyfile, _SSL_FILETYPE_PEM) + if ret != 0: + raise SSLError("Unnable to load private key") + + + def load_verify_locations(self, cafile=None, capath=None, cadata=None): + if cafile is None and capath is None: + raise SSLError("Unnable to load verify locations") + + ret = _lib.wolfSSL_CTX_load_verify_locations( + self.native_object, + cafile if cafile else _ffi.NULL, + capath if capath else _ffi.NULL) + + if ret != 0: + raise SSLError("Unnable to load verify locations") From 7201435f2d89c7aa4b1867046ca33d6a48ab787a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 13 Nov 2016 10:55:55 -0300 Subject: [PATCH 10/47] adds initial context tests. --- wrapper/python/wolfssl/test/test_context.py | 41 +++++++++++++++++++++ wrapper/python/wolfssl/wolfssl/_context.py | 7 ++-- 2 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 wrapper/python/wolfssl/test/test_context.py diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py new file mode 100644 index 000000000..0b2aaf0cc --- /dev/null +++ b/wrapper/python/wolfssl/test/test_context.py @@ -0,0 +1,41 @@ +# test_context.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import unittest +import wolfssl +import ssl + + +class TestSSLContext(unittest.TestCase): + provider = ssl + + def setUp(self): + self.ctx = self.provider.SSLContext(self.provider.PROTOCOL_SSLv23) + + def test_context_creation(self): + self.assertIsNotNone(self.ctx) + + def test_load_cert_chain(self): + self.assertRaises(TypeError, self.ctx.load_cert_chain, None) + + def test_load_verify_locations(self): + self.assertRaises(TypeError, self.ctx.load_verify_locations, None) + +class TestWolfSSLContext(TestSSLContext): + provider = wolfssl \ No newline at end of file diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index 47a84c988..4b318ff6e 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -76,8 +76,7 @@ class SSLContext: if ret != 0: raise SSLError("Unnable to load certificate chain") else: - raise TypeError( - "certfile needs to be string or buffer, NoneType found") + raise TypeError("certfile should be a valid filesystem path") if keyfile: ret = _lib.wolfSSL_CTX_use_PrivateKey_file( @@ -87,8 +86,8 @@ class SSLContext: def load_verify_locations(self, cafile=None, capath=None, cadata=None): - if cafile is None and capath is None: - raise SSLError("Unnable to load verify locations") + if cafile is None and capath is None and cadata is None: + raise TypeError("cafile, capath and cadata cannot be all omitted") ret = _lib.wolfSSL_CTX_load_verify_locations( self.native_object, From 760ddd14f52f6ba2b0f73b28f7ce4ec0af802ba2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 15 Nov 2016 12:56:35 -0300 Subject: [PATCH 11/47] fixes pylint warnings; adds more tests to load_verify_locations; fixes data type when calling C functions; fixes result verification when calling C functions. --- wrapper/python/wolfcrypt/wolfcrypt/utils.py | 22 ++++--- wrapper/python/wolfssl/test/test_client.py | 19 ++++--- wrapper/python/wolfssl/test/test_context.py | 12 +++- wrapper/python/wolfssl/test/test_methods.py | 25 ++++---- wrapper/python/wolfssl/wolfssl/_context.py | 63 ++++++++++++++------- wrapper/python/wolfssl/wolfssl/_methods.py | 12 ++-- wrapper/python/wolfssl/wolfssl/utils.py | 36 ++++++++++++ 7 files changed, 133 insertions(+), 56 deletions(-) create mode 100644 wrapper/python/wolfssl/wolfssl/utils.py diff --git a/wrapper/python/wolfcrypt/wolfcrypt/utils.py b/wrapper/python/wolfcrypt/wolfcrypt/utils.py index 34646ff8a..9f7369cb2 100644 --- a/wrapper/python/wolfcrypt/wolfcrypt/utils.py +++ b/wrapper/python/wolfcrypt/wolfcrypt/utils.py @@ -17,22 +17,20 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=unused-import, undefined-variable + import sys from binascii import hexlify as b2h, unhexlify as h2b +_PY3 = sys.version_info[0] == 3 +_TEXT_TYPE = str if _PY3 else unicode +_BINARY_TYPE = bytes if _PY3 else str -if sys.version_info[0] == 3: - _text_type = str - _binary_type = bytes -else: - _text_type = unicode - _binary_type = str - - -def t2b(s): +def t2b(string): """ Converts text to bynary. """ - if isinstance(s, _binary_type): - return s - return _text_type(s).encode("utf-8") + if isinstance(string, _BINARY_TYPE): + return string + return _TEXT_TYPE(string).encode("utf-8") diff --git a/wrapper/python/wolfssl/test/test_client.py b/wrapper/python/wolfssl/test/test_client.py index e41e9df75..2ee5c0e96 100644 --- a/wrapper/python/wolfssl/test/test_client.py +++ b/wrapper/python/wolfssl/test/test_client.py @@ -17,28 +17,31 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=missing-docstring, invalid-name, import-error + import unittest import socket -import wolfssl import ssl +# import wolfssl class SSLClientTest(unittest.TestCase): ssl_provider = ssl host = "www.google.com" port = 443 - + def setUp(self): self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) def test_wrap_socket(self): - self.secure_sock = self.ssl_provider.wrap_socket( - self.sock, ssl_version=ssl.PROTOCOL_SSLv23) - self.secure_sock.connect((self.host, self.port)) + secure_sock = self.ssl_provider.wrap_socket( + self.sock, ssl_version=ssl.PROTOCOL_SSLv23) + secure_sock.connect((self.host, self.port)) - self.secure_sock.send(b"GET / HTTP/1.1\n\n") - self.assertEquals(b"HTTP", self.secure_sock.recv(4)) + secure_sock.send(b"GET / HTTP/1.1\n\n") + self.assertEqual(b"HTTP", secure_sock.recv(4)) - self.secure_sock.close() + secure_sock.close() #class TestWolfSSL(SSLClientTest): diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 0b2aaf0cc..6e931b8fd 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -17,9 +17,12 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=missing-docstring, invalid-name, import-error + import unittest -import wolfssl import ssl +import wolfssl class TestSSLContext(unittest.TestCase): @@ -34,8 +37,11 @@ class TestSSLContext(unittest.TestCase): def test_load_cert_chain(self): self.assertRaises(TypeError, self.ctx.load_cert_chain, None) - def test_load_verify_locations(self): + def test_load_verify_locations_raises(self): self.assertRaises(TypeError, self.ctx.load_verify_locations, None) + def test_load_verify_locations_with_cafile(self): + self.ctx.load_verify_locations(cafile="../../../certs/ca-cert.pem") + class TestWolfSSLContext(TestSSLContext): - provider = wolfssl \ No newline at end of file + provider = wolfssl diff --git a/wrapper/python/wolfssl/test/test_methods.py b/wrapper/python/wolfssl/test/test_methods.py index 7548ed6f6..f49de4648 100644 --- a/wrapper/python/wolfssl/test/test_methods.py +++ b/wrapper/python/wolfssl/test/test_methods.py @@ -17,8 +17,13 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=missing-docstring, invalid-name, import-error + import unittest -from wolfssl._methods import * +from wolfssl._methods import (WolfSSLMethod, PROTOCOL_SSLv3, PROTOCOL_SSLv23, + PROTOCOL_TLS, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, + PROTOCOL_TLSv1_2) from wolfssl._ffi import ffi as _ffi @@ -41,31 +46,31 @@ class TestMethods(unittest.TestCase): def test_SSLv23_doesnt_raises(self): client = WolfSSLMethod(PROTOCOL_SSLv23, False) server = WolfSSLMethod(PROTOCOL_SSLv23, True) - + self.assertIsInstance(client, WolfSSLMethod) self.assertIsInstance(server, WolfSSLMethod) - self.assertNotEquals(client.native_object, _ffi.NULL) - self.assertNotEquals(server.native_object, _ffi.NULL) + self.assertNotEqual(client.native_object, _ffi.NULL) + self.assertNotEqual(server.native_object, _ffi.NULL) def test_TLS_doesnt_raises(self): client = WolfSSLMethod(PROTOCOL_TLS, False) server = WolfSSLMethod(PROTOCOL_TLS, True) - + self.assertIsInstance(client, WolfSSLMethod) self.assertIsInstance(server, WolfSSLMethod) - self.assertNotEquals(client.native_object, _ffi.NULL) - self.assertNotEquals(server.native_object, _ffi.NULL) + self.assertNotEqual(client.native_object, _ffi.NULL) + self.assertNotEqual(server.native_object, _ffi.NULL) def test_TLSv1_2_doesnt_raises(self): client = WolfSSLMethod(PROTOCOL_TLSv1_2, False) server = WolfSSLMethod(PROTOCOL_TLSv1_2, True) - + self.assertIsInstance(client, WolfSSLMethod) self.assertIsInstance(server, WolfSSLMethod) - self.assertNotEquals(client.native_object, _ffi.NULL) - self.assertNotEquals(server.native_object, _ffi.NULL) + self.assertNotEqual(client.native_object, _ffi.NULL) + self.assertNotEqual(server.native_object, _ffi.NULL) diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index 4b318ff6e..1662aace2 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -24,26 +24,29 @@ except ImportError: pass from wolfssl._methods import WolfSSLMethod -from wolfssl._exceptions import * +from wolfssl._exceptions import SSLError +from wolfssl.utils import t2b -CERT_NONE = 0 +CERT_NONE = 0 CERT_OPTIONAL = 1 CERT_REQUIRED = 2 +_SSL_SUCCESS = 1 _SSL_FILETYPE_PEM = 1 class SSLContext: - """An SSLContext holds various SSL-related configuration options and - data, such as certificates and possibly a private key.""" - + """ + An SSLContext holds various SSL-related configuration options and + data, such as certificates and possibly a private key. + """ def __init__(self, protocol, server_side=False): method = WolfSSLMethod(protocol, server_side) - - self.protocol = protocol - self._side = server_side + + self.protocol = protocol + self._side = server_side self.native_object = _lib.wolfSSL_CTX_new(method.native_object) - + # wolfSSL_CTX_new() takes ownership of the method. # the method is freed later inside wolfSSL_CTX_free() # or if wolfSSL_CTX_new() failed to allocate the context object. @@ -70,29 +73,51 @@ class SSLContext: # # def load_cert_chain(self, certfile, keyfile=None, password=None): + """ + Load a private key and the corresponding certificate. The certfile + string must be the path to a single file in PEM format containing + the certificate as well as any number of CA certificates needed to + establish the certificate’s authenticity. + + The keyfile string, if present, must point to a file containing the + private key in. + """ + if certfile: ret = _lib.wolfSSL_CTX_use_certificate_chain_file( - self.native_object, certfile) - if ret != 0: + self.native_object, t2b(certfile)) + if ret != _SSL_SUCCESS: raise SSLError("Unnable to load certificate chain") else: raise TypeError("certfile should be a valid filesystem path") if keyfile: ret = _lib.wolfSSL_CTX_use_PrivateKey_file( - self.native_object, keyfile, _SSL_FILETYPE_PEM) - if ret != 0: + self.native_object, t2b(keyfile), _SSL_FILETYPE_PEM) + if ret != _SSL_SUCCESS: raise SSLError("Unnable to load private key") def load_verify_locations(self, cafile=None, capath=None, cadata=None): - if cafile is None and capath is None and cadata is None: - raise TypeError("cafile, capath and cadata cannot be all omitted") + """ + Load a set of “certification authority” (CA) certificates used to + validate other peers’ certificates when verify_mode is other than + CERT_NONE. At least one of cafile or capath must be specified. + + The cafile string, if present, is the path to a file of concatenated + CA certificates in PEM format. + + The capath string, if present, is the path to a directory containing + several CA certificates in PEM format. + """ + + if cafile is None and capath is None: + raise TypeError("cafile and capath cannot be all omitted") ret = _lib.wolfSSL_CTX_load_verify_locations( self.native_object, - cafile if cafile else _ffi.NULL, - capath if capath else _ffi.NULL) + t2b(cafile) if cafile else _ffi.NULL, + t2b(capath) if capath else _ffi.NULL) - if ret != 0: - raise SSLError("Unnable to load verify locations") + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to load verify locations. Error: %d" % ret) diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/wolfssl/_methods.py index ae0a03d9f..0d929aa9d 100644 --- a/wrapper/python/wolfssl/wolfssl/_methods.py +++ b/wrapper/python/wolfssl/wolfssl/_methods.py @@ -28,10 +28,10 @@ from wolfssl._memory import ( ) -PROTOCOL_SSLv23 = 1 -PROTOCOL_SSLv3 = 2 -PROTOCOL_TLS = 1 -PROTOCOL_TLSv1 = 3 +PROTOCOL_SSLv23 = 1 +PROTOCOL_SSLv3 = 2 +PROTOCOL_TLS = 1 +PROTOCOL_TLSv1 = 3 PROTOCOL_TLSv1_1 = 4 PROTOCOL_TLSv1_2 = 5 @@ -40,6 +40,10 @@ _PROTOCOL_LIST = [PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLS, class WolfSSLMethod: + """ + An SSLMethod holds SSL-related configuration options such as + protocol version and communication side. + """ def __init__(self, protocol, server_side): if protocol not in _PROTOCOL_LIST: diff --git a/wrapper/python/wolfssl/wolfssl/utils.py b/wrapper/python/wolfssl/wolfssl/utils.py new file mode 100644 index 000000000..9f7369cb2 --- /dev/null +++ b/wrapper/python/wolfssl/wolfssl/utils.py @@ -0,0 +1,36 @@ +# utils.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=unused-import, undefined-variable + +import sys +from binascii import hexlify as b2h, unhexlify as h2b + +_PY3 = sys.version_info[0] == 3 +_TEXT_TYPE = str if _PY3 else unicode +_BINARY_TYPE = bytes if _PY3 else str + +def t2b(string): + """ + Converts text to bynary. + """ + if isinstance(string, _BINARY_TYPE): + return string + return _TEXT_TYPE(string).encode("utf-8") From 015ffecbab6e4fb66425aec9a8b8755b3496ebf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 15 Nov 2016 14:53:42 -0300 Subject: [PATCH 12/47] fixes unicode quotes and adds load_cert_chain test. --- wrapper/python/wolfssl/test/test_context.py | 6 +++++- wrapper/python/wolfssl/wolfssl/_context.py | 10 +++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 6e931b8fd..4c479b49d 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -34,9 +34,13 @@ class TestSSLContext(unittest.TestCase): def test_context_creation(self): self.assertIsNotNone(self.ctx) - def test_load_cert_chain(self): + def test_load_cert_chain_raises(self): self.assertRaises(TypeError, self.ctx.load_cert_chain, None) + def test_load_cert_chain(self): + self.ctx.load_cert_chain("../../../certs/client-cert.pem", + "../../../certs/client-key.pem") + def test_load_verify_locations_raises(self): self.assertRaises(TypeError, self.ctx.load_verify_locations, None) diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index 1662aace2..36fab9d86 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -18,8 +18,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA try: - from wolfssl._ffi import ffi as _ffi - from wolfssl._ffi import lib as _lib + from wolfssl._ffi import ffi as _ffi + from wolfssl._ffi import lib as _lib except ImportError: pass @@ -77,7 +77,7 @@ class SSLContext: Load a private key and the corresponding certificate. The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to - establish the certificate’s authenticity. + establish the certificate's authenticity. The keyfile string, if present, must point to a file containing the private key in. @@ -100,8 +100,8 @@ class SSLContext: def load_verify_locations(self, cafile=None, capath=None, cadata=None): """ - Load a set of “certification authority” (CA) certificates used to - validate other peers’ certificates when verify_mode is other than + Load a set of "certification authority" (CA) certificates used to + validate other peers' certificates when verify_mode is other than CERT_NONE. At least one of cafile or capath must be specified. The cafile string, if present, is the path to a file of concatenated From c0b59a585b5326cf4930b792c166ab5cdd0ed636 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 21 Nov 2016 22:16:01 -0300 Subject: [PATCH 13/47] adds support for buffered ca certificates --- wrapper/python/wolfssl/test/test_context.py | 97 +++++++++++++++++++++ wrapper/python/wolfssl/wolfssl/_context.py | 24 +++-- wrapper/python/wolfssl/wolfssl/build_ffi.py | 1 + 3 files changed, 114 insertions(+), 8 deletions(-) diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 4c479b49d..84e3203d8 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -20,10 +20,100 @@ # pylint: disable=missing-docstring, invalid-name, import-error +import sys import unittest import ssl import wolfssl +_CADATA = """" +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b7:b6:90:33:66:1b:6b:23 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B7:B6:90:33:66:1B:6B:23 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +-----END CERTIFICATE----- +""" class TestSSLContext(unittest.TestCase): provider = ssl @@ -47,5 +137,12 @@ class TestSSLContext(unittest.TestCase): def test_load_verify_locations_with_cafile(self): self.ctx.load_verify_locations(cafile="../../../certs/ca-cert.pem") + def test_load_verify_locations_with_cadata(self): + if self.provider is ssl and sys.version_info[0] == 2: + # this test doesn't works for provider ssl in python 2 + return + + self.ctx.load_verify_locations(cadata=_CADATA) + class TestWolfSSLContext(TestSSLContext): provider = wolfssl diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index 36fab9d86..c3ea40aea 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -111,13 +111,21 @@ class SSLContext: several CA certificates in PEM format. """ - if cafile is None and capath is None: - raise TypeError("cafile and capath cannot be all omitted") + if cafile is None and capath is None and cadata is None: + raise TypeError("cafile, capath and cadata cannot be all omitted") - ret = _lib.wolfSSL_CTX_load_verify_locations( - self.native_object, - t2b(cafile) if cafile else _ffi.NULL, - t2b(capath) if capath else _ffi.NULL) + if cafile or capath: + ret = _lib.wolfSSL_CTX_load_verify_locations( + self.native_object, + t2b(cafile) if cafile else _ffi.NULL, + t2b(capath) if capath else _ffi.NULL) - if ret != _SSL_SUCCESS: - raise SSLError("Unnable to load verify locations. Error: %d" % ret) + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to load verify locations. Err %d" % ret) + + if cadata: + ret = _lib.wolfSSL_CTX_load_verify_buffer( + self.native_object, t2b(cadata), len(cadata), _SSL_FILETYPE_PEM) + + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to load verify locations. Err %d" % ret) diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 10f54e0b5..134562e33 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -52,6 +52,7 @@ ffi.cdef( int wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int); int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*); + int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int); int wolfSSL_CTX_use_certificate_chain_file(void*, const char *); """ ) From 0ed0672b16861aa52f3f69a821e1e4cb8c6f984c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 22 Nov 2016 10:31:14 -0300 Subject: [PATCH 14/47] fixes pylint warnings --- wrapper/python/wolfssl/setup.py | 36 ++++++++------- wrapper/python/wolfssl/test/test_context.py | 2 + wrapper/python/wolfssl/wolfssl/__about__.py | 46 ++++++++++--------- wrapper/python/wolfssl/wolfssl/_context.py | 2 + wrapper/python/wolfssl/wolfssl/_exceptions.py | 2 + wrapper/python/wolfssl/wolfssl/_memory.py | 2 + wrapper/python/wolfssl/wolfssl/_methods.py | 2 + wrapper/python/wolfssl/wolfssl/build_ffi.py | 2 + wrapper/python/wolfssl/wolfssl/utils.py | 2 + 9 files changed, 57 insertions(+), 39 deletions(-) diff --git a/wrapper/python/wolfssl/setup.py b/wrapper/python/wolfssl/setup.py index 6184e1bff..efe61401f 100755 --- a/wrapper/python/wolfssl/setup.py +++ b/wrapper/python/wolfssl/setup.py @@ -1,6 +1,8 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- # +# setup.py +# # Copyright (C) 2006-2016 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) @@ -23,33 +25,33 @@ from __future__ import absolute_import import os import sys -from wolfssl.__about__ import metadata +from wolfssl.__about__ import METADATA from setuptools import setup, find_packages os.chdir(os.path.dirname(sys.argv[0]) or ".") -long_description = open("README.rst", "rt").read().replace( +LONG_DESCRIPTION = open("README.rst", "rt").read().replace( ".. include:: LICENSING.rst\n", open("LICENSING.rst", "rt").read() ) -info = dict( - metadata = {k[2:-2]: metadata[k] for k in metadata}, - contents = { - "long_description": long_description, - "package_data": {"": ["*.txt"]}, - "packages": find_packages(), - "cffi_modules": ["./wolfssl/build_ffi.py:ffi"], +INFO = dict( + metadata={k[2:-2]: METADATA[k] for k in METADATA}, + contents={ + "long_description" : LONG_DESCRIPTION, + "package_data" : {"": ["*.txt"]}, + "packages" : find_packages(), + "cffi_modules" : ["./wolfssl/build_ffi.py:ffi"], }, - requirements = { - "setup_requires": ["cffi>=1.6.0"], - "install_requires": ["cffi>=1.6.0"], + requirements={ + "setup_requires" : ["cffi>=1.6.0"], + "install_requires" : ["cffi>=1.6.0"], }, - scripts = {}, - plugins = {}, - tests = {}, + scripts={}, + plugins={}, + tests={}, ) if __name__ == "__main__": - kwargs = {k:v for dct in info.values() for (k,v) in dct.items()} - setup(**kwargs) + KWARGS = {k:v for dct in INFO.values() for (k, v) in dct.items()} + setup(**KWARGS) diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 84e3203d8..821259c1f 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # test_context.py # # Copyright (C) 2006-2016 wolfSSL Inc. diff --git a/wrapper/python/wolfssl/wolfssl/__about__.py b/wrapper/python/wolfssl/wolfssl/__about__.py index e5d3a9054..7dc0b77b7 100644 --- a/wrapper/python/wolfssl/wolfssl/__about__.py +++ b/wrapper/python/wolfssl/wolfssl/__about__.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # __about__.py # # Copyright (C) 2006-2016 wolfSSL Inc. @@ -18,28 +20,28 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -metadata = dict( - __name__ = "wolfssl", - __version__ = "0.1.0", - __license__ = "GPLv2 or Commercial License", - __author__ = "wolfSSL Inc.", - __author_email__ = "info@wolfssl.com", - __url__ = "https://wolfssl.github.io/wolfssl-py", - __description__ = \ - u"A Python module that encapsulates wolfSSL's C SSL/TLS library.", - __keywords__ = "security, cryptography, ssl, embedded, embedded ssl", - __classifiers__ = [ - u"License :: OSI Approved :: GNU General Public License v2 (GPLv2)", - u"License :: Other/Proprietary License", - u"Operating System :: OS Independent", - u"Programming Language :: Python :: 2.7", - u"Programming Language :: Python :: 3.5", - u"Topic :: Security", - u"Topic :: Security :: Cryptography", - u"Topic :: Software Development" - ] +METADATA = dict( + __name__="wolfssl", + __version__="0.1.0", + __license__="GPLv2 or Commercial License", + __author__="wolfSSL Inc.", + __author_email__="info@wolfssl.com", + __url__="https://wolfssl.github.io/wolfssl-py", + __description__= \ + u"A Python module that encapsulates wolfSSL's C SSL/TLS library.", + __keywords__="security, cryptography, ssl, embedded, embedded ssl", + __classifiers__=[ + u"License :: OSI Approved :: GNU General Public License v2 (GPLv2)", + u"License :: Other/Proprietary License", + u"Operating System :: OS Independent", + u"Programming Language :: Python :: 2.7", + u"Programming Language :: Python :: 3.5", + u"Topic :: Security", + u"Topic :: Security :: Cryptography", + u"Topic :: Software Development" + ] ) -globals().update(metadata) +globals().update(METADATA) -__all__ = list(metadata.keys()) \ No newline at end of file +__all__ = list(METADATA.keys()) diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index c3ea40aea..41ce3c45f 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # _context.py # # Copyright (C) 2006-2016 wolfSSL Inc. diff --git a/wrapper/python/wolfssl/wolfssl/_exceptions.py b/wrapper/python/wolfssl/wolfssl/_exceptions.py index 915d76426..1af6a76ba 100644 --- a/wrapper/python/wolfssl/wolfssl/_exceptions.py +++ b/wrapper/python/wolfssl/wolfssl/_exceptions.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # _exceptions.py # # Copyright (C) 2006-2016 wolfSSL Inc. diff --git a/wrapper/python/wolfssl/wolfssl/_memory.py b/wrapper/python/wolfssl/wolfssl/_memory.py index 809508a4f..7fd541cd3 100644 --- a/wrapper/python/wolfssl/wolfssl/_memory.py +++ b/wrapper/python/wolfssl/wolfssl/_memory.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # _memory.py # # Copyright (C) 2006-2016 wolfSSL Inc. diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/wolfssl/_methods.py index 0d929aa9d..cc493ea28 100644 --- a/wrapper/python/wolfssl/wolfssl/_methods.py +++ b/wrapper/python/wolfssl/wolfssl/_methods.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # _methods.py # # Copyright (C) 2006-2016 wolfSSL Inc. diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 134562e33..01a5e3666 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # build_ffi.py # # Copyright (C) 2006-2016 wolfSSL Inc. diff --git a/wrapper/python/wolfssl/wolfssl/utils.py b/wrapper/python/wolfssl/wolfssl/utils.py index 9f7369cb2..2c6232381 100644 --- a/wrapper/python/wolfssl/wolfssl/utils.py +++ b/wrapper/python/wolfssl/wolfssl/utils.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # utils.py # # Copyright (C) 2006-2016 wolfSSL Inc. From 8eec3cb8745fc115ff611484653014327f8148bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 22 Nov 2016 11:56:39 -0300 Subject: [PATCH 15/47] adds initial code for SSLSocket --- wrapper/python/wolfssl/test/test_client.py | 2 + wrapper/python/wolfssl/test/test_methods.py | 2 + wrapper/python/wolfssl/wolfssl/__init__.py | 123 ++++++++++++++++++ wrapper/python/wolfssl/wolfssl/_exceptions.py | 7 + wrapper/python/wolfssl/wolfssl/_memory.py | 2 +- wrapper/python/wolfssl/wolfssl/_socket.py | 30 +++++ 6 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 wrapper/python/wolfssl/wolfssl/__init__.py create mode 100644 wrapper/python/wolfssl/wolfssl/_socket.py diff --git a/wrapper/python/wolfssl/test/test_client.py b/wrapper/python/wolfssl/test/test_client.py index 2ee5c0e96..254f84427 100644 --- a/wrapper/python/wolfssl/test/test_client.py +++ b/wrapper/python/wolfssl/test/test_client.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # test_client.py # # Copyright (C) 2006-2016 wolfSSL Inc. diff --git a/wrapper/python/wolfssl/test/test_methods.py b/wrapper/python/wolfssl/test/test_methods.py index f49de4648..dc902db36 100644 --- a/wrapper/python/wolfssl/test/test_methods.py +++ b/wrapper/python/wolfssl/test/test_methods.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# # test_methods.py # # Copyright (C) 2006-2016 wolfSSL Inc. diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/wolfssl/__init__.py new file mode 100644 index 000000000..2a526a888 --- /dev/null +++ b/wrapper/python/wolfssl/wolfssl/__init__.py @@ -0,0 +1,123 @@ +# -*- coding: utf-8 -*- +# +# __init__.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +from wolfssl._methods import ( + PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLSv1, + PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2, PROTOCOL_TLS +) + +from wolfssl._context import ( + SSLContext, CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +) + +from wolfssl._socket import SSLSocket + +from wolfssl._exceptions import ( + CertificateError, SSLError, SSLEOFError, SSLSyscallError, + SSLWantReadError, SSLWantWriteError, SSLZeroReturnError +) + +from wolfssl.__about__ import ( + __all__, METADATA +) + +globals().update(METADATA) + +def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, + cert_reqs=CERT_NONE, ssl_version=PROTOCOL_TLS, ca_certs=None, + do_handshake_on_connect=True, suppress_ragged_eofs=True, + ciphers=None): + """ + Takes an instance sock of socket.socket, and returns an instance of + wolfssl.SSLSocket, a subtype of socket.socket, which wraps the underlying + socket in an SSL context. sock must be a SOCK_STREAM socket; other socket + types are unsupported. + + For client-side sockets, the context construction is lazy; if the underlying + socket isn’t connected yet, the context construction will be performed after + connect() is called on the socket. For server-side sockets, if the socket + has no remote peer, it is assumed to be a listening socket, and the + server-side SSL wrapping is automatically performed on client connections + accepted via the accept() method. wrap_socket() may raise SSLError. + + The keyfile and certfile parameters specify optional files which contain a + certificate to be used to identify the local side of the connection. + + The parameter server_side is a boolean which identifies whether server-side + or client-side behavior is desired from this socket. + + The parameter cert_reqs specifies whether a certificate is required from the + other side of the connection, and whether it will be validated if provided. + It must be one of the three values: + CERT_NONE (certificates ignored) + CERT_OPTIONAL (not required, but validated if provided) + CERT_REQUIRED (required and validated) + + If the value of this parameter is not CERT_NONE, then the ca_certs parameter + must point to a file of CA certificates. + + The ca_certs file contains a set of concatenated “certification authority” + certificates, which are used to validate certificates passed from the other + end of the connection. + + The parameter ssl_version specifies which version of the SSL protocol to + use. Typically, the server chooses a particular protocol version, and the + client must adapt to the server’s choice. Most of the versions are not + interoperable with the other versions. If not specified, the default is + PROTOCOL_TLS; it provides the most compatibility with other versions. + + Here’s a table showing which versions in a client (down the side) can + connect to which versions in a server (along the top): + + | client \\ server | SSLv3 | TLS | TLSv1 | TLSv1.1 | TLSv1.2 | + | SSLv3 | yes | yes | no | no | no | + | TLS (SSLv23) | yes | yes | yes | yes | yes | + | TLSv1 | no | yes | yes | no | no | + | TLSv1.1 | no | yes | no | yes | no | + | TLSv1.2 | no | yes | no | no | yes | + + Note: + Which connections succeed will vary depending on the versions of the ssl + providers on both sides of the communication. + + The ciphers parameter sets the available ciphers for this SSL object. It + should be a string in the wolfSSL cipher list format. + + The parameter do_handshake_on_connect specifies whether to do the SSL + handshake automatically after doing a socket.connect(), or whether the + application program will call it explicitly, by invoking the + SSLSocket.do_handshake() method. Calling SSLSocket.do_handshake() explicitly + gives the program control over the blocking behavior of the socket I/O + involved in the handshake. + + The parameter suppress_ragged_eofs specifies how the SSLSocket.recv() method + should signal unexpected EOF from the other end of the connection. If + specified as True (the default), it returns a normal EOF (an empty bytes + object) in response to unexpected EOF errors raised from the underlying + socket; if False, it will raise the exceptions back to the caller. + """ + return SSLSocket(sock=sock, keyfile=keyfile, certfile=certfile, + server_side=server_side, cert_reqs=cert_reqs, + ssl_version=ssl_version, ca_certs=ca_certs, + do_handshake_on_connect=do_handshake_on_connect, + suppress_ragged_eofs=suppress_ragged_eofs, + ciphers=ciphers) diff --git a/wrapper/python/wolfssl/wolfssl/_exceptions.py b/wrapper/python/wolfssl/wolfssl/_exceptions.py index 1af6a76ba..87e38dccc 100644 --- a/wrapper/python/wolfssl/wolfssl/_exceptions.py +++ b/wrapper/python/wolfssl/wolfssl/_exceptions.py @@ -77,3 +77,10 @@ class SSLEOFError(SSLError): when this error is encountered. """ pass + +class CertificateError(ValueError): + """ + Raised to signal an error with a certificate (such as mismatching hostname). + Certificate errors detected by wolfSSL, though, raise an SSLError. + """ + pass diff --git a/wrapper/python/wolfssl/wolfssl/_memory.py b/wrapper/python/wolfssl/wolfssl/_memory.py index 7fd541cd3..e272b7ac8 100644 --- a/wrapper/python/wolfssl/wolfssl/_memory.py +++ b/wrapper/python/wolfssl/wolfssl/_memory.py @@ -28,4 +28,4 @@ except ImportError: _DYNAMIC_TYPE_METHOD = 11 def _native_free(native_object, dynamic_type): - _lib.wolfSSL_Free(native_object, _ffi.NULL, dynamic_type) \ No newline at end of file + _lib.wolfSSL_Free(native_object, _ffi.NULL, dynamic_type) diff --git a/wrapper/python/wolfssl/wolfssl/_socket.py b/wrapper/python/wolfssl/wolfssl/_socket.py new file mode 100644 index 000000000..d6a7cf166 --- /dev/null +++ b/wrapper/python/wolfssl/wolfssl/_socket.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# +# _socket.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import socket + +class SSLSocket(socket.socket): + """ + This class implements a subtype of socket.socket that wraps + the underlying OS socket in an SSL context when necessary, and + provides read and write methods over that channel. + """ + pass From 368f2baf88fba2df46cc0643eedff4ccd392b52c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 5 Dec 2016 19:15:08 -0300 Subject: [PATCH 16/47] adds verify_mode to context --- wrapper/python/wolfssl/test/test_context.py | 7 +++++ wrapper/python/wolfssl/wolfssl/_context.py | 31 ++++++++++++++++++++- wrapper/python/wolfssl/wolfssl/_methods.py | 2 +- wrapper/python/wolfssl/wolfssl/build_ffi.py | 23 +++++++-------- 4 files changed, 50 insertions(+), 13 deletions(-) diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 821259c1f..1ec774989 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -125,6 +125,13 @@ class TestSSLContext(unittest.TestCase): def test_context_creation(self): self.assertIsNotNone(self.ctx) + self.assertEqual(self.ctx.verify_mode, self.provider.CERT_NONE) + + self.ctx.verify_mode = self.provider.CERT_OPTIONAL + self.assertEqual(self.ctx.verify_mode, self.provider.CERT_OPTIONAL) + + self.ctx.verify_mode = self.provider.CERT_REQUIRED + self.assertEqual(self.ctx.verify_mode, self.provider.CERT_REQUIRED) def test_load_cert_chain_raises(self): self.assertRaises(TypeError, self.ctx.load_cert_chain, None) diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index 41ce3c45f..d58a57268 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -33,10 +33,12 @@ CERT_NONE = 0 CERT_OPTIONAL = 1 CERT_REQUIRED = 2 +_VERIFY_MODE_LIST = [CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED] + _SSL_SUCCESS = 1 _SSL_FILETYPE_PEM = 1 -class SSLContext: +class SSLContext(object): """ An SSLContext holds various SSL-related configuration options and data, such as certificates and possibly a private key. @@ -47,6 +49,7 @@ class SSLContext: self.protocol = protocol self._side = server_side + self._verify_mode = None self.native_object = _lib.wolfSSL_CTX_new(method.native_object) # wolfSSL_CTX_new() takes ownership of the method. @@ -57,12 +60,38 @@ class SSLContext: if self.native_object == _ffi.NULL: raise MemoryError("Unnable to allocate context object") + # verify_mode initialization needs a valid native_object. + self.verify_mode = CERT_NONE + def __del__(self): if self.native_object is not None: _lib.wolfSSL_CTX_free(self.native_object) + @property + def verify_mode(self): + """ + Whether to try to verify other peers’ certificates and how to behave + if verification fails. This attribute must be one of CERT_NONE, + CERT_OPTIONAL or CERT_REQUIRED. + """ + return self._verify_mode + + + @verify_mode.setter + def verify_mode(self, value): + if value not in _VERIFY_MODE_LIST: + raise ValueError("verify_mode must be one of CERT_NONE, " + "CERT_OPTIONAL or CERT_REQUIRED") + + if value != self._verify_mode: + self._verify_mode = value + _lib.wolfSSL_CTX_set_verify(self.native_object, + self._verify_mode, + _ffi.NULL) + + # def wrap_socket(self, sock, server_side=False, # do_handshake_on_connect=True, # suppress_ragged_eofs=True, diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/wolfssl/_methods.py index cc493ea28..c97ccaddb 100644 --- a/wrapper/python/wolfssl/wolfssl/_methods.py +++ b/wrapper/python/wolfssl/wolfssl/_methods.py @@ -41,7 +41,7 @@ _PROTOCOL_LIST = [PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLS, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2] -class WolfSSLMethod: +class WolfSSLMethod(object): """ An SSLMethod holds SSL-related configuration options such as protocol version and communication side. diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 01a5e3666..570973207 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -19,18 +19,18 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -import os from cffi import FFI ffi = FFI() -ffi.set_source("wolfssl._ffi", +ffi.set_source( + "wolfssl._ffi", """ - #include - #include + #include + #include - void wolfSSL_Free(void *ptr, void* heap, int type); + void wolfSSL_Free(void *ptr, void* heap, int type); """, include_dirs=["/usr/local/include"], library_dirs=["/usr/local/lib"], @@ -38,7 +38,7 @@ ffi.set_source("wolfssl._ffi", ) ffi.cdef( -""" + """ typedef unsigned char byte; typedef unsigned int word32; @@ -52,11 +52,12 @@ ffi.cdef( void* wolfSSL_CTX_new(void*); void wolfSSL_CTX_free(void*); - int wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int); - int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*); - int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int); - int wolfSSL_CTX_use_certificate_chain_file(void*, const char *); -""" + void wolfSSL_CTX_set_verify(void*, int, void*); + int wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int); + int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*); + int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int); + int wolfSSL_CTX_use_certificate_chain_file(void*, const char *); + """ ) if __name__ == "__main__": From 52eb0becf06bd680ffbf84344b37fa2d93e326b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 5 Dec 2016 19:47:00 -0300 Subject: [PATCH 17/47] adds set_ciphers to context --- wrapper/python/wolfssl/test/test_context.py | 5 +++++ wrapper/python/wolfssl/wolfssl/_context.py | 18 ++++++++++++++++-- wrapper/python/wolfssl/wolfssl/build_ffi.py | 1 + 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 1ec774989..9a5bdd1d4 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -125,6 +125,8 @@ class TestSSLContext(unittest.TestCase): def test_context_creation(self): self.assertIsNotNone(self.ctx) + + def test_verify_mode(self): self.assertEqual(self.ctx.verify_mode, self.provider.CERT_NONE) self.ctx.verify_mode = self.provider.CERT_OPTIONAL @@ -133,6 +135,9 @@ class TestSSLContext(unittest.TestCase): self.ctx.verify_mode = self.provider.CERT_REQUIRED self.assertEqual(self.ctx.verify_mode, self.provider.CERT_REQUIRED) + def test_set_ciphers(self): + self.ctx.set_ciphers("DHE-RSA-AES256-SHA256:AES256-SHA256") + def test_load_cert_chain_raises(self): self.assertRaises(TypeError, self.ctx.load_cert_chain, None) diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index d58a57268..17d150a58 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -103,6 +103,20 @@ class SSLContext(object): # _context=self) # # + + def set_ciphers(self, ciphers): + """ + Set the available ciphers for sockets created with this context. It + should be a string in the wolfSSL cipher list format. If no cipher can + be selected (because compile-time options or other configuration forbids + use of all the specified ciphers), an SSLError will be raised. + """ + ret = _lib.wolfSSL_CTX_set_cipher_list(self.native_object, t2b(ciphers)) + + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to set cipher list") + + def load_cert_chain(self, certfile, keyfile=None, password=None): """ Load a private key and the corresponding certificate. The certfile @@ -118,7 +132,7 @@ class SSLContext(object): ret = _lib.wolfSSL_CTX_use_certificate_chain_file( self.native_object, t2b(certfile)) if ret != _SSL_SUCCESS: - raise SSLError("Unnable to load certificate chain") + raise SSLError("Unnable to load certificate chain. Err %d"% ret) else: raise TypeError("certfile should be a valid filesystem path") @@ -126,7 +140,7 @@ class SSLContext(object): ret = _lib.wolfSSL_CTX_use_PrivateKey_file( self.native_object, t2b(keyfile), _SSL_FILETYPE_PEM) if ret != _SSL_SUCCESS: - raise SSLError("Unnable to load private key") + raise SSLError("Unnable to load private key. Err %d" % ret) def load_verify_locations(self, cafile=None, capath=None, cadata=None): diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 570973207..ec0fd4dfe 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -53,6 +53,7 @@ ffi.cdef( void wolfSSL_CTX_free(void*); void wolfSSL_CTX_set_verify(void*, int, void*); + int wolfSSL_CTX_set_cipher_list(void*, const char*); int wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int); int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*); int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int); From 445e375daa1916fa00f3b8fe1b6650b66e9c5464 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 5 Dec 2016 20:47:02 -0300 Subject: [PATCH 18/47] adds ssl interface to ffi --- wrapper/python/wolfssl/wolfssl/build_ffi.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index ec0fd4dfe..5d35566da 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -58,6 +58,14 @@ ffi.cdef( int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*); int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int); int wolfSSL_CTX_use_certificate_chain_file(void*, const char *); + + void* wolfSSL_new(void*); + void wolfSSL_free(void*); + + int wolfSSL_set_fd(void*, int); + int wolfSSL_write(void*, const void*, int); + int wolfSSL_read(void*, void*, int); + int wolfSSL_shutdown(void*); """ ) From baeba53527b0a78c8045938fa4190e5dfb71e74c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 6 Dec 2016 00:10:05 -0300 Subject: [PATCH 19/47] adds wrap_socket to the context --- wrapper/python/wolfssl/wolfssl/_context.py | 31 ++++++++++++++-------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index 17d150a58..edce885b1 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -26,6 +26,7 @@ except ImportError: pass from wolfssl._methods import WolfSSLMethod +from wolfssl._socket import SSLSocket from wolfssl._exceptions import SSLError from wolfssl.utils import t2b @@ -92,17 +93,25 @@ class SSLContext(object): _ffi.NULL) -# def wrap_socket(self, sock, server_side=False, -# do_handshake_on_connect=True, -# suppress_ragged_eofs=True, -# server_hostname=None): -# return SSLSocket(sock=sock, server_side=server_side, -# do_handshake_on_connect=do_handshake_on_connect, -# suppress_ragged_eofs=suppress_ragged_eofs, -# server_hostname=server_hostname, -# _context=self) -# -# + def wrap_socket(self, sock, server_side=False, + do_handshake_on_connect=True, + suppress_ragged_eofs=True, + server_hostname=None): + """ + Wrap an existing Python socket sock and return an SSLSocket object. + sock must be a SOCK_STREAM socket; other socket types are unsupported. + + The returned SSL socket is tied to the context, its settings and + certificates. The parameters server_side, do_handshake_on_connect and + suppress_ragged_eofs have the same meaning as in the top-level + wrap_socket() function. + """ + return SSLSocket(sock=sock, server_side=server_side, + do_handshake_on_connect=do_handshake_on_connect, + suppress_ragged_eofs=suppress_ragged_eofs, + server_hostname=server_hostname, + _context=self) + def set_ciphers(self, ciphers): """ From 07072ef266b0143b3918d9590c07bf11e01fe4ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 6 Dec 2016 01:14:41 -0300 Subject: [PATCH 20/47] moving SSLContext and SSLSocket to __init__ to avoid ciclic includes --- wrapper/python/wolfssl/wolfssl/__init__.py | 194 ++++++++++++++++++++- wrapper/python/wolfssl/wolfssl/_context.py | 185 -------------------- wrapper/python/wolfssl/wolfssl/_socket.py | 30 ---- 3 files changed, 185 insertions(+), 224 deletions(-) delete mode 100644 wrapper/python/wolfssl/wolfssl/_context.py delete mode 100644 wrapper/python/wolfssl/wolfssl/_socket.py diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/wolfssl/__init__.py index 2a526a888..c3f9b3caf 100644 --- a/wrapper/python/wolfssl/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/wolfssl/__init__.py @@ -19,29 +19,205 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import errno +from socket import socket, AF_INET, SOCK_STREAM, SOL_SOCKET, SO_TYPE -from wolfssl._methods import ( - PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLSv1, - PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2, PROTOCOL_TLS -) +try: + from wolfssl._ffi import ffi as _ffi + from wolfssl._ffi import lib as _lib +except ImportError: + pass -from wolfssl._context import ( - SSLContext, CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED -) - -from wolfssl._socket import SSLSocket +from wolfssl.utils import t2b from wolfssl._exceptions import ( CertificateError, SSLError, SSLEOFError, SSLSyscallError, SSLWantReadError, SSLWantWriteError, SSLZeroReturnError ) +from wolfssl._methods import ( + PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLSv1, + PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2, PROTOCOL_TLS, + WolfSSLMethod as _WolfSSLMethod +) + from wolfssl.__about__ import ( __all__, METADATA ) globals().update(METADATA) +CERT_NONE = 0 +CERT_OPTIONAL = 1 +CERT_REQUIRED = 2 + +_VERIFY_MODE_LIST = [CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED] + +_SSL_SUCCESS = 1 +_SSL_FILETYPE_PEM = 1 + +class SSLContext(object): + """ + An SSLContext holds various SSL-related configuration options and + data, such as certificates and possibly a private key. + """ + + def __init__(self, protocol, server_side=False): + method = _WolfSSLMethod(protocol, server_side) + + self.protocol = protocol + self._side = server_side + self._verify_mode = None + self.native_object = _lib.wolfSSL_CTX_new(method.native_object) + + # wolfSSL_CTX_new() takes ownership of the method. + # the method is freed later inside wolfSSL_CTX_free() + # or if wolfSSL_CTX_new() failed to allocate the context object. + method.native_object = None + + if self.native_object == _ffi.NULL: + raise MemoryError("Unnable to allocate context object") + + # verify_mode initialization needs a valid native_object. + self.verify_mode = CERT_NONE + + + def __del__(self): + if self.native_object is not None: + _lib.wolfSSL_CTX_free(self.native_object) + + + @property + def verify_mode(self): + """ + Whether to try to verify other peers’ certificates and how to behave + if verification fails. This attribute must be one of CERT_NONE, + CERT_OPTIONAL or CERT_REQUIRED. + """ + return self._verify_mode + + + @verify_mode.setter + def verify_mode(self, value): + if value not in _VERIFY_MODE_LIST: + raise ValueError("verify_mode must be one of CERT_NONE, " + "CERT_OPTIONAL or CERT_REQUIRED") + + if value != self._verify_mode: + self._verify_mode = value + _lib.wolfSSL_CTX_set_verify(self.native_object, + self._verify_mode, + _ffi.NULL) + + + def wrap_socket(self, sock, server_side=False, + do_handshake_on_connect=True, + suppress_ragged_eofs=True, + server_hostname=None): + """ + Wrap an existing Python socket sock and return an SSLSocket object. + sock must be a SOCK_STREAM socket; other socket types are unsupported. + + The returned SSL socket is tied to the context, its settings and + certificates. The parameters server_side, do_handshake_on_connect and + suppress_ragged_eofs have the same meaning as in the top-level + wrap_socket() function. + """ + return SSLSocket(sock=sock, server_side=server_side, + do_handshake_on_connect=do_handshake_on_connect, + suppress_ragged_eofs=suppress_ragged_eofs, + server_hostname=server_hostname, + _context=self) + + + def set_ciphers(self, ciphers): + """ + Set the available ciphers for sockets created with this context. It + should be a string in the wolfSSL cipher list format. If no cipher can + be selected (because compile-time options or other configuration forbids + use of all the specified ciphers), an SSLError will be raised. + """ + ret = _lib.wolfSSL_CTX_set_cipher_list(self.native_object, t2b(ciphers)) + + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to set cipher list") + + + def load_cert_chain(self, certfile, keyfile=None, password=None): + """ + Load a private key and the corresponding certificate. The certfile + string must be the path to a single file in PEM format containing + the certificate as well as any number of CA certificates needed to + establish the certificate's authenticity. + + The keyfile string, if present, must point to a file containing the + private key in. + """ + + if certfile: + ret = _lib.wolfSSL_CTX_use_certificate_chain_file( + self.native_object, t2b(certfile)) + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to load certificate chain. Err %d"% ret) + else: + raise TypeError("certfile should be a valid filesystem path") + + if keyfile: + ret = _lib.wolfSSL_CTX_use_PrivateKey_file( + self.native_object, t2b(keyfile), _SSL_FILETYPE_PEM) + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to load private key. Err %d" % ret) + + + def load_verify_locations(self, cafile=None, capath=None, cadata=None): + """ + Load a set of "certification authority" (CA) certificates used to + validate other peers' certificates when verify_mode is other than + CERT_NONE. At least one of cafile or capath must be specified. + + The cafile string, if present, is the path to a file of concatenated + CA certificates in PEM format. + + The capath string, if present, is the path to a directory containing + several CA certificates in PEM format. + """ + + if cafile is None and capath is None and cadata is None: + raise TypeError("cafile, capath and cadata cannot be all omitted") + + if cafile or capath: + ret = _lib.wolfSSL_CTX_load_verify_locations( + self.native_object, + t2b(cafile) if cafile else _ffi.NULL, + t2b(capath) if capath else _ffi.NULL) + + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to load verify locations. Err %d" % ret) + + if cadata: + ret = _lib.wolfSSL_CTX_load_verify_buffer( + self.native_object, t2b(cadata), len(cadata), _SSL_FILETYPE_PEM) + + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to load verify locations. Err %d" % ret) + +class SSLSocket(socket): + """ + This class implements a subtype of socket.socket that wraps the + underlying OS socket in an SSL context when necessary, and provides + read and write methods over that channel. + """ + + def __init__(self, sock=None, keyfile=None, certfile=None, + server_side=False, cert_reqs=CERT_NONE, + ssl_version=PROTOCOL_TLS, ca_certs=None, + do_handshake_on_connect=True, family=AF_INET, + sock_type=SOCK_STREAM, proto=0, fileno=None, + suppress_ragged_eofs=True, ciphers=None, + _context=None): + pass + + def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version=PROTOCOL_TLS, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py deleted file mode 100644 index edce885b1..000000000 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ /dev/null @@ -1,185 +0,0 @@ -# -*- coding: utf-8 -*- -# -# _context.py -# -# Copyright (C) 2006-2016 wolfSSL Inc. -# -# This file is part of wolfSSL. (formerly known as CyaSSL) -# -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -try: - from wolfssl._ffi import ffi as _ffi - from wolfssl._ffi import lib as _lib -except ImportError: - pass - -from wolfssl._methods import WolfSSLMethod -from wolfssl._socket import SSLSocket -from wolfssl._exceptions import SSLError -from wolfssl.utils import t2b - -CERT_NONE = 0 -CERT_OPTIONAL = 1 -CERT_REQUIRED = 2 - -_VERIFY_MODE_LIST = [CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED] - -_SSL_SUCCESS = 1 -_SSL_FILETYPE_PEM = 1 - -class SSLContext(object): - """ - An SSLContext holds various SSL-related configuration options and - data, such as certificates and possibly a private key. - """ - - def __init__(self, protocol, server_side=False): - method = WolfSSLMethod(protocol, server_side) - - self.protocol = protocol - self._side = server_side - self._verify_mode = None - self.native_object = _lib.wolfSSL_CTX_new(method.native_object) - - # wolfSSL_CTX_new() takes ownership of the method. - # the method is freed later inside wolfSSL_CTX_free() - # or if wolfSSL_CTX_new() failed to allocate the context object. - method.native_object = None - - if self.native_object == _ffi.NULL: - raise MemoryError("Unnable to allocate context object") - - # verify_mode initialization needs a valid native_object. - self.verify_mode = CERT_NONE - - - def __del__(self): - if self.native_object is not None: - _lib.wolfSSL_CTX_free(self.native_object) - - - @property - def verify_mode(self): - """ - Whether to try to verify other peers’ certificates and how to behave - if verification fails. This attribute must be one of CERT_NONE, - CERT_OPTIONAL or CERT_REQUIRED. - """ - return self._verify_mode - - - @verify_mode.setter - def verify_mode(self, value): - if value not in _VERIFY_MODE_LIST: - raise ValueError("verify_mode must be one of CERT_NONE, " - "CERT_OPTIONAL or CERT_REQUIRED") - - if value != self._verify_mode: - self._verify_mode = value - _lib.wolfSSL_CTX_set_verify(self.native_object, - self._verify_mode, - _ffi.NULL) - - - def wrap_socket(self, sock, server_side=False, - do_handshake_on_connect=True, - suppress_ragged_eofs=True, - server_hostname=None): - """ - Wrap an existing Python socket sock and return an SSLSocket object. - sock must be a SOCK_STREAM socket; other socket types are unsupported. - - The returned SSL socket is tied to the context, its settings and - certificates. The parameters server_side, do_handshake_on_connect and - suppress_ragged_eofs have the same meaning as in the top-level - wrap_socket() function. - """ - return SSLSocket(sock=sock, server_side=server_side, - do_handshake_on_connect=do_handshake_on_connect, - suppress_ragged_eofs=suppress_ragged_eofs, - server_hostname=server_hostname, - _context=self) - - - def set_ciphers(self, ciphers): - """ - Set the available ciphers for sockets created with this context. It - should be a string in the wolfSSL cipher list format. If no cipher can - be selected (because compile-time options or other configuration forbids - use of all the specified ciphers), an SSLError will be raised. - """ - ret = _lib.wolfSSL_CTX_set_cipher_list(self.native_object, t2b(ciphers)) - - if ret != _SSL_SUCCESS: - raise SSLError("Unnable to set cipher list") - - - def load_cert_chain(self, certfile, keyfile=None, password=None): - """ - Load a private key and the corresponding certificate. The certfile - string must be the path to a single file in PEM format containing - the certificate as well as any number of CA certificates needed to - establish the certificate's authenticity. - - The keyfile string, if present, must point to a file containing the - private key in. - """ - - if certfile: - ret = _lib.wolfSSL_CTX_use_certificate_chain_file( - self.native_object, t2b(certfile)) - if ret != _SSL_SUCCESS: - raise SSLError("Unnable to load certificate chain. Err %d"% ret) - else: - raise TypeError("certfile should be a valid filesystem path") - - if keyfile: - ret = _lib.wolfSSL_CTX_use_PrivateKey_file( - self.native_object, t2b(keyfile), _SSL_FILETYPE_PEM) - if ret != _SSL_SUCCESS: - raise SSLError("Unnable to load private key. Err %d" % ret) - - - def load_verify_locations(self, cafile=None, capath=None, cadata=None): - """ - Load a set of "certification authority" (CA) certificates used to - validate other peers' certificates when verify_mode is other than - CERT_NONE. At least one of cafile or capath must be specified. - - The cafile string, if present, is the path to a file of concatenated - CA certificates in PEM format. - - The capath string, if present, is the path to a directory containing - several CA certificates in PEM format. - """ - - if cafile is None and capath is None and cadata is None: - raise TypeError("cafile, capath and cadata cannot be all omitted") - - if cafile or capath: - ret = _lib.wolfSSL_CTX_load_verify_locations( - self.native_object, - t2b(cafile) if cafile else _ffi.NULL, - t2b(capath) if capath else _ffi.NULL) - - if ret != _SSL_SUCCESS: - raise SSLError("Unnable to load verify locations. Err %d" % ret) - - if cadata: - ret = _lib.wolfSSL_CTX_load_verify_buffer( - self.native_object, t2b(cadata), len(cadata), _SSL_FILETYPE_PEM) - - if ret != _SSL_SUCCESS: - raise SSLError("Unnable to load verify locations. Err %d" % ret) diff --git a/wrapper/python/wolfssl/wolfssl/_socket.py b/wrapper/python/wolfssl/wolfssl/_socket.py deleted file mode 100644 index d6a7cf166..000000000 --- a/wrapper/python/wolfssl/wolfssl/_socket.py +++ /dev/null @@ -1,30 +0,0 @@ -# -*- coding: utf-8 -*- -# -# _socket.py -# -# Copyright (C) 2006-2016 wolfSSL Inc. -# -# This file is part of wolfSSL. (formerly known as CyaSSL) -# -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -import socket - -class SSLSocket(socket.socket): - """ - This class implements a subtype of socket.socket that wraps - the underlying OS socket in an SSL context when necessary, and - provides read and write methods over that channel. - """ - pass From 2cbdd45e8f78ac54954b5e0aad354ea317c50a1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 6 Dec 2016 12:09:19 -0300 Subject: [PATCH 21/47] adds negotiate() to ssl interface --- wrapper/python/wolfssl/wolfssl/build_ffi.py | 1 + 1 file changed, 1 insertion(+) diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 5d35566da..24d5e401a 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -63,6 +63,7 @@ ffi.cdef( void wolfSSL_free(void*); int wolfSSL_set_fd(void*, int); + int wolfSSL_negotiate(void*); int wolfSSL_write(void*, const void*, int); int wolfSSL_read(void*, void*, int); int wolfSSL_shutdown(void*); From 567dfd76b331b3bcb3a81946377ee51f2c48da70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 6 Dec 2016 12:11:02 -0300 Subject: [PATCH 22/47] adds initial code for SSLSocket --- wrapper/python/wolfssl/wolfssl/__init__.py | 361 ++++++++++++++++++++- 1 file changed, 356 insertions(+), 5 deletions(-) diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/wolfssl/__init__.py index c3f9b3caf..72f8502e2 100644 --- a/wrapper/python/wolfssl/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/wolfssl/__init__.py @@ -154,7 +154,11 @@ class SSLContext(object): private key in. """ - if certfile: + if password is not None: + raise NotImplementedError("password callback support not " + "implemented yet") + + if certfile is not None: ret = _lib.wolfSSL_CTX_use_certificate_chain_file( self.native_object, t2b(certfile)) if ret != _SSL_SUCCESS: @@ -162,7 +166,7 @@ class SSLContext(object): else: raise TypeError("certfile should be a valid filesystem path") - if keyfile: + if keyfile is not None: ret = _lib.wolfSSL_CTX_use_PrivateKey_file( self.native_object, t2b(keyfile), _SSL_FILETYPE_PEM) if ret != _SSL_SUCCESS: @@ -185,7 +189,7 @@ class SSLContext(object): if cafile is None and capath is None and cadata is None: raise TypeError("cafile, capath and cadata cannot be all omitted") - if cafile or capath: + if cafile is not None or capath is not None: ret = _lib.wolfSSL_CTX_load_verify_locations( self.native_object, t2b(cafile) if cafile else _ffi.NULL, @@ -194,13 +198,14 @@ class SSLContext(object): if ret != _SSL_SUCCESS: raise SSLError("Unnable to load verify locations. Err %d" % ret) - if cadata: + if cadata is not None: ret = _lib.wolfSSL_CTX_load_verify_buffer( self.native_object, t2b(cadata), len(cadata), _SSL_FILETYPE_PEM) if ret != _SSL_SUCCESS: raise SSLError("Unnable to load verify locations. Err %d" % ret) + class SSLSocket(socket): """ This class implements a subtype of socket.socket that wraps the @@ -215,7 +220,353 @@ class SSLSocket(socket): sock_type=SOCK_STREAM, proto=0, fileno=None, suppress_ragged_eofs=True, ciphers=None, _context=None): - pass + + # set options + self.do_handshake_on_connect = do_handshake_on_connect + self.suppress_ragged_eofs = suppress_ragged_eofs + self.server_side = server_side + + # set context + if _context: + self._context = _context + else: + if server_side and not certfile: + raise ValueError("certfile must be specified for server-side " + "operations") + + if keyfile and not certfile: + raise ValueError("certfile must be specified") + + if certfile and not keyfile: + keyfile = certfile + + self._context = SSLContext(ssl_version, server_side) + self._context.verify_mode = cert_reqs + if ca_certs: + self._context.load_verify_locations(ca_certs) + if certfile: + self._context.load_cert_chain(certfile, keyfile) + if ciphers: + self._context.set_ciphers(ciphers) + + self.keyfile = keyfile + self.certfile = certfile + self.cert_reqs = cert_reqs + self.ssl_version = ssl_version + self.ca_certs = ca_certs + self.ciphers = ciphers + + # preparing socket + if sock is not None: + # Can't use sock.type as other flags (such as SOCK_NONBLOCK) get + # mixed in. + if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM: + raise NotImplementedError("only stream sockets are supported") + + socket.__init__(self, + family=sock.family, + sock_type=sock.type, + proto=sock.proto, + fileno=sock.fileno()) + self.settimeout(sock.gettimeout()) + sock.detach() + + elif fileno is not None: + socket.__init__(self, fileno=fileno) + + else: + socket.__init__(self, family=family, sock_type=sock_type, + proto=proto) + + # See if we are connected + try: + self.getpeername() + except OSError as exception: + if exception.errno != errno.ENOTCONN: + raise + connected = False + else: + connected = True + + self._closed = False + self.native_object = _ffi.NULL + self._connected = connected + + if connected: + # create the SSL object + try: + self.native_object = \ + _lib.wolfSSL_new(self.context.native_object) + if self.native_object == _ffi.NULL: + raise MemoryError("Unnable to allocate ssl object") + + ret = _lib.wolfSSL_set_fd(self.native_object, self.fileno) + if ret != _SSL_SUCCESS: + raise ValueError("Unnable to set fd to ssl object") + + if do_handshake_on_connect: + self.do_handshake() + except (OSError, ValueError): + self.close() + raise + + + @property + def context(self): + """ + Returns the context used by this object. + """ + return self._context + + + def dup(self): + raise NotImplementedError("Can't dup() %s instances" % + self.__class__.__name__) + + + def _check_connected(self): + if not self._connected: + # getpeername() will raise ENOTCONN if the socket is really + # not connected; note that we can be connected even without + # _connected being set, e.g. if connect() first returned + # EAGAIN. + self.getpeername() + + + def write(self, data): + """ + Write DATA to the underlying SSL channel. Returns + number of bytes of DATA actually transmitted. + """ + + if self.native_object == _ffi.NULL: + raise ValueError("Write on closed or unwrapped SSL socket") + + data = t2b(data) + + return _lib.wolfSSL_write(self.native_object, data, len(data)) + + + def send(self, data, flags=0): + if self.native_object != _ffi.NULL: + if flags != 0: + raise ValueError( + "non-zero flags not allowed in calls to send() on %s" % + self.__class__) + return self.write(data) + else: + return socket.send(self, data, flags) + + + def sendto(self, data, flags_or_addr, addr=None): + if self.native_object != _ffi.NULL: + raise ValueError("sendto not allowed on instances of %s" % + self.__class__) + elif addr is None: + return socket.sendto(self, data, flags_or_addr) + else: + return socket.sendto(self, data, flags_or_addr, addr) + + + def sendmsg(self, *args, **kwargs): + # Ensure programs don't send data unencrypted if they try to + # use this method. + raise NotImplementedError("sendmsg not allowed on instances of %s" % + self.__class__) + + + def sendall(self, data, flags=0): + if self.native_object != _ffi.NULL: + if flags != 0: + raise ValueError( + "non-zero flags not allowed in calls to sendall() on %s" % + self.__class__) + + amount = len(data) + count = 0 + while count < amount: + sent = self.send(data[count:]) + count += sent + return amount + else: + return socket.sendall(self, data, flags) + + + def sendfile(self, file, offset=0, count=None): + """ + Send a file, possibly by using os.sendfile() if this is a + clear-text socket. Return the total number of bytes sent. + """ + # Ensure programs don't send unencrypted files if they try to + # use this method. + raise NotImplementedError("sendfile not allowed on instances of %s" % + self.__class__) + + + def read(self, length=1024, buffer=None): + """ + Read up to LEN bytes and return them. + Return zero-length string on EOF. + """ + + if self.native_object == _ffi.NULL: + raise ValueError("Read on closed or unwrapped SSL socket") + + data = t2b("\0" * length) + length = _lib.WolfSSL_read(self.native_object, data, length) + + if buffer is not None: + buffer.write(data, length) + return length + else: + raise MemoryError("") + + return self._sslobj.read(len, buffer) + except SSLError as exception: + if exception.args[0] == SSL_ERROR_EOF and self.suppress_ragged_eofs: + if buffer is not None: + return 0 + else: + return b'' + else: + raise + + + def recv(self, buflen=1024, flags=0): + self._checkClosed() + if self._sslobj: + if flags != 0: + raise ValueError( + "non-zero flags not allowed in calls to recv() on %s" % + self.__class__) + return self.read(buflen) + else: + return socket.recv(self, buflen, flags) + + + def recv_into(self, buffer, nbytes=None, flags=0): + self._checkClosed() + if buffer and (nbytes is None): + nbytes = len(buffer) + elif nbytes is None: + nbytes = 1024 + if self._sslobj: + if flags != 0: + raise ValueError( + "non-zero flags not allowed in calls to recv_into() on %s" + % self.__class__) + return self.read(nbytes, buffer) + else: + return socket.recv_into(self, buffer, nbytes, flags) + + + def recvfrom(self, buflen=1024, flags=0): + self._checkClosed() + if self._sslobj: + raise ValueError("recvfrom not allowed on instances of %s" % + self.__class__) + else: + return socket.recvfrom(self, buflen, flags) + + + def recvfrom_into(self, buffer, nbytes=None, flags=0): + self._checkClosed() + if self._sslobj: + raise ValueError("recvfrom_into not allowed on instances of %s" % + self.__class__) + else: + return socket.recvfrom_into(self, buffer, nbytes, flags) + + + def recvmsg(self, *args, **kwargs): + raise NotImplementedError("recvmsg not allowed on instances of %s" % + self.__class__) + + + def recvmsg_into(self, *args, **kwargs): + raise NotImplementedError("recvmsg_into not allowed on instances of " + "%s" % self.__class__) + + + def shutdown(self, how): + self._checkClosed() + self._sslobj = None + socket.shutdown(self, how) + + + def unwrap(self): + if self._sslobj: + s = self._sslobj.unwrap() + self._sslobj = None + return s + else: + raise ValueError("No SSL wrapper around " + str(self)) + + def _real_close(self): + self._sslobj = None + socket._real_close(self) + + def do_handshake(self, block=False): + """Perform a TLS/SSL handshake.""" + self._check_connected() + timeout = self.gettimeout() + try: + if timeout == 0.0 and block: + self.settimeout(None) + self._sslobj.do_handshake() + finally: + self.settimeout(timeout) + + + def _real_connect(self, addr, connect_ex): + if self.server_side: + raise ValueError("can't connect in server-side mode") + # Here we assume that the socket is client-side, and not + # connected at the time of the call. We connect it, then wrap it. + if self._connected: + raise ValueError("attempt to connect already-connected SSLSocket!") + sslobj = self.context._wrap_socket(self, False, self.server_hostname) + self._sslobj = SSLObject(sslobj, owner=self) + try: + if connect_ex: + rc = socket.connect_ex(self, addr) + else: + rc = None + socket.connect(self, addr) + if not rc: + self._connected = True + if self.do_handshake_on_connect: + self.do_handshake() + return rc + except (OSError, ValueError): + self._sslobj = None + raise + + + def connect(self, addr): + """Connects to remote ADDR, and then wraps the connection in + an SSL channel.""" + self._real_connect(addr, False) + + + def connect_ex(self, addr): + """Connects to remote ADDR, and then wraps the connection in + an SSL channel.""" + return self._real_connect(addr, True) + + + def accept(self): + """Accepts a new connection from a remote client, and returns + a tuple containing that new connection wrapped with a server-side + SSL channel, and the address of the remote client.""" + + newsock, addr = socket.accept(self) + newsock = self.context.wrap_socket( + newsock, + do_handshake_on_connect=self.do_handshake_on_connect, + suppress_ragged_eofs=self.suppress_ragged_eofs, + server_side=True) + return newsock, addr def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, From b9934695fb2733068eee2acb3fd7219351edce8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Fri, 9 Dec 2016 15:15:51 -0300 Subject: [PATCH 23/47] pretest version of SSLSocket --- wrapper/python/wolfssl/wolfssl/__about__.py | 2 + wrapper/python/wolfssl/wolfssl/__init__.py | 319 ++++++++---------- wrapper/python/wolfssl/wolfssl/_exceptions.py | 2 + wrapper/python/wolfssl/wolfssl/_memory.py | 7 +- wrapper/python/wolfssl/wolfssl/_methods.py | 11 +- wrapper/python/wolfssl/wolfssl/build_ffi.py | 3 + wrapper/python/wolfssl/wolfssl/utils.py | 2 +- 7 files changed, 167 insertions(+), 179 deletions(-) diff --git a/wrapper/python/wolfssl/wolfssl/__about__.py b/wrapper/python/wolfssl/wolfssl/__about__.py index 7dc0b77b7..6d4e219a6 100644 --- a/wrapper/python/wolfssl/wolfssl/__about__.py +++ b/wrapper/python/wolfssl/wolfssl/__about__.py @@ -20,6 +20,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# pylint: disable=missing-docstring + METADATA = dict( __name__="wolfssl", __version__="0.1.0", diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/wolfssl/__init__.py index 72f8502e2..25119f195 100644 --- a/wrapper/python/wolfssl/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/wolfssl/__init__.py @@ -55,6 +55,7 @@ _VERIFY_MODE_LIST = [CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED] _SSL_SUCCESS = 1 _SSL_FILETYPE_PEM = 1 +_SSL_ERROR_WANT_READ = 2 class SSLContext(object): """ @@ -112,8 +113,7 @@ class SSLContext(object): def wrap_socket(self, sock, server_side=False, do_handshake_on_connect=True, - suppress_ragged_eofs=True, - server_hostname=None): + suppress_ragged_eofs=True): """ Wrap an existing Python socket sock and return an SSLSocket object. sock must be a SOCK_STREAM socket; other socket types are unsupported. @@ -126,7 +126,6 @@ class SSLContext(object): return SSLSocket(sock=sock, server_side=server_side, do_handshake_on_connect=do_handshake_on_connect, suppress_ragged_eofs=suppress_ragged_eofs, - server_hostname=server_hostname, _context=self) @@ -209,7 +208,7 @@ class SSLContext(object): class SSLSocket(socket): """ This class implements a subtype of socket.socket that wraps the - underlying OS socket in an SSL context when necessary, and provides + underlying OS socket in an SSL/TLS connection, providing secure read and write methods over that channel. """ @@ -278,7 +277,7 @@ class SSLSocket(socket): socket.__init__(self, family=family, sock_type=sock_type, proto=proto) - # See if we are connected + # see if we are connected try: self.getpeername() except OSError as exception: @@ -289,28 +288,38 @@ class SSLSocket(socket): connected = True self._closed = False - self.native_object = _ffi.NULL self._connected = connected + # create the SSL object + self.native_object = _lib.wolfSSL_new(self.context.native_object) + if self.native_object == _ffi.NULL: + raise MemoryError("Unnable to allocate ssl object") + + ret = _lib.wolfSSL_set_fd(self.native_object, self.fileno()) + if ret != _SSL_SUCCESS: + self._release_native_object() + raise ValueError("Unnable to set fd to ssl object") + if connected: - # create the SSL object try: - self.native_object = \ - _lib.wolfSSL_new(self.context.native_object) - if self.native_object == _ffi.NULL: - raise MemoryError("Unnable to allocate ssl object") - - ret = _lib.wolfSSL_set_fd(self.native_object, self.fileno) - if ret != _SSL_SUCCESS: - raise ValueError("Unnable to set fd to ssl object") - if do_handshake_on_connect: self.do_handshake() - except (OSError, ValueError): - self.close() + except: + self._release_native_object() + self._socket.close() raise + def __del__(self): + self._release_native_object() + + + def _release_native_object(self): + if self.native_object != _ffi.NULL: + _lib.wolfSSL_CTX_free(self.native_object) + self.native_object = _ffi.NULL + + @property def context(self): """ @@ -324,6 +333,10 @@ class SSLSocket(socket): self.__class__.__name__) + def _check_closed(self, call=None): + if self.native_object == _ffi.NULL: + raise ValueError("%s on closed or unwrapped secure channel" % call) + def _check_connected(self): if not self._connected: # getpeername() will raise ENOTCONN if the socket is really @@ -335,12 +348,11 @@ class SSLSocket(socket): def write(self, data): """ - Write DATA to the underlying SSL channel. Returns - number of bytes of DATA actually transmitted. + Write DATA to the underlying secure channel. + Returns number of bytes of DATA actually transmitted. """ - - if self.native_object == _ffi.NULL: - raise ValueError("Write on closed or unwrapped SSL socket") + self._check_closed("write") + self._check_connected() data = t2b(data) @@ -348,134 +360,93 @@ class SSLSocket(socket): def send(self, data, flags=0): - if self.native_object != _ffi.NULL: - if flags != 0: - raise ValueError( - "non-zero flags not allowed in calls to send() on %s" % - self.__class__) - return self.write(data) - else: - return socket.send(self, data, flags) + if flags != 0: + raise NotImplementedError("non-zero flags not allowed in calls to " + "send() on %s" % self.__class__) - - def sendto(self, data, flags_or_addr, addr=None): - if self.native_object != _ffi.NULL: - raise ValueError("sendto not allowed on instances of %s" % - self.__class__) - elif addr is None: - return socket.sendto(self, data, flags_or_addr) - else: - return socket.sendto(self, data, flags_or_addr, addr) - - - def sendmsg(self, *args, **kwargs): - # Ensure programs don't send data unencrypted if they try to - # use this method. - raise NotImplementedError("sendmsg not allowed on instances of %s" % - self.__class__) + return self.write(data) def sendall(self, data, flags=0): - if self.native_object != _ffi.NULL: - if flags != 0: - raise ValueError( - "non-zero flags not allowed in calls to sendall() on %s" % - self.__class__) + if flags != 0: + raise NotImplementedError("non-zero flags not allowed in calls to " + "sendall() on %s" % self.__class__) - amount = len(data) - count = 0 - while count < amount: - sent = self.send(data[count:]) - count += sent - return amount - else: - return socket.sendall(self, data, flags) + length = len(data) + sent = 0 + + while sent < length: + sent += self.write(data[sent:]) + + return sent + + + def sendto(self, data, flags_or_addr, addr=None): + # Ensure programs don't send unencrypted data trying to use this method + raise NotImplementedError("sendto not allowed on instances " + "of %s" % self.__class__) + + + def sendmsg(self, *args, **kwargs): + # Ensure programs don't send unencrypted data trying to use this method + raise NotImplementedError("sendmsg not allowed on instances " + "of %s" % self.__class__) def sendfile(self, file, offset=0, count=None): - """ - Send a file, possibly by using os.sendfile() if this is a - clear-text socket. Return the total number of bytes sent. - """ - # Ensure programs don't send unencrypted files if they try to - # use this method. - raise NotImplementedError("sendfile not allowed on instances of %s" % - self.__class__) + # Ensure programs don't send unencrypted files trying to use this method + raise NotImplementedError("sendfile not allowed on instances " + "of %s" % self.__class__) def read(self, length=1024, buffer=None): """ - Read up to LEN bytes and return them. + Read up to LENGTH bytes and return them. Return zero-length string on EOF. """ + self._check_closed("read") + self._check_connected() + + if buffer is not None: + raise ValueError("buffer not allowed in calls to " + "read() on %s" % self.__class__) - if self.native_object == _ffi.NULL: - raise ValueError("Read on closed or unwrapped SSL socket") - data = t2b("\0" * length) length = _lib.WolfSSL_read(self.native_object, data, length) - if buffer is not None: - buffer.write(data, length) - return length - else: - raise MemoryError("") - - return self._sslobj.read(len, buffer) - except SSLError as exception: - if exception.args[0] == SSL_ERROR_EOF and self.suppress_ragged_eofs: - if buffer is not None: - return 0 - else: - return b'' + if length < 0: + err = _lib.wolfSSL_get_error(self.native_object, 0) + if err == _SSL_ERROR_WANT_READ: + raise SSLWantReadError() else: - raise + raise SSLError("wolfSSL_read error (%d)" % err) + + return data[:length] if length > 0 else b'' - def recv(self, buflen=1024, flags=0): - self._checkClosed() - if self._sslobj: - if flags != 0: - raise ValueError( - "non-zero flags not allowed in calls to recv() on %s" % - self.__class__) - return self.read(buflen) - else: - return socket.recv(self, buflen, flags) + def recv(self, length=1024, flags=0): + if flags != 0: + raise NotImplementedError("non-zero flags not allowed in calls to " + "recv() on %s" % self.__class__) + + return self.read(self, length) def recv_into(self, buffer, nbytes=None, flags=0): - self._checkClosed() - if buffer and (nbytes is None): - nbytes = len(buffer) - elif nbytes is None: - nbytes = 1024 - if self._sslobj: - if flags != 0: - raise ValueError( - "non-zero flags not allowed in calls to recv_into() on %s" - % self.__class__) - return self.read(nbytes, buffer) - else: - return socket.recv_into(self, buffer, nbytes, flags) + raise NotImplementedError("recv_into not allowed on instances " + "of %s" % self.__class__) - def recvfrom(self, buflen=1024, flags=0): - self._checkClosed() - if self._sslobj: - raise ValueError("recvfrom not allowed on instances of %s" % - self.__class__) - else: - return socket.recvfrom(self, buflen, flags) + def recvfrom(self, length=1024, flags=0): + # Ensure programs don't receive encrypted data trying to use this method + raise NotImplementedError("recvfrom not allowed on instances " + "of %s" % self.__class__) def recvfrom_into(self, buffer, nbytes=None, flags=0): - self._checkClosed() - if self._sslobj: - raise ValueError("recvfrom_into not allowed on instances of %s" % - self.__class__) - else: - return socket.recvfrom_into(self, buffer, nbytes, flags) + # Ensure programs don't receive encrypted data trying to use this method + raise NotImplementedError("recvfrom_into not allowed on instances " + "of %s" % self.__class__) def recvmsg(self, *args, **kwargs): @@ -489,84 +460,88 @@ class SSLSocket(socket): def shutdown(self, how): - self._checkClosed() - self._sslobj = None + if self.native_object != _ffi.NULL: + _lib.wolfSSL_shutdown(self.native_object) + self._release_native_object() socket.shutdown(self, how) def unwrap(self): - if self._sslobj: - s = self._sslobj.unwrap() - self._sslobj = None - return s - else: - raise ValueError("No SSL wrapper around " + str(self)) + """ + Unwraps the underlying OS socket from the SSL/TLS connection. + Returns the wrapped OS socket. + """ + if self.native_object != _ffi.NULL: + _lib.wolfSSL_set_fd(self.native_object, -1) + + sock = socket(family=self.family, + sock_type=self.type, + proto=self.proto, + fileno=self.fileno()) + sock.settimeout(self.gettimeout()) + self.detach() + + return sock - def _real_close(self): - self._sslobj = None - socket._real_close(self) def do_handshake(self, block=False): - """Perform a TLS/SSL handshake.""" + """ + Perform a TLS/SSL handshake. + """ + self._check_closed("do_handshake") self._check_connected() - timeout = self.gettimeout() - try: - if timeout == 0.0 and block: - self.settimeout(None) - self._sslobj.do_handshake() - finally: - self.settimeout(timeout) + + ret = _lib.wolfSSL_negotiate(self.native_object) + if ret != _SSL_SUCCESS: + raise SSLError("do_handshake failed with error %d" % ret) def _real_connect(self, addr, connect_ex): if self.server_side: raise ValueError("can't connect in server-side mode") + # Here we assume that the socket is client-side, and not # connected at the time of the call. We connect it, then wrap it. if self._connected: raise ValueError("attempt to connect already-connected SSLSocket!") - sslobj = self.context._wrap_socket(self, False, self.server_hostname) - self._sslobj = SSLObject(sslobj, owner=self) - try: - if connect_ex: - rc = socket.connect_ex(self, addr) - else: - rc = None - socket.connect(self, addr) - if not rc: - self._connected = True - if self.do_handshake_on_connect: - self.do_handshake() - return rc - except (OSError, ValueError): - self._sslobj = None - raise + + if connect_ex: + err = self._socket.connect_ex(addr) + else: + err = 0 + self._socket.connect(addr) + + if err == 0: + self._connected = True + if self.do_handshake_on_connect: + self.do_handshake() + + return err def connect(self, addr): - """Connects to remote ADDR, and then wraps the connection in - an SSL channel.""" + """ + Connects to remote ADDR, and then wraps the connection in a secure + channel. + """ self._real_connect(addr, False) def connect_ex(self, addr): - """Connects to remote ADDR, and then wraps the connection in - an SSL channel.""" + """ + Connects to remote ADDR, and then wraps the connection in a secure + channel. + """ return self._real_connect(addr, True) def accept(self): - """Accepts a new connection from a remote client, and returns - a tuple containing that new connection wrapped with a server-side - SSL channel, and the address of the remote client.""" - - newsock, addr = socket.accept(self) - newsock = self.context.wrap_socket( - newsock, - do_handshake_on_connect=self.do_handshake_on_connect, - suppress_ragged_eofs=self.suppress_ragged_eofs, - server_side=True) - return newsock, addr + """ + Accepts a new connection from a remote client, and returns a tuple + containing that new connection wrapped with a server-side secure + channel, and the address of the remote client. + """ + pass def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, diff --git a/wrapper/python/wolfssl/wolfssl/_exceptions.py b/wrapper/python/wolfssl/wolfssl/_exceptions.py index 87e38dccc..8d32104b5 100644 --- a/wrapper/python/wolfssl/wolfssl/_exceptions.py +++ b/wrapper/python/wolfssl/wolfssl/_exceptions.py @@ -20,6 +20,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# pylint: disable=missing-docstring + from socket import error as socket_error diff --git a/wrapper/python/wolfssl/wolfssl/_memory.py b/wrapper/python/wolfssl/wolfssl/_memory.py index e272b7ac8..94a641dd5 100644 --- a/wrapper/python/wolfssl/wolfssl/_memory.py +++ b/wrapper/python/wolfssl/wolfssl/_memory.py @@ -19,9 +19,12 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=missing-docstring + try: - from wolfssl._ffi import ffi as _ffi - from wolfssl._ffi import lib as _lib + from wolfssl._ffi import ffi as _ffi + from wolfssl._ffi import lib as _lib except ImportError: pass diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/wolfssl/_methods.py index c97ccaddb..a12c74584 100644 --- a/wrapper/python/wolfssl/wolfssl/_methods.py +++ b/wrapper/python/wolfssl/wolfssl/_methods.py @@ -19,9 +19,12 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=missing-docstring, invalid-name + try: - from wolfssl._ffi import ffi as _ffi - from wolfssl._ffi import lib as _lib + from wolfssl._ffi import ffi as _ffi + from wolfssl._ffi import lib as _lib except ImportError: pass @@ -66,8 +69,8 @@ class WolfSSLMethod(object): _lib.wolfTLSv1_2_client_method() elif protocol in [PROTOCOL_SSLv23, PROTOCOL_TLS]: - self.native_object = \ - _lib.wolfSSLv23_server_method() if server_side else \ + self.native_object = \ + _lib.wolfSSLv23_server_method() if server_side else \ _lib.wolfSSLv23_client_method() if self.native_object == _ffi.NULL: diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 24d5e401a..e4af76b90 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -20,6 +20,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# pylint: disable=missing-docstring, invalid-name + from cffi import FFI ffi = FFI() @@ -63,6 +65,7 @@ ffi.cdef( void wolfSSL_free(void*); int wolfSSL_set_fd(void*, int); + int wolfSSL_get_error(void*, int); int wolfSSL_negotiate(void*); int wolfSSL_write(void*, const void*, int); int wolfSSL_read(void*, void*, int); diff --git a/wrapper/python/wolfssl/wolfssl/utils.py b/wrapper/python/wolfssl/wolfssl/utils.py index 2c6232381..31fd53b2c 100644 --- a/wrapper/python/wolfssl/wolfssl/utils.py +++ b/wrapper/python/wolfssl/wolfssl/utils.py @@ -20,7 +20,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -# pylint: disable=unused-import, undefined-variable +# pylint: disable=missing-docstring, unused-import, undefined-variable import sys from binascii import hexlify as b2h, unhexlify as h2b From f3c152260849811f642054d28220fc6d8839b31d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 12 Dec 2016 21:07:43 -0300 Subject: [PATCH 24/47] always treat native_object as a pointer --- wrapper/python/wolfssl/wolfssl/__init__.py | 6 +++--- wrapper/python/wolfssl/wolfssl/_methods.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/wolfssl/__init__.py index 25119f195..997d97ca9 100644 --- a/wrapper/python/wolfssl/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/wolfssl/__init__.py @@ -74,7 +74,7 @@ class SSLContext(object): # wolfSSL_CTX_new() takes ownership of the method. # the method is freed later inside wolfSSL_CTX_free() # or if wolfSSL_CTX_new() failed to allocate the context object. - method.native_object = None + method.native_object = _ffi.NULL if self.native_object == _ffi.NULL: raise MemoryError("Unnable to allocate context object") @@ -84,7 +84,7 @@ class SSLContext(object): def __del__(self): - if self.native_object is not None: + if getattr(self, 'native_object', _ffi.NULL) != _ffi.NULL: _lib.wolfSSL_CTX_free(self.native_object) @@ -315,7 +315,7 @@ class SSLSocket(socket): def _release_native_object(self): - if self.native_object != _ffi.NULL: + if getattr(self, 'native_object', _ffi.NULL) != _ffi.NULL: _lib.wolfSSL_CTX_free(self.native_object) self.native_object = _ffi.NULL diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/wolfssl/_methods.py index a12c74584..3fab97904 100644 --- a/wrapper/python/wolfssl/wolfssl/_methods.py +++ b/wrapper/python/wolfssl/wolfssl/_methods.py @@ -78,5 +78,5 @@ class WolfSSLMethod(object): def __del__(self): - if self.native_object is not None: + if getattr(self, 'native_object', _ffi.NULL) != _ffi.NULL: _native_free(self.native_object, _DYNAMIC_TYPE_METHOD) From 4b75d11164ce646dd68df90f85d1bafdbbbc7911 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 13 Dec 2016 11:54:17 -0300 Subject: [PATCH 25/47] fixes socket calls --- wrapper/python/wolfssl/wolfssl/__init__.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/wolfssl/__init__.py index 997d97ca9..6a7e7c6f7 100644 --- a/wrapper/python/wolfssl/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/wolfssl/__init__.py @@ -264,7 +264,7 @@ class SSLSocket(socket): socket.__init__(self, family=sock.family, - sock_type=sock.type, + type=sock.type, proto=sock.proto, fileno=sock.fileno()) self.settimeout(sock.gettimeout()) @@ -274,7 +274,7 @@ class SSLSocket(socket): socket.__init__(self, fileno=fileno) else: - socket.__init__(self, family=family, sock_type=sock_type, + socket.__init__(self, family=family, type=sock_type, proto=proto) # see if we are connected @@ -306,7 +306,7 @@ class SSLSocket(socket): self.do_handshake() except: self._release_native_object() - self._socket.close() + self.close() raise @@ -412,7 +412,7 @@ class SSLSocket(socket): "read() on %s" % self.__class__) data = t2b("\0" * length) - length = _lib.WolfSSL_read(self.native_object, data, length) + length = _lib.wolfSSL_read(self.native_object, data, length) if length < 0: err = _lib.wolfSSL_get_error(self.native_object, 0) @@ -506,10 +506,10 @@ class SSLSocket(socket): raise ValueError("attempt to connect already-connected SSLSocket!") if connect_ex: - err = self._socket.connect_ex(addr) + err = socket.connect_ex(self, addr) else: err = 0 - self._socket.connect(addr) + socket.connect(self, addr) if err == 0: self._connected = True From 9b58ab021136ceb1199bf67597da094c8989ae24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 13 Dec 2016 12:07:57 -0300 Subject: [PATCH 26/47] renames exceptions file --- wrapper/python/wolfssl/wolfssl/__init__.py | 2 +- .../python/wolfssl/wolfssl/{_exceptions.py => exceptions.py} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename wrapper/python/wolfssl/wolfssl/{_exceptions.py => exceptions.py} (99%) diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/wolfssl/__init__.py index 6a7e7c6f7..473cd9111 100644 --- a/wrapper/python/wolfssl/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/wolfssl/__init__.py @@ -30,7 +30,7 @@ except ImportError: from wolfssl.utils import t2b -from wolfssl._exceptions import ( +from wolfssl.exceptions import ( CertificateError, SSLError, SSLEOFError, SSLSyscallError, SSLWantReadError, SSLWantWriteError, SSLZeroReturnError ) diff --git a/wrapper/python/wolfssl/wolfssl/_exceptions.py b/wrapper/python/wolfssl/wolfssl/exceptions.py similarity index 99% rename from wrapper/python/wolfssl/wolfssl/_exceptions.py rename to wrapper/python/wolfssl/wolfssl/exceptions.py index 8d32104b5..7ff6dede3 100644 --- a/wrapper/python/wolfssl/wolfssl/_exceptions.py +++ b/wrapper/python/wolfssl/wolfssl/exceptions.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # -# _exceptions.py +# exceptions.py # # Copyright (C) 2006-2016 wolfSSL Inc. # From 1c9147a41e4f9cf39cd4ba179ed58dfb166a7e0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 13 Dec 2016 13:57:24 -0300 Subject: [PATCH 27/47] adds supported curves to context; fixes compatibility issues with py27 --- wrapper/python/wolfssl/test/test_client.py | 12 ++--- wrapper/python/wolfssl/test/test_context.py | 2 +- wrapper/python/wolfssl/wolfssl/__init__.py | 58 ++++++++++++++++++--- wrapper/python/wolfssl/wolfssl/build_ffi.py | 2 + 4 files changed, 59 insertions(+), 15 deletions(-) diff --git a/wrapper/python/wolfssl/test/test_client.py b/wrapper/python/wolfssl/test/test_client.py index 254f84427..35f5f491b 100644 --- a/wrapper/python/wolfssl/test/test_client.py +++ b/wrapper/python/wolfssl/test/test_client.py @@ -25,7 +25,7 @@ import unittest import socket import ssl -# import wolfssl +import wolfssl class SSLClientTest(unittest.TestCase): ssl_provider = ssl @@ -37,14 +37,14 @@ class SSLClientTest(unittest.TestCase): def test_wrap_socket(self): secure_sock = self.ssl_provider.wrap_socket( - self.sock, ssl_version=ssl.PROTOCOL_SSLv23) + self.sock, ssl_version=self.ssl_provider.PROTOCOL_SSLv23) secure_sock.connect((self.host, self.port)) - secure_sock.send(b"GET / HTTP/1.1\n\n") - self.assertEqual(b"HTTP", secure_sock.recv(4)) + secure_sock.write(b"GET / HTTP/1.1\n\n") + self.assertEqual(b"HTTP", secure_sock.read(4)) secure_sock.close() -#class TestWolfSSL(SSLClientTest): -# ssl_provider = wolfssl +class TestWolfSSL(SSLClientTest): + ssl_provider = wolfssl diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 9a5bdd1d4..3060a9434 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -136,7 +136,7 @@ class TestSSLContext(unittest.TestCase): self.assertEqual(self.ctx.verify_mode, self.provider.CERT_REQUIRED) def test_set_ciphers(self): - self.ctx.set_ciphers("DHE-RSA-AES256-SHA256:AES256-SHA256") + self.ctx.set_ciphers("DHE-RSA-AES256-SHA256") def test_load_cert_chain_raises(self): self.assertRaises(TypeError, self.ctx.load_cert_chain, None) diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/wolfssl/__init__.py index 473cd9111..71bb6e574 100644 --- a/wrapper/python/wolfssl/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/wolfssl/__init__.py @@ -19,8 +19,11 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import sys import errno -from socket import socket, AF_INET, SOCK_STREAM, SOL_SOCKET, SO_TYPE +from socket import ( + socket, AF_INET, SOCK_STREAM, SOL_SOCKET, SO_TYPE, error as socket_error +) try: from wolfssl._ffi import ffi as _ffi @@ -57,6 +60,32 @@ _SSL_SUCCESS = 1 _SSL_FILETYPE_PEM = 1 _SSL_ERROR_WANT_READ = 2 +_WOLFSSL_ECC_SECP160K1 = 15 +_WOLFSSL_ECC_SECP160R1 = 16 +_WOLFSSL_ECC_SECP160R2 = 17 +_WOLFSSL_ECC_SECP192K1 = 18 +_WOLFSSL_ECC_SECP192R1 = 19 +_WOLFSSL_ECC_SECP224K1 = 20 +_WOLFSSL_ECC_SECP224R1 = 21 +_WOLFSSL_ECC_SECP256K1 = 22 +_WOLFSSL_ECC_SECP256R1 = 23 +_WOLFSSL_ECC_SECP384R1 = 24 +_WOLFSSL_ECC_SECP521R1 = 25 +_WOLFSSL_ECC_BRAINPOOLP256R1 = 26 +_WOLFSSL_ECC_BRAINPOOLP384R1 = 27 +_WOLFSSL_ECC_BRAINPOOLP512R1 = 28 + +_SUPPORTED_CURVES = [ + _WOLFSSL_ECC_SECP160K1, _WOLFSSL_ECC_SECP160R1, _WOLFSSL_ECC_SECP160R2, + _WOLFSSL_ECC_SECP192K1, _WOLFSSL_ECC_SECP192R1, _WOLFSSL_ECC_SECP224K1, + _WOLFSSL_ECC_SECP224R1, _WOLFSSL_ECC_SECP256K1, _WOLFSSL_ECC_SECP256R1, + _WOLFSSL_ECC_SECP384R1, _WOLFSSL_ECC_SECP521R1, + _WOLFSSL_ECC_BRAINPOOLP256R1, _WOLFSSL_ECC_BRAINPOOLP384R1, + _WOLFSSL_ECC_BRAINPOOLP512R1 +] + +_PY3 = sys.version_info[0] == 3 + class SSLContext(object): """ An SSLContext holds various SSL-related configuration options and @@ -82,6 +111,13 @@ class SSLContext(object): # verify_mode initialization needs a valid native_object. self.verify_mode = CERT_NONE + if not server_side: + for curve in _SUPPORTED_CURVES: + ret = _lib.wolfSSL_CTX_UseSupportedCurve(self.native_object, + curve) + if ret != _SSL_SUCCESS: + raise SSLError("unnable to set curve (%d)" % curve) + def __del__(self): if getattr(self, 'native_object', _ffi.NULL) != _ffi.NULL: @@ -262,13 +298,19 @@ class SSLSocket(socket): if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM: raise NotImplementedError("only stream sockets are supported") - socket.__init__(self, - family=sock.family, - type=sock.type, - proto=sock.proto, - fileno=sock.fileno()) + if _PY3: + socket.__init__(self, + family=sock.family, + type=sock.type, + proto=sock.proto, + fileno=sock.fileno()) + else: + socket.__init__(self, _sock=sock._sock) + self.settimeout(sock.gettimeout()) - sock.detach() + + if _PY3: + sock.detach() elif fileno is not None: socket.__init__(self, fileno=fileno) @@ -280,7 +322,7 @@ class SSLSocket(socket): # see if we are connected try: self.getpeername() - except OSError as exception: + except socket_error as exception: if exception.errno != errno.ENOTCONN: raise connected = False diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index e4af76b90..62b26125b 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -60,6 +60,8 @@ ffi.cdef( int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*); int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int); int wolfSSL_CTX_use_certificate_chain_file(void*, const char *); + int wolfSSL_CTX_UseSupportedCurve(void*, short); + void* wolfSSL_new(void*); void wolfSSL_free(void*); From 35f03eb00ab0ff301878d1e050525dff633edb6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Thu, 22 Dec 2016 16:59:50 -0200 Subject: [PATCH 28/47] fixes docs. --- wrapper/python/wolfssl/README.rst | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/wrapper/python/wolfssl/README.rst b/wrapper/python/wolfssl/README.rst index f5c321c00..768be917f 100644 --- a/wrapper/python/wolfssl/README.rst +++ b/wrapper/python/wolfssl/README.rst @@ -7,11 +7,13 @@ wolfssl: the wolfSSL Inc. SSL/TLS library **wolfSSL's C SSL/TLS library**. `wolfssl `_ is a -lightweight, portable, C-language-based crypto library -targeted at IoT, embedded, and RTOS environments primarily because of its size, -speed, and feature set. It works seamlessly in desktop, enterprise, and cloud -environments as well. It is the crypto engine behind `wolfSSl's embedded ssl -library `_. +lightweight C-language-based SSL/TLS library targeted for embedded, RTOS, or +resource-constrained environments primarily because of its small size, speed, +and portability. wolfSSL supports industry standards up to the current TLS 1.2 +and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, +lightweight, portable, C-language-based crypto library offers a simple API, an +OpenSSL compatibility layer, OCSP and CRL support, and offers several +progressive ciphers. Installation From 53d4c171c885dee1e92c3e49f31cfccd634732ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Thu, 22 Dec 2016 17:58:13 -0200 Subject: [PATCH 29/47] adds more client tests --- wrapper/python/wolfssl/test/test_client.py | 47 ++++++++++++++++++--- wrapper/python/wolfssl/test/test_context.py | 3 -- wrapper/python/wolfssl/wolfssl/__init__.py | 5 +-- 3 files changed, 44 insertions(+), 11 deletions(-) diff --git a/wrapper/python/wolfssl/test/test_client.py b/wrapper/python/wolfssl/test/test_client.py index 35f5f491b..2a7c02104 100644 --- a/wrapper/python/wolfssl/test/test_client.py +++ b/wrapper/python/wolfssl/test/test_client.py @@ -28,16 +28,15 @@ import ssl import wolfssl class SSLClientTest(unittest.TestCase): - ssl_provider = ssl - host = "www.google.com" + provider = ssl + host = "www.globalsign.com" port = 443 def setUp(self): self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) def test_wrap_socket(self): - secure_sock = self.ssl_provider.wrap_socket( - self.sock, ssl_version=self.ssl_provider.PROTOCOL_SSLv23) + secure_sock = self.provider.wrap_socket(self.sock) secure_sock.connect((self.host, self.port)) secure_sock.write(b"GET / HTTP/1.1\n\n") @@ -45,6 +44,44 @@ class SSLClientTest(unittest.TestCase): secure_sock.close() + def test_wrap_socket_with_ca(self): + secure_sock = self.provider.wrap_socket( + self.sock, cert_reqs=self.provider.CERT_REQUIRED, + ca_certs="../../../certs/external/ca-globalsign-root-r2.pem") + secure_sock.connect((self.host, self.port)) + + secure_sock.write(b"GET / HTTP/1.1\n\n") + self.assertEqual(b"HTTP", secure_sock.read(4)) + + secure_sock.close() + + def test_wrap_socket_from_context(self): + ctx = self.provider.SSLContext(self.provider.PROTOCOL_TLSv1_2) + + ctx.verify_mode = self.provider.CERT_REQUIRED + ctx.load_verify_locations( + "../../../certs/external/ca-globalsign-root-r2.pem") + + secure_sock = ctx.wrap_socket(self.sock) + secure_sock.connect((self.host, self.port)) + + secure_sock.write(b"GET / HTTP/1.1\n\n") + self.assertEqual(b"HTTP", secure_sock.read(4)) + + secure_sock.close() + + def test_ssl_socket(self): + secure_sock = self.provider.SSLSocket( + self.sock, + cert_reqs=self.provider.CERT_REQUIRED, + ca_certs="../../../certs/external/ca-globalsign-root-r2.pem") + + secure_sock.connect((self.host, self.port)) + + secure_sock.write(b"GET / HTTP/1.1\n\n") + self.assertEqual(b"HTTP", secure_sock.read(4)) + + secure_sock.close() class TestWolfSSL(SSLClientTest): - ssl_provider = wolfssl + provider = wolfssl diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 3060a9434..2c1a0920b 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -129,9 +129,6 @@ class TestSSLContext(unittest.TestCase): def test_verify_mode(self): self.assertEqual(self.ctx.verify_mode, self.provider.CERT_NONE) - self.ctx.verify_mode = self.provider.CERT_OPTIONAL - self.assertEqual(self.ctx.verify_mode, self.provider.CERT_OPTIONAL) - self.ctx.verify_mode = self.provider.CERT_REQUIRED self.assertEqual(self.ctx.verify_mode, self.provider.CERT_REQUIRED) diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/wolfssl/__init__.py index 71bb6e574..d637c164e 100644 --- a/wrapper/python/wolfssl/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/wolfssl/__init__.py @@ -51,10 +51,9 @@ from wolfssl.__about__ import ( globals().update(METADATA) CERT_NONE = 0 -CERT_OPTIONAL = 1 -CERT_REQUIRED = 2 +CERT_REQUIRED = 1 -_VERIFY_MODE_LIST = [CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED] +_VERIFY_MODE_LIST = [CERT_NONE, CERT_REQUIRED] _SSL_SUCCESS = 1 _SSL_FILETYPE_PEM = 1 From 56091e267f3c47a0a495dd17476b17adca75c104 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Thu, 12 Jan 2017 18:55:00 -0200 Subject: [PATCH 30/47] moving source code into src --- wrapper/python/wolfssl/setup.py | 12 +++++++++--- .../python/wolfssl/{ => src}/wolfssl/__about__.py | 0 wrapper/python/wolfssl/{ => src}/wolfssl/__init__.py | 0 wrapper/python/wolfssl/{ => src}/wolfssl/_memory.py | 0 wrapper/python/wolfssl/{ => src}/wolfssl/_methods.py | 0 .../python/wolfssl/{ => src}/wolfssl/build_ffi.py | 0 .../python/wolfssl/{ => src}/wolfssl/exceptions.py | 0 wrapper/python/wolfssl/{ => src}/wolfssl/utils.py | 0 8 files changed, 9 insertions(+), 3 deletions(-) rename wrapper/python/wolfssl/{ => src}/wolfssl/__about__.py (100%) rename wrapper/python/wolfssl/{ => src}/wolfssl/__init__.py (100%) rename wrapper/python/wolfssl/{ => src}/wolfssl/_memory.py (100%) rename wrapper/python/wolfssl/{ => src}/wolfssl/_methods.py (100%) rename wrapper/python/wolfssl/{ => src}/wolfssl/build_ffi.py (100%) rename wrapper/python/wolfssl/{ => src}/wolfssl/exceptions.py (100%) rename wrapper/python/wolfssl/{ => src}/wolfssl/utils.py (100%) diff --git a/wrapper/python/wolfssl/setup.py b/wrapper/python/wolfssl/setup.py index efe61401f..a89cb2425 100755 --- a/wrapper/python/wolfssl/setup.py +++ b/wrapper/python/wolfssl/setup.py @@ -22,12 +22,17 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # Python 2.7 Standard Library + +# pylint: disable=import-error, wrong-import-position + from __future__ import absolute_import import os import sys -from wolfssl.__about__ import METADATA from setuptools import setup, find_packages +sys.path.insert(0, 'src') +from wolfssl.__about__ import METADATA + os.chdir(os.path.dirname(sys.argv[0]) or ".") LONG_DESCRIPTION = open("README.rst", "rt").read().replace( @@ -40,8 +45,9 @@ INFO = dict( contents={ "long_description" : LONG_DESCRIPTION, "package_data" : {"": ["*.txt"]}, - "packages" : find_packages(), - "cffi_modules" : ["./wolfssl/build_ffi.py:ffi"], + "packages" : find_packages("src"), + "package_dir" : {"": "src"}, + "cffi_modules" : ["./src/wolfssl/build_ffi.py:ffi"], }, requirements={ "setup_requires" : ["cffi>=1.6.0"], diff --git a/wrapper/python/wolfssl/wolfssl/__about__.py b/wrapper/python/wolfssl/src/wolfssl/__about__.py similarity index 100% rename from wrapper/python/wolfssl/wolfssl/__about__.py rename to wrapper/python/wolfssl/src/wolfssl/__about__.py diff --git a/wrapper/python/wolfssl/wolfssl/__init__.py b/wrapper/python/wolfssl/src/wolfssl/__init__.py similarity index 100% rename from wrapper/python/wolfssl/wolfssl/__init__.py rename to wrapper/python/wolfssl/src/wolfssl/__init__.py diff --git a/wrapper/python/wolfssl/wolfssl/_memory.py b/wrapper/python/wolfssl/src/wolfssl/_memory.py similarity index 100% rename from wrapper/python/wolfssl/wolfssl/_memory.py rename to wrapper/python/wolfssl/src/wolfssl/_memory.py diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/src/wolfssl/_methods.py similarity index 100% rename from wrapper/python/wolfssl/wolfssl/_methods.py rename to wrapper/python/wolfssl/src/wolfssl/_methods.py diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/src/wolfssl/build_ffi.py similarity index 100% rename from wrapper/python/wolfssl/wolfssl/build_ffi.py rename to wrapper/python/wolfssl/src/wolfssl/build_ffi.py diff --git a/wrapper/python/wolfssl/wolfssl/exceptions.py b/wrapper/python/wolfssl/src/wolfssl/exceptions.py similarity index 100% rename from wrapper/python/wolfssl/wolfssl/exceptions.py rename to wrapper/python/wolfssl/src/wolfssl/exceptions.py diff --git a/wrapper/python/wolfssl/wolfssl/utils.py b/wrapper/python/wolfssl/src/wolfssl/utils.py similarity index 100% rename from wrapper/python/wolfssl/wolfssl/utils.py rename to wrapper/python/wolfssl/src/wolfssl/utils.py From 2d56f0932003d2ad2402fa0c3e0f219244afe9e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 15 Jan 2017 12:26:22 -0200 Subject: [PATCH 31/47] adds accept() behavior to SSLSocket; Migrates tests to pytest. --- .../python/wolfssl/requirements-testing.txt | 6 +- .../python/wolfssl/src/wolfssl/__init__.py | 12 ++- wrapper/python/wolfssl/test/conftest.py | 42 ++++++++++ wrapper/python/wolfssl/test/test_client.py | 82 +++++++------------ wrapper/python/wolfssl/test/test_context.py | 59 ++++++------- wrapper/python/wolfssl/test/test_methods.py | 68 ++++++--------- 6 files changed, 136 insertions(+), 133 deletions(-) create mode 100644 wrapper/python/wolfssl/test/conftest.py diff --git a/wrapper/python/wolfssl/requirements-testing.txt b/wrapper/python/wolfssl/requirements-testing.txt index 61def5278..9a277b876 100644 --- a/wrapper/python/wolfssl/requirements-testing.txt +++ b/wrapper/python/wolfssl/requirements-testing.txt @@ -1,3 +1,3 @@ -pytest>=2.9.1 -cffi>=1.6.0 -tox>=2.3.1 +pytest>=3.0.5 +cffi>=1.9.1 +tox>=2.5.0 diff --git a/wrapper/python/wolfssl/src/wolfssl/__init__.py b/wrapper/python/wolfssl/src/wolfssl/__init__.py index d637c164e..929674152 100644 --- a/wrapper/python/wolfssl/src/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/src/wolfssl/__init__.py @@ -582,7 +582,17 @@ class SSLSocket(socket): containing that new connection wrapped with a server-side secure channel, and the address of the remote client. """ - pass + if not self.server_side: + raise ValueError("can't accept in client-side mode") + + newsock, addr = socket.accept(self) + newsock = self.context.wrap_socket( + newsock, + do_handshake_on_connect=self.do_handshake_on_connect, + suppress_ragged_eofs=self.suppress_ragged_eofs, + server_side=True) + + return newsock, addr def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, diff --git a/wrapper/python/wolfssl/test/conftest.py b/wrapper/python/wolfssl/test/conftest.py new file mode 100644 index 000000000..1128f4448 --- /dev/null +++ b/wrapper/python/wolfssl/test/conftest.py @@ -0,0 +1,42 @@ +# -*- coding: utf-8 -*- +# +# conftest.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=missing-docstring, redefined-outer-name + +import socket +import ssl +import wolfssl +import pytest + +@pytest.fixture +def tcp_socket(): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + yield sock + sock.close() + +@pytest.fixture(params=[ssl, wolfssl], ids=["ssl", "wolfssl"]) +def ssl_provider(request): + return request.param + +@pytest.fixture +def ssl_context(ssl_provider): + return ssl_provider.SSLContext(ssl_provider.PROTOCOL_SSLv23) diff --git a/wrapper/python/wolfssl/test/test_client.py b/wrapper/python/wolfssl/test/test_client.py index 2a7c02104..5a55d47b6 100644 --- a/wrapper/python/wolfssl/test/test_client.py +++ b/wrapper/python/wolfssl/test/test_client.py @@ -21,67 +21,45 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # pylint: disable=missing-docstring, invalid-name, import-error +# pylint: disable=redefined-outer-name -import unittest -import socket -import ssl -import wolfssl +import pytest -class SSLClientTest(unittest.TestCase): - provider = ssl - host = "www.globalsign.com" - port = 443 +HOST = "www.python.org" +PORT = 443 +CA_CERTS = "/etc/ssl/cert.pem" - def setUp(self): - self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +@pytest.fixture( + params=["wrap_socket", "wrap_socket_with_ca", + "wrap_socket_from_context", "ssl_socket"]) +def secure_socket(request, ssl_provider, tcp_socket): + sock = None - def test_wrap_socket(self): - secure_sock = self.provider.wrap_socket(self.sock) - secure_sock.connect((self.host, self.port)) + if request.param == "wrap_socket": + sock = ssl_provider.wrap_socket(tcp_socket) - secure_sock.write(b"GET / HTTP/1.1\n\n") - self.assertEqual(b"HTTP", secure_sock.read(4)) + elif request.param == "wrap_socket_with_ca": + sock = ssl_provider.wrap_socket( + tcp_socket, cert_reqs=ssl_provider.CERT_REQUIRED, ca_certs=CA_CERTS) - secure_sock.close() + elif request.param == "wrap_socket_from_context": + ctx = ssl_provider.SSLContext(ssl_provider.PROTOCOL_TLSv1_2) - def test_wrap_socket_with_ca(self): - secure_sock = self.provider.wrap_socket( - self.sock, cert_reqs=self.provider.CERT_REQUIRED, - ca_certs="../../../certs/external/ca-globalsign-root-r2.pem") - secure_sock.connect((self.host, self.port)) + ctx.verify_mode = ssl_provider.CERT_REQUIRED + ctx.load_verify_locations(CA_CERTS) - secure_sock.write(b"GET / HTTP/1.1\n\n") - self.assertEqual(b"HTTP", secure_sock.read(4)) + sock = ctx.wrap_socket(tcp_socket) - secure_sock.close() + elif request.param == "ssl_socket": + sock = ssl_provider.SSLSocket( + tcp_socket, cert_reqs=ssl_provider.CERT_REQUIRED, ca_certs=CA_CERTS) - def test_wrap_socket_from_context(self): - ctx = self.provider.SSLContext(self.provider.PROTOCOL_TLSv1_2) + if sock: + yield sock + sock.close() - ctx.verify_mode = self.provider.CERT_REQUIRED - ctx.load_verify_locations( - "../../../certs/external/ca-globalsign-root-r2.pem") +def test_secure_connection(secure_socket): + secure_socket.connect((HOST, PORT)) - secure_sock = ctx.wrap_socket(self.sock) - secure_sock.connect((self.host, self.port)) - - secure_sock.write(b"GET / HTTP/1.1\n\n") - self.assertEqual(b"HTTP", secure_sock.read(4)) - - secure_sock.close() - - def test_ssl_socket(self): - secure_sock = self.provider.SSLSocket( - self.sock, - cert_reqs=self.provider.CERT_REQUIRED, - ca_certs="../../../certs/external/ca-globalsign-root-r2.pem") - - secure_sock.connect((self.host, self.port)) - - secure_sock.write(b"GET / HTTP/1.1\n\n") - self.assertEqual(b"HTTP", secure_sock.read(4)) - - secure_sock.close() - -class TestWolfSSL(SSLClientTest): - provider = wolfssl + secure_socket.write(b"GET / HTTP/1.1\n\n") + assert secure_socket.read(4) == b"HTTP" diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 2c1a0920b..b8692781d 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -21,11 +21,11 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # pylint: disable=missing-docstring, invalid-name, import-error +# pylint: disable=redefined-outer-name import sys -import unittest import ssl -import wolfssl +import pytest _CADATA = """" Certificate: @@ -117,43 +117,36 @@ Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== -----END CERTIFICATE----- """ -class TestSSLContext(unittest.TestCase): - provider = ssl +def test_context_creation(ssl_context): + assert ssl_context != None - def setUp(self): - self.ctx = self.provider.SSLContext(self.provider.PROTOCOL_SSLv23) +def test_verify_mode(ssl_provider, ssl_context): + assert ssl_context.verify_mode == ssl_provider.CERT_NONE - def test_context_creation(self): - self.assertIsNotNone(self.ctx) + ssl_context.verify_mode = ssl_provider.CERT_REQUIRED + assert ssl_context.verify_mode == ssl_provider.CERT_REQUIRED - def test_verify_mode(self): - self.assertEqual(self.ctx.verify_mode, self.provider.CERT_NONE) +def test_set_ciphers(ssl_context): + ssl_context.set_ciphers("DHE-RSA-AES256-SHA256") - self.ctx.verify_mode = self.provider.CERT_REQUIRED - self.assertEqual(self.ctx.verify_mode, self.provider.CERT_REQUIRED) +def test_load_cert_chain_raises(ssl_context): + with pytest.raises(TypeError): + ssl_context.load_cert_chain(None) - def test_set_ciphers(self): - self.ctx.set_ciphers("DHE-RSA-AES256-SHA256") +def test_load_cert_chain(ssl_context): + ssl_context.load_cert_chain("../../../certs/client-cert.pem", + "../../../certs/client-key.pem") - def test_load_cert_chain_raises(self): - self.assertRaises(TypeError, self.ctx.load_cert_chain, None) +def test_load_verify_locations_raises(ssl_context): + with pytest.raises(TypeError): + ssl_context.load_verify_locations(None) - def test_load_cert_chain(self): - self.ctx.load_cert_chain("../../../certs/client-cert.pem", - "../../../certs/client-key.pem") +def test_load_verify_locations_with_cafile(ssl_context): + ssl_context.load_verify_locations(cafile="../../../certs/ca-cert.pem") - def test_load_verify_locations_raises(self): - self.assertRaises(TypeError, self.ctx.load_verify_locations, None) +def test_load_verify_locations_with_cadata(ssl_provider, ssl_context): + if ssl_provider is ssl and sys.version_info[0] == 2: + # this test doesn't works for provider ssl in python 2 + return - def test_load_verify_locations_with_cafile(self): - self.ctx.load_verify_locations(cafile="../../../certs/ca-cert.pem") - - def test_load_verify_locations_with_cadata(self): - if self.provider is ssl and sys.version_info[0] == 2: - # this test doesn't works for provider ssl in python 2 - return - - self.ctx.load_verify_locations(cadata=_CADATA) - -class TestWolfSSLContext(TestSSLContext): - provider = wolfssl + ssl_context.load_verify_locations(cadata=_CADATA) diff --git a/wrapper/python/wolfssl/test/test_methods.py b/wrapper/python/wolfssl/test/test_methods.py index dc902db36..21fede687 100644 --- a/wrapper/python/wolfssl/test/test_methods.py +++ b/wrapper/python/wolfssl/test/test_methods.py @@ -20,59 +20,39 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -# pylint: disable=missing-docstring, invalid-name, import-error +# pylint: disable=missing-docstring, redefined-outer-name, import-error -import unittest +import pytest from wolfssl._methods import (WolfSSLMethod, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLS, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2) from wolfssl._ffi import ffi as _ffi +@pytest.fixture( + params=[PROTOCOL_SSLv3, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1], + ids=["SSLv3", "TLSv1", "TLSv1_1"]) +def unsupported_method(request): + yield request.param -class TestMethods(unittest.TestCase): - def test_SSLv3_raises(self): - self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_SSLv3, False) - self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_SSLv3, True) +@pytest.fixture( + params=[PROTOCOL_SSLv23, PROTOCOL_TLS, PROTOCOL_TLSv1_2], + ids=["SSLv23", "TLS", "TLSv1_2"]) +def supported_method(request): + yield request.param - def test_TLSv1_raises(self): - self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_TLSv1, False) - self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_TLSv1, True) +def test_unsupported_method(unsupported_method): + with pytest.raises(ValueError): + WolfSSLMethod(unsupported_method, False) + with pytest.raises(ValueError): + WolfSSLMethod(unsupported_method, True) - def test_TLSv1_1_raises(self): - self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_TLSv1_1, False) - self.assertRaises(ValueError, WolfSSLMethod, PROTOCOL_TLSv1_1, True) +def test_supported_method(supported_method): + client = WolfSSLMethod(supported_method, False) + server = WolfSSLMethod(supported_method, True) - - def test_SSLv23_doesnt_raises(self): - client = WolfSSLMethod(PROTOCOL_SSLv23, False) - server = WolfSSLMethod(PROTOCOL_SSLv23, True) - - self.assertIsInstance(client, WolfSSLMethod) - self.assertIsInstance(server, WolfSSLMethod) - - self.assertNotEqual(client.native_object, _ffi.NULL) - self.assertNotEqual(server.native_object, _ffi.NULL) - - - def test_TLS_doesnt_raises(self): - client = WolfSSLMethod(PROTOCOL_TLS, False) - server = WolfSSLMethod(PROTOCOL_TLS, True) - - self.assertIsInstance(client, WolfSSLMethod) - self.assertIsInstance(server, WolfSSLMethod) - - self.assertNotEqual(client.native_object, _ffi.NULL) - self.assertNotEqual(server.native_object, _ffi.NULL) - - - def test_TLSv1_2_doesnt_raises(self): - client = WolfSSLMethod(PROTOCOL_TLSv1_2, False) - server = WolfSSLMethod(PROTOCOL_TLSv1_2, True) - - self.assertIsInstance(client, WolfSSLMethod) - self.assertIsInstance(server, WolfSSLMethod) - - self.assertNotEqual(client.native_object, _ffi.NULL) - self.assertNotEqual(server.native_object, _ffi.NULL) + assert isinstance(client, WolfSSLMethod) + assert isinstance(server, WolfSSLMethod) + assert client.native_object != _ffi.NULL + assert server.native_object != _ffi.NULL From 0a9f66338c9d7ab0939e8c5ffdaa20a251c72695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 15 Jan 2017 12:51:09 -0200 Subject: [PATCH 32/47] adds coverity tests --- wrapper/python/wolfssl/.gitignore | 3 +++ wrapper/python/wolfssl/test/conftest.py | 5 ++--- wrapper/python/wolfssl/test/test_context.py | 6 ++++++ wrapper/python/wolfssl/test/test_methods.py | 4 ++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/wrapper/python/wolfssl/.gitignore b/wrapper/python/wolfssl/.gitignore index 5e6f6f9bd..101697443 100644 --- a/wrapper/python/wolfssl/.gitignore +++ b/wrapper/python/wolfssl/.gitignore @@ -11,6 +11,9 @@ dist/ # Unit test .tox/ +htmlcov/ +.coverage + # Sphinx documentation docs/_build/ diff --git a/wrapper/python/wolfssl/test/conftest.py b/wrapper/python/wolfssl/test/conftest.py index 1128f4448..09d52618a 100644 --- a/wrapper/python/wolfssl/test/conftest.py +++ b/wrapper/python/wolfssl/test/conftest.py @@ -29,9 +29,8 @@ import pytest @pytest.fixture def tcp_socket(): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - yield sock - sock.close() + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + yield sock @pytest.fixture(params=[ssl, wolfssl], ids=["ssl", "wolfssl"]) def ssl_provider(request): diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index b8692781d..3d545fc5b 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -121,6 +121,9 @@ def test_context_creation(ssl_context): assert ssl_context != None def test_verify_mode(ssl_provider, ssl_context): + with pytest.raises(ValueError): + ssl_context.verify_mode = -1 + assert ssl_context.verify_mode == ssl_provider.CERT_NONE ssl_context.verify_mode = ssl_provider.CERT_REQUIRED @@ -129,6 +132,9 @@ def test_verify_mode(ssl_provider, ssl_context): def test_set_ciphers(ssl_context): ssl_context.set_ciphers("DHE-RSA-AES256-SHA256") + with pytest.raises(Exception): + ssl_context.set_ciphers("foo") + def test_load_cert_chain_raises(ssl_context): with pytest.raises(TypeError): ssl_context.load_cert_chain(None) diff --git a/wrapper/python/wolfssl/test/test_methods.py b/wrapper/python/wolfssl/test/test_methods.py index 21fede687..70d068c9c 100644 --- a/wrapper/python/wolfssl/test/test_methods.py +++ b/wrapper/python/wolfssl/test/test_methods.py @@ -29,8 +29,8 @@ from wolfssl._methods import (WolfSSLMethod, PROTOCOL_SSLv3, PROTOCOL_SSLv23, from wolfssl._ffi import ffi as _ffi @pytest.fixture( - params=[PROTOCOL_SSLv3, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1], - ids=["SSLv3", "TLSv1", "TLSv1_1"]) + params=[-1, PROTOCOL_SSLv3, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1], + ids=["invalid", "SSLv3", "TLSv1", "TLSv1_1"]) def unsupported_method(request): yield request.param From 715d6afeda93566daaccc091d4bbb60fff81328e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 16 Jan 2017 15:43:13 -0200 Subject: [PATCH 33/47] updates tox config --- wrapper/python/wolfssl/tox.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wrapper/python/wolfssl/tox.ini b/wrapper/python/wolfssl/tox.ini index 98ec7f995..d552f72b3 100644 --- a/wrapper/python/wolfssl/tox.ini +++ b/wrapper/python/wolfssl/tox.ini @@ -1,7 +1,7 @@ [tox] -envlist=py27,py34,py35 +envlist=py27,py34,py35,py36 skip_missing_interpreters=true [testenv] deps=-rrequirements-testing.txt -commands=py.test test/ +commands=py.test test/ {posargs} From 089387906ef30c892aaf3bff4e3b5005d81f3337 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 16 Jan 2017 18:52:34 -0200 Subject: [PATCH 34/47] updates tests --- wrapper/python/wolfssl/.ubuntu-provisioner.sh | 24 ++- wrapper/python/wolfssl/certs/ca-cert.pem | 87 +++++++++ .../python/wolfssl/certs/ca-digicert-ev.pem | 23 +++ wrapper/python/wolfssl/certs/client-cert.pem | 88 +++++++++ wrapper/python/wolfssl/certs/client-key.pem | 27 +++ wrapper/python/wolfssl/certs/server-cert.pem | 173 ++++++++++++++++++ wrapper/python/wolfssl/certs/server-key.pem | 27 +++ wrapper/python/wolfssl/test/conftest.py | 11 +- wrapper/python/wolfssl/test/test_client.py | 2 +- wrapper/python/wolfssl/test/test_context.py | 12 +- 10 files changed, 456 insertions(+), 18 deletions(-) create mode 100644 wrapper/python/wolfssl/certs/ca-cert.pem create mode 100644 wrapper/python/wolfssl/certs/ca-digicert-ev.pem create mode 100644 wrapper/python/wolfssl/certs/client-cert.pem create mode 100644 wrapper/python/wolfssl/certs/client-key.pem create mode 100644 wrapper/python/wolfssl/certs/server-cert.pem create mode 100644 wrapper/python/wolfssl/certs/server-key.pem diff --git a/wrapper/python/wolfssl/.ubuntu-provisioner.sh b/wrapper/python/wolfssl/.ubuntu-provisioner.sh index c11d9c204..40fe439e8 100644 --- a/wrapper/python/wolfssl/.ubuntu-provisioner.sh +++ b/wrapper/python/wolfssl/.ubuntu-provisioner.sh @@ -1,9 +1,12 @@ [ "$(whoami)" != "root" ] && echo "Sorry, you are not root." && exit 1 apt-get update -apt-get install -y git autoconf libtool +apt-get install -y \ + git autoconf libtool python-dev python3-dev python-pip libffi-dev -git clone https://github.com/wolfssl/wolfssl.git +pip install -U pip setuptools + +git clone --depth 1 https://github.com/wolfssl/wolfssl.git [ $? -ne 0 ] && echo "\n\nCouldn't download wolfssl.\n\n" && exit 1 pushd wolfssl @@ -15,9 +18,20 @@ make install ldconfig popd + rm -rf wolfssl -apt-get install -y libffi-dev python-dev python-pip +pushd /vagrant -pip install wolfssl -[ $? -ne 0 ] && echo "\n\nCouldn't install wolfssl.\n\n" && exit 1 +pip install -r requirements-testing.txt + +rm src/wolfssl/*.pyc +rm -r src/wolfssl/*.egg-info/ +rm -r test/__pycache__/ + +tox -r -- -v + +popd + +#pip install wolfssl +#[ $? -ne 0 ] && echo -e "\n\nCouldn't install wolfssl.\n\n" && exit 1 diff --git a/wrapper/python/wolfssl/certs/ca-cert.pem b/wrapper/python/wolfssl/certs/ca-cert.pem new file mode 100644 index 000000000..8b34ea43d --- /dev/null +++ b/wrapper/python/wolfssl/certs/ca-cert.pem @@ -0,0 +1,87 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b7:b6:90:33:66:1b:6b:23 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B7:B6:90:33:66:1B:6B:23 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +-----END CERTIFICATE----- diff --git a/wrapper/python/wolfssl/certs/ca-digicert-ev.pem b/wrapper/python/wolfssl/certs/ca-digicert-ev.pem new file mode 100644 index 000000000..9e6810ab7 --- /dev/null +++ b/wrapper/python/wolfssl/certs/ca-digicert-ev.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- diff --git a/wrapper/python/wolfssl/certs/client-cert.pem b/wrapper/python/wolfssl/certs/client-cert.pem new file mode 100644 index 000000000..9262ad609 --- /dev/null +++ b/wrapper/python/wolfssl/certs/client-cert.pem @@ -0,0 +1,88 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b9:bc:90:ed:ad:aa:0a:8c + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B9:BC:90:ED:AD:AA:0A:8C + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97: + 90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7: + c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9: + 46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3: + 76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56: + a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8: + c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3: + 44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2: + 6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b: + 95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6: + 66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f: + ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b: + 99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7: + 93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4: + 7c:d6:35:9e +-----BEGIN CERTIFICATE----- +MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG +A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw +FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG +A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT +BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY +MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45 +pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYs +StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW +kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF +dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj +mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/ +wK71/Fvl+6G60wIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR +xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh +MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96 +ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu +Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW +EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl +UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx +uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7 +R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr +cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu +q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe +-----END CERTIFICATE----- diff --git a/wrapper/python/wolfssl/certs/client-key.pem b/wrapper/python/wolfssl/certs/client-key.pem new file mode 100644 index 000000000..c4e7ad22c --- /dev/null +++ b/wrapper/python/wolfssl/certs/client-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvG +w0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJ +W+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbf +G36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnN +rv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAY +E7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQABAoIBAQCi5thfEHFkCJ4u +bdFtHoXSCrGMR84sUWqgEp5T3pFMHW3qWXvyd6rZxtmKq9jhFuRjJv+1bBNZuOOl +yHIXLgyfb+VZP3ZvSbERwlouFikN3reO3EDVou7gHqH0vpfbhmOWFM2YCWAtMHac +PM3miO5HknkLWgDiXl8RfH35CLcgBokqXf0AqyLh8LO8JKleJg4fAC3+IZpTW23T +K6uUgmhDNtj2L8Yi/LVBXQ0zYOqkfX7oS1WRVtNcV48flBcvqt7pnqj0z4pMjqDk +VnOyz0+GxWk88yQgi1yWDPprEjuaZ8HfxpaypdWSDZsJQmgkEEXUUOQXOUjQNYuU +bRHej8pZAoGBAOokp/lpM+lx3FJ9iCEoL0neunIW6cxHeogNlFeEWBY6gbA/os+m +bB6wBikAj+d3dqzbysfZXps/JpBSrvw4kAAUu7QPWJTnL2p+HE9BIdQxWR9OihqN +p1dsItjl9H4yphDLZKVVA4emJwWMw9e2J7JNujDaR49U0z2LhI2UmFilAoGBANU4 +G8OPxZMMRwtvNZLFsI1GyJIYj/WACvfvof6AubUqusoYsF2lB9CTjdicBBzUYo6m +JoEB/86KKmM0NUCqbYDeiSNqV02ebq2TTlaQC22dc4sMric93k7wqsVseGdslFKc +N2dsLe+7r9+mkDzER8+Nlp6YqbSfxaZQ3LPw+3QXAoGAXoMJYr26fKK/QnT1fBzS +ackEDYV+Pj0kEsMYe/Mp818OdmxZdeRBhGmdMvPNIquwNbpKsjzl2Vi2Yk9d3uWe +CspTsiz3nrNrClt5ZexukU6SIPb8/Bbt03YM4ux/smkTa3gOWkZktF63JaBadTpL +78c8Pvf9JrggxJkKmnO+wxkCgYEAukSTFKw0GTtfkWCs97TWgQU2UVM96GXcry7c +YT7Jfbh/h/A7mwOCKTfOck4R1bHBDAegmZFKjX/sec/xObXphexi99p9vGRNIjwO +8tZR9YfYmcARIF0PKf1b4q7ZHNkhVm38hNBf7RAVHBgh58Q9S9fQnmqVzyLJA3ue +42AB/C8CgYAR0EvPG2e5nxB1R4ZlrjHCxjCsWQZQ2Q+1cAb38NPIYnyo2m72IT/T +f1/qiqs/2Spe81HSwjA34y2jdQ0eTSE01VdwXIm/cuxKbmjVzRh0M06MOkWP5pZA +62P5GYY6Ud2JS7Dz+Z9dKJU4vjWrylznk1M0oUVdEzllQkahn831vw== +-----END RSA PRIVATE KEY----- diff --git a/wrapper/python/wolfssl/certs/server-cert.pem b/wrapper/python/wolfssl/certs/server-cert.pem new file mode 100644 index 000000000..5504c822f --- /dev/null +++ b/wrapper/python/wolfssl/certs/server-cert.pem @@ -0,0 +1,173 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B7:B6:90:33:66:1B:6B:23 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d: + 0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20: + a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce: + 39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3: + 56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29: + 7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47: + 25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25: + 36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1: + 7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e: + a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18: + 04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d: + 9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f: + 55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1: + 71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80: + e6:e4:0c:37 +-----BEGIN CERTIFICATE----- +MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn +f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X +GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM +QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq +0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ +6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU +sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj +s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h +MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK +Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk +q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s +9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl +NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 +qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig +lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b7:b6:90:33:66:1b:6b:23 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B7:B6:90:33:66:1B:6B:23 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +-----END CERTIFICATE----- diff --git a/wrapper/python/wolfssl/certs/server-key.pem b/wrapper/python/wolfssl/certs/server-key.pem new file mode 100644 index 000000000..d1627f4d4 --- /dev/null +++ b/wrapper/python/wolfssl/certs/server-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7 +qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf +P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj +xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk +wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC +Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv +n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd +x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y +oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz +0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB +QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD +LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8 +ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8 +yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT +3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N +zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB +hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv +VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB +qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf +H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza +1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ +c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe +9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY +dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n +WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA= +-----END RSA PRIVATE KEY----- diff --git a/wrapper/python/wolfssl/test/conftest.py b/wrapper/python/wolfssl/test/conftest.py index 09d52618a..c929bfa65 100644 --- a/wrapper/python/wolfssl/test/conftest.py +++ b/wrapper/python/wolfssl/test/conftest.py @@ -22,17 +22,22 @@ # pylint: disable=missing-docstring, redefined-outer-name -import socket +import sys import ssl import wolfssl import pytest @pytest.fixture def tcp_socket(): - with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + import socket + from contextlib import closing + + with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock: yield sock -@pytest.fixture(params=[ssl, wolfssl], ids=["ssl", "wolfssl"]) +@pytest.fixture( + params=[ssl, wolfssl] if sys.version_info.major == 3 else [wolfssl], + ids=["ssl", "wolfssl"] if sys.version_info.major == 3 else ["wolfssl"]) def ssl_provider(request): return request.param diff --git a/wrapper/python/wolfssl/test/test_client.py b/wrapper/python/wolfssl/test/test_client.py index 5a55d47b6..f9495c3b7 100644 --- a/wrapper/python/wolfssl/test/test_client.py +++ b/wrapper/python/wolfssl/test/test_client.py @@ -27,7 +27,7 @@ import pytest HOST = "www.python.org" PORT = 443 -CA_CERTS = "/etc/ssl/cert.pem" +CA_CERTS = "certs/ca-digicert-ev.pem" @pytest.fixture( params=["wrap_socket", "wrap_socket_with_ca", diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 3d545fc5b..db9d6f18d 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -23,8 +23,6 @@ # pylint: disable=missing-docstring, invalid-name, import-error # pylint: disable=redefined-outer-name -import sys -import ssl import pytest _CADATA = """" @@ -140,19 +138,15 @@ def test_load_cert_chain_raises(ssl_context): ssl_context.load_cert_chain(None) def test_load_cert_chain(ssl_context): - ssl_context.load_cert_chain("../../../certs/client-cert.pem", - "../../../certs/client-key.pem") + ssl_context.load_cert_chain("certs/client-cert.pem", + "certs/client-key.pem") def test_load_verify_locations_raises(ssl_context): with pytest.raises(TypeError): ssl_context.load_verify_locations(None) def test_load_verify_locations_with_cafile(ssl_context): - ssl_context.load_verify_locations(cafile="../../../certs/ca-cert.pem") + ssl_context.load_verify_locations(cafile="certs/ca-cert.pem") def test_load_verify_locations_with_cadata(ssl_provider, ssl_context): - if ssl_provider is ssl and sys.version_info[0] == 2: - # this test doesn't works for provider ssl in python 2 - return - ssl_context.load_verify_locations(cadata=_CADATA) From bb97e03a44ef73f9617da9808c7d8f736c91ba96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 16 Jan 2017 19:40:46 -0200 Subject: [PATCH 35/47] initial server tests --- wrapper/python/wolfssl/.ubuntu-provisioner.sh | 2 +- wrapper/python/wolfssl/examples/server.py | 64 +++++++++++++++++++ wrapper/python/wolfssl/test/test_server.py | 64 +++++++++++++++++++ 3 files changed, 129 insertions(+), 1 deletion(-) create mode 100755 wrapper/python/wolfssl/examples/server.py create mode 100644 wrapper/python/wolfssl/test/test_server.py diff --git a/wrapper/python/wolfssl/.ubuntu-provisioner.sh b/wrapper/python/wolfssl/.ubuntu-provisioner.sh index 40fe439e8..4b5b28a3d 100644 --- a/wrapper/python/wolfssl/.ubuntu-provisioner.sh +++ b/wrapper/python/wolfssl/.ubuntu-provisioner.sh @@ -29,7 +29,7 @@ rm src/wolfssl/*.pyc rm -r src/wolfssl/*.egg-info/ rm -r test/__pycache__/ -tox -r -- -v +tox -r -e py27,py34 -- -v popd diff --git a/wrapper/python/wolfssl/examples/server.py b/wrapper/python/wolfssl/examples/server.py new file mode 100755 index 000000000..428ee3056 --- /dev/null +++ b/wrapper/python/wolfssl/examples/server.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python +# +# -*- coding: utf-8 -*- +# +# server.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=missing-docstring, invalid-name, import-error + +import sys +import socket + +try: + import wolfssl +except ImportError: + print("You must run 'python setup.py install' to use the examples") + sys.exit() + +bind_socket = socket.socket() +bind_socket.bind(('', 0)) +bind_socket.listen(5) + +print("Server listening on port", bind_socket.getsockname()[1]) + +while True: + try: + secure_socket = None + + new_socket, from_addr = bind_socket.accept() + + secure_socket = wolfssl.wrap_socket( + new_socket, + server_side=True, + certfile="certs/server-cert.pem", + keyfile="certs/server-key.pem") + + print(secure_socket.read()) + secure_socket.write(b"I hear you fa shizzle!") + + except KeyboardInterrupt: + print() + break + + finally: + if secure_socket: + secure_socket.shutdown(socket.SHUT_RDWR) + secure_socket.close() diff --git a/wrapper/python/wolfssl/test/test_server.py b/wrapper/python/wolfssl/test/test_server.py new file mode 100644 index 000000000..a48df765e --- /dev/null +++ b/wrapper/python/wolfssl/test/test_server.py @@ -0,0 +1,64 @@ +# -*- coding: utf-8 -*- +# +# test_server.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=missing-docstring, invalid-name, import-error + +import unittest +import socket +import ssl + +HOST = 'localhost' + +class SSLTest(unittest.TestCase): + provider = ssl + + def setUp(self): + # server setup + self.server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.server.bind((HOST, 0)) + self.port = self.server.getsockname()[1] + self.server.listen(1) + + # client setup + self.client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + + def tearDown(self): + self.server.close() + self.server = None + + self.client.close() + self.client = None + + def cleartext(self): + conn = self.server.accept()[0] + secure_server = self.provider.wrap_socket( + conn, server_side=True, + certfile="certs/server_cert.pem", + keyfile="certs/server_key.pem") + + self.client.send(b"server, can you hear me?") + self.assertEqual(b"server, can you hear me?", + secure_server.read(256)) + + conn.send(b"I hear you loud and clear, client.") + self.assertEqual(b"I hear you loud and clear, client.", + self.client.recv(256)) From 5c8e69eb5e46af1c7f18490bdf7f8cee537e7443 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Wed, 18 Jan 2017 17:59:48 -0200 Subject: [PATCH 36/47] updates vagrant configs; updates server example, updates copyright year. --- wrapper/python/wolfssl/.centos-provisioner.sh | 16 ++- wrapper/python/wolfssl/.gitignore | 3 - wrapper/python/wolfssl/.ubuntu-provisioner.sh | 10 +- wrapper/python/wolfssl/Makefile | 58 ++++++++ wrapper/python/wolfssl/Vagrantfile | 21 +-- wrapper/python/wolfssl/examples/server.py | 136 +++++++++++++++--- wrapper/python/wolfssl/setup.py | 2 +- .../python/wolfssl/src/wolfssl/__about__.py | 2 +- .../python/wolfssl/src/wolfssl/__init__.py | 2 +- wrapper/python/wolfssl/src/wolfssl/_memory.py | 2 +- .../python/wolfssl/src/wolfssl/_methods.py | 2 +- .../python/wolfssl/src/wolfssl/build_ffi.py | 2 +- .../python/wolfssl/src/wolfssl/exceptions.py | 2 +- wrapper/python/wolfssl/src/wolfssl/utils.py | 2 +- wrapper/python/wolfssl/test/conftest.py | 2 +- wrapper/python/wolfssl/test/test_client.py | 2 +- wrapper/python/wolfssl/test/test_context.py | 2 +- wrapper/python/wolfssl/test/test_methods.py | 2 +- wrapper/python/wolfssl/test/test_server.py | 64 --------- 19 files changed, 210 insertions(+), 122 deletions(-) create mode 100644 wrapper/python/wolfssl/Makefile delete mode 100644 wrapper/python/wolfssl/test/test_server.py diff --git a/wrapper/python/wolfssl/.centos-provisioner.sh b/wrapper/python/wolfssl/.centos-provisioner.sh index 8ce2cad66..84d6a0173 100644 --- a/wrapper/python/wolfssl/.centos-provisioner.sh +++ b/wrapper/python/wolfssl/.centos-provisioner.sh @@ -2,7 +2,8 @@ rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm yum update -yum install -y git autoconf libtool +yum install -y \ + git autoconf libtool libffi-devel python-devel python3-devel python-pip git clone https://github.com/wolfssl/wolfssl.git [ $? -ne 0 ] && echo "\n\nCouldn't download wolfssl.\n\n" && exit 1 @@ -18,9 +19,16 @@ mv wolfssl.conf /etc/ld.so.conf ldconfig popd + rm -rf wolfssl -yum install -y libffi-devel python-devel python-pip +pushd /vagrant -pip install wolfssl -[ $? -ne 0 ] && echo "\n\nCouldn't install wolfssl.\n\n" && exit 1 +pip install -r requirements-testing.txt + +make check + +popd + +# pip install wolfssl +# [ $? -ne 0 ] && echo "\n\nCouldn't install wolfssl.\n\n" && exit 1 diff --git a/wrapper/python/wolfssl/.gitignore b/wrapper/python/wolfssl/.gitignore index 101697443..361059ad0 100644 --- a/wrapper/python/wolfssl/.gitignore +++ b/wrapper/python/wolfssl/.gitignore @@ -16,6 +16,3 @@ htmlcov/ # Sphinx documentation docs/_build/ - -# Virtual env -.env diff --git a/wrapper/python/wolfssl/.ubuntu-provisioner.sh b/wrapper/python/wolfssl/.ubuntu-provisioner.sh index 4b5b28a3d..075a93994 100644 --- a/wrapper/python/wolfssl/.ubuntu-provisioner.sh +++ b/wrapper/python/wolfssl/.ubuntu-provisioner.sh @@ -25,13 +25,9 @@ pushd /vagrant pip install -r requirements-testing.txt -rm src/wolfssl/*.pyc -rm -r src/wolfssl/*.egg-info/ -rm -r test/__pycache__/ - -tox -r -e py27,py34 -- -v +make check popd -#pip install wolfssl -#[ $? -ne 0 ] && echo -e "\n\nCouldn't install wolfssl.\n\n" && exit 1 +# pip install wolfssl +# [ $? -ne 0 ] && echo -e "\n\nCouldn't install wolfssl.\n\n" && exit 1 diff --git a/wrapper/python/wolfssl/Makefile b/wrapper/python/wolfssl/Makefile new file mode 100644 index 000000000..15e64349e --- /dev/null +++ b/wrapper/python/wolfssl/Makefile @@ -0,0 +1,58 @@ +# Makefile +# +# Copyright (C) 2006-2017 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +.PHONY : all clean clean-build clean-pyc clean-test install test upload + +# builds the module +all : + python ./setup.py build + +#builds and installs the module +install : all + python ./setup.py install + +## removes all build, test, coverage and Python artifacts +clean : clean-test clean-build clean-pyc + +## removes test and coverage artifacts +clean-test : + rm -rf .coverage .tox/ htmlcov/ + +## removes build artifacts +clean-build : + rm -rf build/ dist/ .eggs/ + find . -name '*.egg-info' -exec rm -rf {} + + find . -name '*.egg' -exec rm -v {} + + +## removes Python file artifacts +clean-pyc : + find src test -name '__pycache__' -exec rm -rf {} + + find src test -name '*.pyc' -exec rm -f {} + + find src test -name '*.pyo' -exec rm -f {} + + +# runs unit tests +check : test + +test : clean-pyc + tox + +# publishes module at pypi +upload : test + python ./setup.py sdist upload diff --git a/wrapper/python/wolfssl/Vagrantfile b/wrapper/python/wolfssl/Vagrantfile index e164331df..cd83995c6 100644 --- a/wrapper/python/wolfssl/Vagrantfile +++ b/wrapper/python/wolfssl/Vagrantfile @@ -1,14 +1,17 @@ # -*- mode: ruby -*- # vi: set ft=ruby : -BOX = "ubuntu" VAGRANTFILE_API_VERSION = "2" Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - if BOX == "ubuntu" - config.vm.box = "ubuntu/trusty64" - config.vm.provision "shell", path: ".ubuntu-provisioner.sh" - else - config.vm.box = "moisesguimaraes/centos72-64" - config.vm.provision "shell", path: ".centos-provisioner.sh" - end -end + + config.vm.define "default" do |default| + default.vm.box = "ubuntu/trusty64" + default.vm.provision "shell", path: ".ubuntu-provisioner.sh" + end + + config.vm.define "centos", autostart: false do |centos| + centos.vm.box = "moisesguimaraes/centos72-64" + centos.vm.provision "shell", path: ".centos-provisioner.sh" + end + +end \ No newline at end of file diff --git a/wrapper/python/wolfssl/examples/server.py b/wrapper/python/wolfssl/examples/server.py index 428ee3056..6d4074716 100755 --- a/wrapper/python/wolfssl/examples/server.py +++ b/wrapper/python/wolfssl/examples/server.py @@ -4,7 +4,7 @@ # # server.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # @@ -26,6 +26,7 @@ import sys import socket +import argparse try: import wolfssl @@ -33,32 +34,121 @@ except ImportError: print("You must run 'python setup.py install' to use the examples") sys.exit() -bind_socket = socket.socket() -bind_socket.bind(('', 0)) -bind_socket.listen(5) +def build_arg_parser(): + parser = argparse.ArgumentParser(add_help=False) -print("Server listening on port", bind_socket.getsockname()[1]) + parser.add_argument( + "-?", "--help", action="help", + help="show this help message and exit" + ) -while True: - try: - secure_socket = None + parser.add_argument( + "-p", metavar="port", type=int, default=11111, + help="Port to listen on, not 0, default 11111" + ) - new_socket, from_addr = bind_socket.accept() + parser.add_argument( + "-v", metavar="version", type=int, choices=[0, 1, 2, 3], default=3, + help="SSL version [0-3], SSLv3(0) - TLS1.2(3)), default 3" + ) - secure_socket = wolfssl.wrap_socket( - new_socket, - server_side=True, - certfile="certs/server-cert.pem", - keyfile="certs/server-key.pem") + parser.add_argument( + "-l", metavar="ciphers", type=str, default="", + help="Cipher suite list (: delimited)" + ) - print(secure_socket.read()) - secure_socket.write(b"I hear you fa shizzle!") + parser.add_argument( + "-c", metavar="certificate", default="./certs/server-cert.pem", + help="Certificate file, default ./certs/server-cert.pem" + ) - except KeyboardInterrupt: - print() - break + parser.add_argument( + "-k", metavar="key", default="./certs/server-key.pem", + help="Key file, default ./certs/server-key.pem" + ) - finally: - if secure_socket: - secure_socket.shutdown(socket.SHUT_RDWR) - secure_socket.close() + parser.add_argument( + "-A", metavar="ca_file", default="./certs/client-cert.pem", + help="Certificate Authority file, default ./certs/client-cert.pem" + ) + + parser.add_argument( + "-d", action="store_true", + help="Disable client cert check" + ) + + parser.add_argument( + "-b", action="store_true", + help="Bind to any interface instead of localhost only" + ) + + parser.add_argument( + "-i", action="store_true", + help="Loop indefinitely (allow repeated connections)" + ) + + return parser + + +def get_method(index): + return ( + wolfssl.PROTOCOL_SSLv3, + wolfssl.PROTOCOL_TLSv1, + wolfssl.PROTOCOL_TLSv1_1, + wolfssl.PROTOCOL_TLSv1_2 + )[index] + + +def main(): + args = build_arg_parser().parse_args() + print(args) + + bind_socket = socket.socket() + bind_socket.bind(("" if args.b else "localhost", args.p)) + bind_socket.listen(5) + + print("Server listening on port", bind_socket.getsockname()[1]) + + context = wolfssl.SSLContext(get_method(args.v), server_side=True) + + context.load_cert_chain(args.c, args.k) + + if args.d: + context.verify_mode = wolfssl.CERT_NONE + else: + context.verify_mode = wolfssl.CERT_REQUIRED + context.load_verify_locations(args.A) + + if args.l: + context.set_ciphers(args.l) + + while True: + try: + secure_socket = None + + new_socket, from_addr = bind_socket.accept() + + secure_socket = context.wrap_socket(new_socket) + + print("Connection received from", from_addr) + + print("\n", secure_socket.read(), "\n") + secure_socket.write(b"I hear you fa shizzle!") + + except KeyboardInterrupt: + print() + break + + finally: + if secure_socket: + secure_socket.shutdown(socket.SHUT_RDWR) + secure_socket.close() + + if not args.i: + break + + bind_socket.close() + + +if __name__ == '__main__': + main() diff --git a/wrapper/python/wolfssl/setup.py b/wrapper/python/wolfssl/setup.py index a89cb2425..727fa9efb 100755 --- a/wrapper/python/wolfssl/setup.py +++ b/wrapper/python/wolfssl/setup.py @@ -3,7 +3,7 @@ # # setup.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/src/wolfssl/__about__.py b/wrapper/python/wolfssl/src/wolfssl/__about__.py index 6d4e219a6..b85588f63 100644 --- a/wrapper/python/wolfssl/src/wolfssl/__about__.py +++ b/wrapper/python/wolfssl/src/wolfssl/__about__.py @@ -2,7 +2,7 @@ # # __about__.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/src/wolfssl/__init__.py b/wrapper/python/wolfssl/src/wolfssl/__init__.py index 929674152..a7912d8bb 100644 --- a/wrapper/python/wolfssl/src/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/src/wolfssl/__init__.py @@ -2,7 +2,7 @@ # # __init__.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/src/wolfssl/_memory.py b/wrapper/python/wolfssl/src/wolfssl/_memory.py index 94a641dd5..456f5ad36 100644 --- a/wrapper/python/wolfssl/src/wolfssl/_memory.py +++ b/wrapper/python/wolfssl/src/wolfssl/_memory.py @@ -2,7 +2,7 @@ # # _memory.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/src/wolfssl/_methods.py b/wrapper/python/wolfssl/src/wolfssl/_methods.py index 3fab97904..5c2b9794a 100644 --- a/wrapper/python/wolfssl/src/wolfssl/_methods.py +++ b/wrapper/python/wolfssl/src/wolfssl/_methods.py @@ -2,7 +2,7 @@ # # _methods.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/src/wolfssl/build_ffi.py b/wrapper/python/wolfssl/src/wolfssl/build_ffi.py index 62b26125b..7c912ea50 100644 --- a/wrapper/python/wolfssl/src/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/src/wolfssl/build_ffi.py @@ -2,7 +2,7 @@ # # build_ffi.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/src/wolfssl/exceptions.py b/wrapper/python/wolfssl/src/wolfssl/exceptions.py index 7ff6dede3..4a925ed1a 100644 --- a/wrapper/python/wolfssl/src/wolfssl/exceptions.py +++ b/wrapper/python/wolfssl/src/wolfssl/exceptions.py @@ -2,7 +2,7 @@ # # exceptions.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/src/wolfssl/utils.py b/wrapper/python/wolfssl/src/wolfssl/utils.py index 31fd53b2c..84e003dcf 100644 --- a/wrapper/python/wolfssl/src/wolfssl/utils.py +++ b/wrapper/python/wolfssl/src/wolfssl/utils.py @@ -2,7 +2,7 @@ # # utils.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/test/conftest.py b/wrapper/python/wolfssl/test/conftest.py index c929bfa65..5bb1a023f 100644 --- a/wrapper/python/wolfssl/test/conftest.py +++ b/wrapper/python/wolfssl/test/conftest.py @@ -2,7 +2,7 @@ # # conftest.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/test/test_client.py b/wrapper/python/wolfssl/test/test_client.py index f9495c3b7..029e9c1f0 100644 --- a/wrapper/python/wolfssl/test/test_client.py +++ b/wrapper/python/wolfssl/test/test_client.py @@ -2,7 +2,7 @@ # # test_client.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index db9d6f18d..953f022c7 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -2,7 +2,7 @@ # # test_context.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/test/test_methods.py b/wrapper/python/wolfssl/test/test_methods.py index 70d068c9c..a5cbae30b 100644 --- a/wrapper/python/wolfssl/test/test_methods.py +++ b/wrapper/python/wolfssl/test/test_methods.py @@ -2,7 +2,7 @@ # # test_methods.py # -# Copyright (C) 2006-2016 wolfSSL Inc. +# Copyright (C) 2006-2017 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # diff --git a/wrapper/python/wolfssl/test/test_server.py b/wrapper/python/wolfssl/test/test_server.py deleted file mode 100644 index a48df765e..000000000 --- a/wrapper/python/wolfssl/test/test_server.py +++ /dev/null @@ -1,64 +0,0 @@ -# -*- coding: utf-8 -*- -# -# test_server.py -# -# Copyright (C) 2006-2016 wolfSSL Inc. -# -# This file is part of wolfSSL. (formerly known as CyaSSL) -# -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - -# pylint: disable=missing-docstring, invalid-name, import-error - -import unittest -import socket -import ssl - -HOST = 'localhost' - -class SSLTest(unittest.TestCase): - provider = ssl - - def setUp(self): - # server setup - self.server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.server.bind((HOST, 0)) - self.port = self.server.getsockname()[1] - self.server.listen(1) - - # client setup - self.client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - - def tearDown(self): - self.server.close() - self.server = None - - self.client.close() - self.client = None - - def cleartext(self): - conn = self.server.accept()[0] - secure_server = self.provider.wrap_socket( - conn, server_side=True, - certfile="certs/server_cert.pem", - keyfile="certs/server_key.pem") - - self.client.send(b"server, can you hear me?") - self.assertEqual(b"server, can you hear me?", - secure_server.read(256)) - - conn.send(b"I hear you loud and clear, client.") - self.assertEqual(b"I hear you loud and clear, client.", - self.client.recv(256)) From 51bf46288bbb013f79547e21b42f4b985e71fbd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Wed, 18 Jan 2017 18:18:19 -0200 Subject: [PATCH 37/47] adds client example --- wrapper/python/wolfssl/examples/client.py | 140 ++++++++++++++++++++++ wrapper/python/wolfssl/examples/server.py | 4 +- 2 files changed, 141 insertions(+), 3 deletions(-) create mode 100755 wrapper/python/wolfssl/examples/client.py diff --git a/wrapper/python/wolfssl/examples/client.py b/wrapper/python/wolfssl/examples/client.py new file mode 100755 index 000000000..33ab063b6 --- /dev/null +++ b/wrapper/python/wolfssl/examples/client.py @@ -0,0 +1,140 @@ +#!/usr/bin/env python +# +# -*- coding: utf-8 -*- +# +# client.py +# +# Copyright (C) 2006-2017 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# pylint: disable=missing-docstring, invalid-name, import-error + +import sys +import socket +import argparse + +try: + import wolfssl +except ImportError: + print("You must run 'python setup.py install' to use the examples") + sys.exit() + +def build_arg_parser(): + parser = argparse.ArgumentParser(add_help=False) + + parser.add_argument( + "-?", "--help", action="help", + help="show this help message and exit" + ) + + parser.add_argument( + "-h", metavar="host", default="127.0.0.1", + help="Host to connect to, default 127.0.0.1" + ) + + parser.add_argument( + "-p", metavar="port", type=int, default=11111, + help="Port to connect on, not 0, default 11111" + ) + + parser.add_argument( + "-v", metavar="version", type=int, choices=[0, 1, 2, 3], default=3, + help="SSL version [0-3], SSLv3(0) - TLS1.2(3)), default 3" + ) + + parser.add_argument( + "-l", metavar="ciphers", type=str, default="", + help="Cipher suite list (: delimited)" + ) + + parser.add_argument( + "-c", metavar="certificate", default="./certs/client-cert.pem", + help="Certificate file, default ./certs/client-cert.pem" + ) + + parser.add_argument( + "-k", metavar="key", default="./certs/client-key.pem", + help="Key file, default ./certs/client-key.pem" + ) + + parser.add_argument( + "-A", metavar="ca_file", default="./certs/ca-cert.pem", + help="Certificate Authority file, default ./certs/ca-cert.pem" + ) + + parser.add_argument( + "-d", action="store_true", + help="Disable client cert check" + ) + + parser.add_argument( + "-g", action="store_true", + help="Send server HTTP GET" + ) + + return parser + + +def get_method(index): + return ( + wolfssl.PROTOCOL_SSLv3, + wolfssl.PROTOCOL_TLSv1, + wolfssl.PROTOCOL_TLSv1_1, + wolfssl.PROTOCOL_TLSv1_2 + )[index] + + +def main(): + args = build_arg_parser().parse_args() + + bind_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) + + context = wolfssl.SSLContext(get_method(args.v)) + + context.load_cert_chain(args.c, args.k) + + if args.d: + context.verify_mode = wolfssl.CERT_NONE + else: + context.verify_mode = wolfssl.CERT_REQUIRED + context.load_verify_locations(args.A) + + if args.l: + context.set_ciphers(args.l) + + try: + secure_socket = context.wrap_socket(bind_socket) + + secure_socket.connect((args.h, args.p)) + + if args.g: + secure_socket.write(b"GET / HTTP/1.1\n\n") + else: + secure_socket.write(b"hello wolfssl") + + print("\n", secure_socket.read(), "\n") + + except KeyboardInterrupt: + print() + + finally: + secure_socket.close() + + +if __name__ == '__main__': + main() diff --git a/wrapper/python/wolfssl/examples/server.py b/wrapper/python/wolfssl/examples/server.py index 6d4074716..db78afdf6 100755 --- a/wrapper/python/wolfssl/examples/server.py +++ b/wrapper/python/wolfssl/examples/server.py @@ -101,9 +101,8 @@ def get_method(index): def main(): args = build_arg_parser().parse_args() - print(args) - bind_socket = socket.socket() + bind_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) bind_socket.bind(("" if args.b else "localhost", args.p)) bind_socket.listen(5) @@ -141,7 +140,6 @@ def main(): finally: if secure_socket: - secure_socket.shutdown(socket.SHUT_RDWR) secure_socket.close() if not args.i: From feb6617dc914de88ffa53704e49e81b70187e1e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Wed, 18 Jan 2017 18:41:15 -0200 Subject: [PATCH 38/47] updates centos provisioner --- wrapper/python/wolfssl/.centos-provisioner.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/wrapper/python/wolfssl/.centos-provisioner.sh b/wrapper/python/wolfssl/.centos-provisioner.sh index 84d6a0173..302b64c7c 100644 --- a/wrapper/python/wolfssl/.centos-provisioner.sh +++ b/wrapper/python/wolfssl/.centos-provisioner.sh @@ -1,11 +1,13 @@ [ "$(whoami)" != "root" ] && echo "Sorry, you are not root." && exit 1 -rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm +rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm yum update yum install -y \ - git autoconf libtool libffi-devel python-devel python3-devel python-pip + git autoconf libtool libffi-devel python-devel python34-devel python2-pip -git clone https://github.com/wolfssl/wolfssl.git +pip install -U pip setuptools + +git clone --depth 1 https://github.com/wolfssl/wolfssl.git [ $? -ne 0 ] && echo "\n\nCouldn't download wolfssl.\n\n" && exit 1 pushd wolfssl From a761a7fc64dd507ed74abd311789addc8d4e890c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Wed, 18 Jan 2017 19:19:03 -0200 Subject: [PATCH 39/47] updates provisioners --- wrapper/python/wolfssl/.centos-provisioner.sh | 8 +++++--- wrapper/python/wolfssl/.ubuntu-provisioner.sh | 5 ++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/wrapper/python/wolfssl/.centos-provisioner.sh b/wrapper/python/wolfssl/.centos-provisioner.sh index 302b64c7c..fc0ec19a7 100644 --- a/wrapper/python/wolfssl/.centos-provisioner.sh +++ b/wrapper/python/wolfssl/.centos-provisioner.sh @@ -1,7 +1,7 @@ [ "$(whoami)" != "root" ] && echo "Sorry, you are not root." && exit 1 -rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm -yum update +rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + yum install -y \ git autoconf libtool libffi-devel python-devel python34-devel python2-pip @@ -28,7 +28,9 @@ pushd /vagrant pip install -r requirements-testing.txt -make check +make clean + +tox -epy27,py34 -- -v popd diff --git a/wrapper/python/wolfssl/.ubuntu-provisioner.sh b/wrapper/python/wolfssl/.ubuntu-provisioner.sh index 075a93994..30ee7f6fc 100644 --- a/wrapper/python/wolfssl/.ubuntu-provisioner.sh +++ b/wrapper/python/wolfssl/.ubuntu-provisioner.sh @@ -1,6 +1,7 @@ [ "$(whoami)" != "root" ] && echo "Sorry, you are not root." && exit 1 apt-get update + apt-get install -y \ git autoconf libtool python-dev python3-dev python-pip libffi-dev @@ -25,7 +26,9 @@ pushd /vagrant pip install -r requirements-testing.txt -make check +make clean + +tox -epy27,py34 -- -v popd From 00a74d0da4a1d0babeb52e840408527c35991413 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 31 Jan 2017 14:00:59 -0300 Subject: [PATCH 40/47] adds initial doc files --- wrapper/python/wolfssl/LICENSING.rst | 6 +- wrapper/python/wolfssl/Makefile | 5 +- wrapper/python/wolfssl/README.rst | 126 +++----- wrapper/python/wolfssl/docs/Makefile | 230 ++++++++++++++ wrapper/python/wolfssl/docs/api.rst | 23 ++ wrapper/python/wolfssl/docs/conf.py | 300 ++++++++++++++++++ wrapper/python/wolfssl/docs/index.rst | 15 + wrapper/python/wolfssl/docs/installation.rst | 1 + wrapper/python/wolfssl/docs/licensing.rst | 1 + wrapper/python/wolfssl/docs/usage.rst | 8 + .../python/wolfssl/src/wolfssl/__init__.py | 1 + 11 files changed, 624 insertions(+), 92 deletions(-) create mode 100644 wrapper/python/wolfssl/docs/Makefile create mode 100644 wrapper/python/wolfssl/docs/api.rst create mode 100644 wrapper/python/wolfssl/docs/conf.py create mode 100644 wrapper/python/wolfssl/docs/index.rst create mode 100644 wrapper/python/wolfssl/docs/installation.rst create mode 100644 wrapper/python/wolfssl/docs/licensing.rst create mode 100644 wrapper/python/wolfssl/docs/usage.rst diff --git a/wrapper/python/wolfssl/LICENSING.rst b/wrapper/python/wolfssl/LICENSING.rst index 88cfaea39..2fc46fc9c 100644 --- a/wrapper/python/wolfssl/LICENSING.rst +++ b/wrapper/python/wolfssl/LICENSING.rst @@ -1,12 +1,12 @@ Licensing ---------- +========= wolfSSL’s software is available under two distinct licensing models: open source and standard commercial licensing. Please see the relevant section below for information on each type of license. Open Source -~~~~~~~~~~~ +----------- wolfCrypt and wolfSSL software are free software downloads and may be modified to the needs of the user as long as the user adheres to version two of the GPL @@ -14,7 +14,7 @@ License. The GPLv2 license can be found on the `gnu.org website `_. Commercial Licensing -~~~~~~~~~~~~~~~~~~~~ +-------------------- Businesses and enterprises who wish to incorporate wolfSSL products into proprietary appliances or other commercial software products for diff --git a/wrapper/python/wolfssl/Makefile b/wrapper/python/wolfssl/Makefile index 15e64349e..f2ac26192 100644 --- a/wrapper/python/wolfssl/Makefile +++ b/wrapper/python/wolfssl/Makefile @@ -18,7 +18,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -.PHONY : all clean clean-build clean-pyc clean-test install test upload +.PHONY : all clean clean-build clean-pyc clean-test install test docs upload # builds the module all : @@ -53,6 +53,9 @@ check : test test : clean-pyc tox +docs : + $(MAKE) -C docs singlehtml + # publishes module at pypi upload : test python ./setup.py sdist upload diff --git a/wrapper/python/wolfssl/README.rst b/wrapper/python/wolfssl/README.rst index 768be917f..1a8e7250a 100644 --- a/wrapper/python/wolfssl/README.rst +++ b/wrapper/python/wolfssl/README.rst @@ -1,40 +1,33 @@ +Welcome +======= - -wolfssl: the wolfSSL Inc. SSL/TLS library -========================================= - -**wolfssl Python**, a.k.a. ``wolfssl`` is a Python library that encapsulates -**wolfSSL's C SSL/TLS library**. - -`wolfssl `_ is a -lightweight C-language-based SSL/TLS library targeted for embedded, RTOS, or +``wolfssl Python`` is a Python module that encapsulates ``wolfssl C``, a `lightweight C-language-based SSL/TLS library `_ targeted for embedded, RTOS, or resource-constrained environments primarily because of its small size, speed, -and portability. wolfSSL supports industry standards up to the current TLS 1.2 -and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, -lightweight, portable, C-language-based crypto library offers a simple API, an -OpenSSL compatibility layer, OCSP and CRL support, and offers several -progressive ciphers. - +and portability. Installation ------------- +============ -In order to use ``wolfssl``, first you'll need to install ``wolfssl`` C -embedded SSL/TLS library. +In order to use ``wolfssl Python``, you'll also need to install ``wolfssl C``. -Installing ``wolfssl`` C SSL/TLS library: -~~~~~~~~~~~~~~~~~~~~~~~~ +Mac OSX +------- -**Mac OSX** +Installing from ``homebrew`` and ``pip`` package managers: -.. code-block:: console +.. code-block:: shell + # wolfssl C installation brew install wolfssl -or + # wolfssl Python installation + sudo -H pip install wolfssl -.. code-block:: console +Installing from ``source code``: +.. code-block:: shell + + # wolfssl C installation git clone https://github.com/wolfssl/wolfssl.git cd wolfssl/ ./autogen.sh @@ -42,14 +35,22 @@ or make sudo make install + # wolfssl Python installation + cd wrapper/python/wolfssl + sudo make install -**Ubuntu** -.. code-block:: console +Linux +----- +.. code-block:: shell + + # dependencies installation sudo apt-get update sudo apt-get install -y git autoconf libtool + sudo apt-get install -y python-dev python3-dev python-pip libffi-dev + # wolfssl C installation git clone https://github.com/wolfssl/wolfssl.git cd wolfssl/ ./autogen.sh @@ -59,86 +60,35 @@ or sudo ldconfig -**CentOS** - -.. code-block:: console - - sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm - sudo yum update - sudo yum install -y git autoconf libtool - - git clone git@github.com:wolfssl/wolfssl.git - cd wolfssl - ./autogen.sh - ./configure --enable-sha512 - make - sudo make install - - echo /usr/local/lib > wolfssl.conf - sudo mv wolfssl.conf /etc/ld.so.conf - sudo ldconfig - - -Installing ``wolfssl`` python module: -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -**Mac OSX** - -.. code-block:: console - + # wolfssl Python installation sudo -H pip install wolfssl -**Ubuntu** +Testing +======= -.. code-block:: console - - sudo apt-get install -y python-dev python3-dev python-pip libffi-dev - sudo -H pip install wolfssl - - -**CentOS** - -.. code-block:: console - - sudo yum install -y python-devel python3-devel python-pip libffi-devel - sudo -H pip install wolfssl - - -Testing ``wolfssl`` python module: -~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - python -c "from wolfssl.hashes import Sha; print Sha().hexdigest()" - -expected output: **da39a3ee5e6b4b0d3255bfef95601890afd80709** - - -Testing ``wolfssl``'s source code with ``tox`` : -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To run the unit tests in the source code, you'll need ``tox`` and a few other -requirements. The source code relies at 'WOLFSSL_DIR/wrapper/python/wolfssl' -where WOLFSSL_DIR is the path of ``wolfssl``'s source code. +To run the tox tests in the source code, you'll need ``tox`` and a few other +requirements. The source code relies at **WOLFSSL_DIR/wrapper/python/wolfssl** +where **WOLFSSL_DIR** is the path of ``wolfssl C``'s source code. 1. Make sure that the testing requirements are installed: -.. code-block:: console +.. code-block:: shell - $ sudo -H pip install -r requirements-testing.txt + sudo -H pip install -r requirements-testing.txt -2. Run ``tox``: +2. Run ``make check``: .. code-block:: console - $ tox + $ make check ... _________________________________ summary _________________________________ py27: commands succeeded SKIPPED: py34: InterpreterNotFound: python3.4 py35: commands succeeded + py36: commands succeeded congratulations :) Note: the test is performed using multiple versions of python. If you are diff --git a/wrapper/python/wolfssl/docs/Makefile b/wrapper/python/wolfssl/docs/Makefile new file mode 100644 index 000000000..c552bc9b3 --- /dev/null +++ b/wrapper/python/wolfssl/docs/Makefile @@ -0,0 +1,230 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = _build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) + $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . + +.PHONY: help +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " applehelp to make an Apple Help Book" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " epub3 to make an epub3" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + @echo " coverage to run coverage check of the documentation (if enabled)" + @echo " dummy to check syntax errors of document sources" + +.PHONY: clean +clean: + rm -rf $(BUILDDIR)/* + +.PHONY: html +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +.PHONY: dirhtml +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +.PHONY: singlehtml +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +.PHONY: pickle +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +.PHONY: json +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +.PHONY: htmlhelp +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +.PHONY: qthelp +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/wolfcrypt.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/wolfcrypt.qhc" + +.PHONY: applehelp +applehelp: + $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp + @echo + @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." + @echo "N.B. You won't be able to view it unless you put it in" \ + "~/Library/Documentation/Help or install it in your application" \ + "bundle." + +.PHONY: devhelp +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/wolfcrypt" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/wolfcrypt" + @echo "# devhelp" + +.PHONY: epub +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +.PHONY: epub3 +epub3: + $(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3 + @echo + @echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3." + +.PHONY: latex +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +.PHONY: latexpdf +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +.PHONY: latexpdfja +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +.PHONY: text +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +.PHONY: man +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +.PHONY: texinfo +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +.PHONY: info +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +.PHONY: gettext +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +.PHONY: changes +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +.PHONY: linkcheck +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +.PHONY: doctest +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +.PHONY: coverage +coverage: + $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage + @echo "Testing of coverage in the sources finished, look at the " \ + "results in $(BUILDDIR)/coverage/python.txt." + +.PHONY: xml +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +.PHONY: pseudoxml +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." + +.PHONY: dummy +dummy: + $(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy + @echo + @echo "Build finished. Dummy builder generates no files." diff --git a/wrapper/python/wolfssl/docs/api.rst b/wrapper/python/wolfssl/docs/api.rst new file mode 100644 index 000000000..04beebb85 --- /dev/null +++ b/wrapper/python/wolfssl/docs/api.rst @@ -0,0 +1,23 @@ +API +=== + +.. module:: wolfssl + +SSL/TLS Context +--------------- + +SSLContext +~~~~~~~~~~ + +.. autoclass:: SSLContext + :members: + +SSL/TLS Socket +-------------- + + +SSLSocket +~~~~~~~~~ + +.. autoclass:: SSLSocket + :members: diff --git a/wrapper/python/wolfssl/docs/conf.py b/wrapper/python/wolfssl/docs/conf.py new file mode 100644 index 000000000..612116f38 --- /dev/null +++ b/wrapper/python/wolfssl/docs/conf.py @@ -0,0 +1,300 @@ +# -*- coding: utf-8 -*- +# +# wolfcrypt documentation build configuration file, created by +# sphinx-quickstart on Fri Apr 29 16:47:53 2016. +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +# pylint: disable=invalid-name, redefined-builtin, exec-used + +import os +import sphinx_rtd_theme + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +#sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +#needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'sphinx.ext.doctest', + 'sphinx.ext.coverage', + 'sphinx.ext.viewcode', + 'sphinx.ext.githubpages', +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'wolfssl Python' +copyright = u'2017, wolfSSL Inc. All rights reserved' +author = u'wolfSSL' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# + +base_dir = os.path.join(os.path.dirname(__file__), os.pardir, "src") +about = {} +with open(os.path.join(base_dir, "wolfssl", "__about__.py")) as f: + exec(f.read(), about) + +version = release = about["__version__"] + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +# This patterns also effect to html_static_path and html_extra_path +exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +#keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'sphinx_rtd_theme' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] + +# The name for this set of Sphinx documents. +# " v documentation" by default. +#html_title = u'%s v%s' % (project, release) + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (relative to this directory) to use as a favicon of +# the docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +#html_extra_path = [] + +# If not None, a 'Last updated on:' timestamp is inserted at every page +# bottom, using the given strftime format. +# The empty string is equivalent to '%b %d, %Y'. +#html_last_updated_fmt = None + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_domain_indices = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +#html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr', 'zh' +#html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# 'ja' uses this config value. +# 'zh' user can custom change `jieba` dictionary path. +#html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +#html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'wolfssl-pydoc' + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { +# The paper size ('letterpaper' or 'a4paper'). +#'papersize': 'letterpaper', + +# The font size ('10pt', '11pt' or '12pt'). +#'pointsize': '10pt', + +# Additional stuff for the LaTeX preamble. +#'preamble': '', + +# Latex figure (float) alignment +#'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, 'wolfssl.tex', u'wolfssl Python Documentation', + u'wolfSSL', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# If true, show page references after internal links. +#latex_show_pagerefs = False + +# If true, show URL addresses after external links. +#latex_show_urls = False + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, 'wolfssl', u'wolfssl Python Documentation', + [author], 1) +] + +# If true, show URL addresses after external links. +#man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, 'wolfssl', u'wolfssl Python Documentation', + author, 'wolfssl', 'One line description of project.', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +#texinfo_no_detailmenu = False + +# Preserves the order of the members, doesn't sorts them alphabetically. +autodoc_member_order = 'bysource' diff --git a/wrapper/python/wolfssl/docs/index.rst b/wrapper/python/wolfssl/docs/index.rst new file mode 100644 index 000000000..366d37f47 --- /dev/null +++ b/wrapper/python/wolfssl/docs/index.rst @@ -0,0 +1,15 @@ +.. include:: ../README.rst + +Summary +------- + +.. toctree:: + :maxdepth: 1 + + context + socket + +.. automodule:: wolfssl + :members: + +.. include:: ../LICENSING.rst diff --git a/wrapper/python/wolfssl/docs/installation.rst b/wrapper/python/wolfssl/docs/installation.rst new file mode 100644 index 000000000..6b2b3ec68 --- /dev/null +++ b/wrapper/python/wolfssl/docs/installation.rst @@ -0,0 +1 @@ +.. include:: ../README.rst \ No newline at end of file diff --git a/wrapper/python/wolfssl/docs/licensing.rst b/wrapper/python/wolfssl/docs/licensing.rst new file mode 100644 index 000000000..f5cc633bb --- /dev/null +++ b/wrapper/python/wolfssl/docs/licensing.rst @@ -0,0 +1 @@ +.. include:: ../LICENSING.rst diff --git a/wrapper/python/wolfssl/docs/usage.rst b/wrapper/python/wolfssl/docs/usage.rst new file mode 100644 index 000000000..c6029a7fe --- /dev/null +++ b/wrapper/python/wolfssl/docs/usage.rst @@ -0,0 +1,8 @@ +Usage +===== + +SSL/TLS Client +-------------- + +SSL/TLS Server +-------------- diff --git a/wrapper/python/wolfssl/src/wolfssl/__init__.py b/wrapper/python/wolfssl/src/wolfssl/__init__.py index a7912d8bb..27d081ca2 100644 --- a/wrapper/python/wolfssl/src/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/src/wolfssl/__init__.py @@ -19,6 +19,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + import sys import errno from socket import ( From e33d4c01729d0ab5ee79d084f82ea36dbea8954d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 5 Feb 2017 18:51:13 -0300 Subject: [PATCH 41/47] adds full docs --- wrapper/python/wolfssl/Makefile | 10 +- wrapper/python/wolfssl/README.rst | 8 +- wrapper/python/wolfssl/docs/api.rst | 16 ++-- wrapper/python/wolfssl/docs/examples.rst | 95 +++++++++++++++++++ wrapper/python/wolfssl/docs/index.rst | 12 +-- wrapper/python/wolfssl/docs/installation.rst | 1 - wrapper/python/wolfssl/docs/licensing.rst | 1 - wrapper/python/wolfssl/docs/usage.rst | 91 ++++++++++++++++-- .../python/wolfssl/src/wolfssl/__init__.py | 44 ++++----- 9 files changed, 225 insertions(+), 53 deletions(-) create mode 100644 wrapper/python/wolfssl/docs/examples.rst delete mode 100644 wrapper/python/wolfssl/docs/installation.rst delete mode 100644 wrapper/python/wolfssl/docs/licensing.rst diff --git a/wrapper/python/wolfssl/Makefile b/wrapper/python/wolfssl/Makefile index f2ac26192..ec5288e50 100644 --- a/wrapper/python/wolfssl/Makefile +++ b/wrapper/python/wolfssl/Makefile @@ -18,7 +18,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -.PHONY : all clean clean-build clean-pyc clean-test install test docs upload +.PHONY : all clean clean-build clean-pyc clean-test clean-docs install test docs upload # builds the module all : @@ -29,7 +29,7 @@ install : all python ./setup.py install ## removes all build, test, coverage and Python artifacts -clean : clean-test clean-build clean-pyc +clean : clean-test clean-build clean-pyc clean-docs ## removes test and coverage artifacts clean-test : @@ -47,6 +47,10 @@ clean-pyc : find src test -name '*.pyc' -exec rm -f {} + find src test -name '*.pyo' -exec rm -f {} + +## removes documentation file artifacts +clean-docs : + $(MAKE) -C docs clean + # runs unit tests check : test @@ -54,7 +58,7 @@ test : clean-pyc tox docs : - $(MAKE) -C docs singlehtml + $(MAKE) -C docs html # publishes module at pypi upload : test diff --git a/wrapper/python/wolfssl/README.rst b/wrapper/python/wolfssl/README.rst index 1a8e7250a..f55ee06bb 100644 --- a/wrapper/python/wolfssl/README.rst +++ b/wrapper/python/wolfssl/README.rst @@ -6,12 +6,12 @@ resource-constrained environments primarily because of its small size, speed, and portability. Installation -============ +------------ In order to use ``wolfssl Python``, you'll also need to install ``wolfssl C``. Mac OSX -------- +~~~~~~~ Installing from ``homebrew`` and ``pip`` package managers: @@ -41,7 +41,7 @@ Installing from ``source code``: Linux ------ +~~~~~ .. code-block:: shell @@ -65,7 +65,7 @@ Linux Testing -======= +------- To run the tox tests in the source code, you'll need ``tox`` and a few other requirements. The source code relies at **WOLFSSL_DIR/wrapper/python/wolfssl** diff --git a/wrapper/python/wolfssl/docs/api.rst b/wrapper/python/wolfssl/docs/api.rst index 04beebb85..e6d2538ae 100644 --- a/wrapper/python/wolfssl/docs/api.rst +++ b/wrapper/python/wolfssl/docs/api.rst @@ -1,23 +1,21 @@ -API -=== +API Documentation +================= .. module:: wolfssl +wrap_socket +----------- + +.. autofunction:: wrap_socket + SSL/TLS Context --------------- -SSLContext -~~~~~~~~~~ - .. autoclass:: SSLContext :members: SSL/TLS Socket -------------- - -SSLSocket -~~~~~~~~~ - .. autoclass:: SSLSocket :members: diff --git a/wrapper/python/wolfssl/docs/examples.rst b/wrapper/python/wolfssl/docs/examples.rst new file mode 100644 index 000000000..5d2279f62 --- /dev/null +++ b/wrapper/python/wolfssl/docs/examples.rst @@ -0,0 +1,95 @@ +Client and Server Examples +========================== + +SSL/TLS Client Example +---------------------- + +.. code-block:: python + + import socket + import wolfssl + + CA_DATA = \ + """ + -----BEGIN CERTIFICATE----- + MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs + MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 + d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j + ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL + MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 + LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug + RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm + +9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW + PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM + xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB + Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 + hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg + EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF + MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA + FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec + nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z + eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF + hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 + Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe + vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep + +OkuE6N36B9K + -----END CERTIFICATE----- + """ + + bind_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) + + context = wolfssl.SSLContext(wolfssl.PROTOCOL_TLSv1_2) + + context.verify_mode = wolfssl.CERT_REQUIRED + context.load_verify_locations(cadata=CA_DATA) + + secure_socket = context.wrap_socket(bind_socket) + + secure_socket.connect(("www.python.org", 443)) + + secure_socket.write(b"GET / HTTP/1.1\n\n") + + print(secure_socket.read()) + + secure_socket.close() + + +SSL/TLS Server Example +---------------------- + +.. code-block:: python + + import socket + import wolfssl + + bind_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) + + bind_socket.bind(("", 4433)) + bind_socket.listen(5) + + context = wolfssl.SSLContext(wolfssl.PROTOCOL_TLSv1_2, server_side=True) + + context.load_cert_chain("certs/server-cert.pem", "certs/server-key.pem") + + while True: + try: + secure_socket = None + + new_socket, from_addr = bind_socket.accept() + + secure_socket = context.wrap_socket(new_socket) + + print("Connection received from", from_addr) + + print("\n", secure_socket.read(), "\n") + secure_socket.write(b"I hear you fa shizzle!") + + except KeyboardInterrupt: + print() + break + + finally: + if secure_socket: + secure_socket.close() + + bind_socket.close() diff --git a/wrapper/python/wolfssl/docs/index.rst b/wrapper/python/wolfssl/docs/index.rst index 366d37f47..41df3bca8 100644 --- a/wrapper/python/wolfssl/docs/index.rst +++ b/wrapper/python/wolfssl/docs/index.rst @@ -1,15 +1,13 @@ .. include:: ../README.rst Summary -------- +======= .. toctree:: - :maxdepth: 1 + :maxdepth: 2 - context - socket - -.. automodule:: wolfssl - :members: + usage + api + examples .. include:: ../LICENSING.rst diff --git a/wrapper/python/wolfssl/docs/installation.rst b/wrapper/python/wolfssl/docs/installation.rst deleted file mode 100644 index 6b2b3ec68..000000000 --- a/wrapper/python/wolfssl/docs/installation.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../README.rst \ No newline at end of file diff --git a/wrapper/python/wolfssl/docs/licensing.rst b/wrapper/python/wolfssl/docs/licensing.rst deleted file mode 100644 index f5cc633bb..000000000 --- a/wrapper/python/wolfssl/docs/licensing.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../LICENSING.rst diff --git a/wrapper/python/wolfssl/docs/usage.rst b/wrapper/python/wolfssl/docs/usage.rst index c6029a7fe..47c2f0981 100644 --- a/wrapper/python/wolfssl/docs/usage.rst +++ b/wrapper/python/wolfssl/docs/usage.rst @@ -1,8 +1,87 @@ -Usage -===== +Basic Usage +=========== -SSL/TLS Client --------------- +The SSL/TLS protocol works securing an underlying TCP connection, this module +adds the secure layer around the Python standard library +`socket `_ module. -SSL/TLS Server --------------- +There are three different paths to secure a socket in this module: + +* Using the top level function wolfssl.wrap_socket(); +* Using the method wrap_socket() from a SSLContext instance; +* Creating an SSLSocket object from the scratch. + +Note 1: + It is possible to use the same SSLContext for multiple SSLSockets to save + time and resources. + +Note 2: + Each path provides its own options for fine-tuning the securint parameters. + Check them out in the API documentation. + + +Using the top level function wolfssl.wrap_socket() +-------------------------------------------------- + +.. code-block:: python + + >>> import socket + >>> import wolfssl + >>> + >>> sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) + >>> + >>> secure_socket = wolfssl.wrap_socket(sock) + >>> + >>> secure_socket.connect(("www.python.org", 443)) + >>> + >>> secure_socket.write(b"GET / HTTP/1.1\n\n") + >>> + >>> print(secure_socket.read()) + b'HTTP/1.1 500 Domain Not Found\r\nServer: Varnish\r\nRetry-After: 0\r\ncontent-type: text/html\r\nCache-Control: private, no-cache\r\nconnection: keep-alive\r\nContent-Length: 179\r\nAccept-Ranges: bytes\r\nDate: Sun, 05 Feb 2017 21:26:48 GMT\r\nVia: 1.1 varnish\r\nConnection: keep-alive\r\n\r\n\n\n\nFastly error: unknown domain \n\n\nFastly error: unknown domain: . Please check that this domain has been added to a service.' + >>> + >>> secure_socket.close() + + +Using the method wrap_socket() from a SSLContext instance +--------------------------------------------------------- + +.. code-block:: python + + >>> import socket + >>> import wolfssl + >>> + >>> sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) + >>> + >>> context = wolfssl.SSLContext(wolfssl.PROTOCOL_TLSv1_2) + >>> + >>> secure_socket = context.wrap_socket(sock) + >>> + >>> secure_socket.connect(("www.python.org", 443)) + >>> + >>> secure_socket.write(b"GET / HTTP/1.1\n\n") + >>> + >>> print(secure_socket.read()) + b'HTTP/1.1 500 Domain Not Found\r\nServer: Varnish\r\nRetry-After: 0\r\ncontent-type: text/html\r\nCache-Control: private, no-cache\r\nconnection: keep-alive\r\nContent-Length: 179\r\nAccept-Ranges: bytes\r\nDate: Sun, 05 Feb 2017 21:26:48 GMT\r\nVia: 1.1 varnish\r\nConnection: keep-alive\r\n\r\n\n\n\nFastly error: unknown domain \n\n\nFastly error: unknown domain: . Please check that this domain has been added to a service.' + >>> + >>> secure_socket.close() + +Creating an SSLSocket object from the scratch +--------------------------------------------- + +.. code-block:: python + + >>> import socket + >>> import wolfssl + >>> + >>> sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) + >>> + >>> secure_socket = wolfssl.SSLSocket(sock) + >>> + >>> secure_socket.connect(("www.python.org", 443)) + >>> + >>> secure_socket.write(b"GET / HTTP/1.1\n\n") + >>> + >>> print(secure_socket.read()) + b'HTTP/1.1 500 Domain Not Found\r\nServer: Varnish\r\nRetry-After: 0\r\ncontent-type: text/html\r\nCache-Control: private, no-cache\r\nconnection: keep-alive\r\nContent-Length: 179\r\nAccept-Ranges: bytes\r\nDate: Sun, 05 Feb 2017 21:26:48 GMT\r\nVia: 1.1 varnish\r\nConnection: keep-alive\r\n\r\n\n\n\nFastly error: unknown domain \n\n\nFastly error: unknown domain: . Please check that this domain has been added to a service.' + >>> + >>> secure_socket.close() diff --git a/wrapper/python/wolfssl/src/wolfssl/__init__.py b/wrapper/python/wolfssl/src/wolfssl/__init__.py index 27d081ca2..6d79fb025 100644 --- a/wrapper/python/wolfssl/src/wolfssl/__init__.py +++ b/wrapper/python/wolfssl/src/wolfssl/__init__.py @@ -187,6 +187,8 @@ class SSLContext(object): The keyfile string, if present, must point to a file containing the private key in. + + The password parameter is not supported yet. """ if password is not None: @@ -453,7 +455,7 @@ class SSLSocket(socket): raise ValueError("buffer not allowed in calls to " "read() on %s" % self.__class__) - data = t2b("\0" * length) + data = _ffi.new('byte[%d]' % length) length = _lib.wolfSSL_read(self.native_object, data, length) if length < 0: @@ -463,7 +465,7 @@ class SSLSocket(socket): else: raise SSLError("wolfSSL_read error (%d)" % err) - return data[:length] if length > 0 else b'' + return _ffi.buffer(data, length)[:] if length > 0 else b'' def recv(self, length=1024, flags=0): @@ -602,19 +604,13 @@ def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, ciphers=None): """ Takes an instance sock of socket.socket, and returns an instance of - wolfssl.SSLSocket, a subtype of socket.socket, which wraps the underlying - socket in an SSL context. sock must be a SOCK_STREAM socket; other socket - types are unsupported. + wolfssl.SSLSocket, wraping the underlying socket in an SSL context. - For client-side sockets, the context construction is lazy; if the underlying - socket isn’t connected yet, the context construction will be performed after - connect() is called on the socket. For server-side sockets, if the socket - has no remote peer, it is assumed to be a listening socket, and the - server-side SSL wrapping is automatically performed on client connections - accepted via the accept() method. wrap_socket() may raise SSLError. + The sock parameter must be a SOCK_STREAM socket; other socket types are + unsupported. - The keyfile and certfile parameters specify optional files which contain a - certificate to be used to identify the local side of the connection. + The keyfile and certfile parameters specify optional files whith proper + key and the certificates used to identify the local side of the connection. The parameter server_side is a boolean which identifies whether server-side or client-side behavior is desired from this socket. @@ -622,9 +618,10 @@ def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, The parameter cert_reqs specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided. It must be one of the three values: - CERT_NONE (certificates ignored) - CERT_OPTIONAL (not required, but validated if provided) - CERT_REQUIRED (required and validated) + + * CERT_NONE (certificates ignored) + * CERT_OPTIONAL (not required, but validated if provided) + * CERT_REQUIRED (required and validated) If the value of this parameter is not CERT_NONE, then the ca_certs parameter must point to a file of CA certificates. @@ -642,12 +639,19 @@ def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, Here’s a table showing which versions in a client (down the side) can connect to which versions in a server (along the top): - | client \\ server | SSLv3 | TLS | TLSv1 | TLSv1.1 | TLSv1.2 | + +------------------+-------+-----+-------+---------+---------+ + | client \\ server | SSLv3 | TLS | TLSv1 | TLSv1.1 | TLSv1.2 | + +------------------+-------+-----+-------+---------+---------+ | SSLv3 | yes | yes | no | no | no | + +------------------+-------+-----+-------+---------+---------+ | TLS (SSLv23) | yes | yes | yes | yes | yes | + +------------------+-------+-----+-------+---------+---------+ | TLSv1 | no | yes | yes | no | no | + +------------------+-------+-----+-------+---------+---------+ | TLSv1.1 | no | yes | no | yes | no | + +------------------+-------+-----+-------+---------+---------+ | TLSv1.2 | no | yes | no | no | yes | + +------------------+-------+-----+-------+---------+---------+ Note: Which connections succeed will vary depending on the versions of the ssl @@ -663,11 +667,7 @@ def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, gives the program control over the blocking behavior of the socket I/O involved in the handshake. - The parameter suppress_ragged_eofs specifies how the SSLSocket.recv() method - should signal unexpected EOF from the other end of the connection. If - specified as True (the default), it returns a normal EOF (an empty bytes - object) in response to unexpected EOF errors raised from the underlying - socket; if False, it will raise the exceptions back to the caller. + The parameter suppress_ragged_eofs is not supported yet. """ return SSLSocket(sock=sock, keyfile=keyfile, certfile=certfile, server_side=server_side, cert_reqs=cert_reqs, From daafb2c5ac6e8037206cd77c4836f97d9339ad8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 5 Feb 2017 18:56:19 -0300 Subject: [PATCH 42/47] changes docs to single page --- wrapper/python/wolfssl/Makefile | 2 +- wrapper/python/wolfssl/README.rst | 8 ++++---- wrapper/python/wolfssl/docs/index.rst | 9 ++------- wrapper/python/wolfssl/docs/installation.rst | 1 + wrapper/python/wolfssl/docs/licensing.rst | 1 + 5 files changed, 9 insertions(+), 12 deletions(-) create mode 100644 wrapper/python/wolfssl/docs/installation.rst create mode 100644 wrapper/python/wolfssl/docs/licensing.rst diff --git a/wrapper/python/wolfssl/Makefile b/wrapper/python/wolfssl/Makefile index ec5288e50..1576ca662 100644 --- a/wrapper/python/wolfssl/Makefile +++ b/wrapper/python/wolfssl/Makefile @@ -58,7 +58,7 @@ test : clean-pyc tox docs : - $(MAKE) -C docs html + $(MAKE) -C docs singlehtml # publishes module at pypi upload : test diff --git a/wrapper/python/wolfssl/README.rst b/wrapper/python/wolfssl/README.rst index f55ee06bb..1a8e7250a 100644 --- a/wrapper/python/wolfssl/README.rst +++ b/wrapper/python/wolfssl/README.rst @@ -6,12 +6,12 @@ resource-constrained environments primarily because of its small size, speed, and portability. Installation ------------- +============ In order to use ``wolfssl Python``, you'll also need to install ``wolfssl C``. Mac OSX -~~~~~~~ +------- Installing from ``homebrew`` and ``pip`` package managers: @@ -41,7 +41,7 @@ Installing from ``source code``: Linux -~~~~~ +----- .. code-block:: shell @@ -65,7 +65,7 @@ Linux Testing -------- +======= To run the tox tests in the source code, you'll need ``tox`` and a few other requirements. The source code relies at **WOLFSSL_DIR/wrapper/python/wolfssl** diff --git a/wrapper/python/wolfssl/docs/index.rst b/wrapper/python/wolfssl/docs/index.rst index 41df3bca8..344919f7f 100644 --- a/wrapper/python/wolfssl/docs/index.rst +++ b/wrapper/python/wolfssl/docs/index.rst @@ -1,13 +1,8 @@ -.. include:: ../README.rst - -Summary -======= - .. toctree:: :maxdepth: 2 + installation usage api examples - -.. include:: ../LICENSING.rst + licensing diff --git a/wrapper/python/wolfssl/docs/installation.rst b/wrapper/python/wolfssl/docs/installation.rst new file mode 100644 index 000000000..72a335581 --- /dev/null +++ b/wrapper/python/wolfssl/docs/installation.rst @@ -0,0 +1 @@ +.. include:: ../README.rst diff --git a/wrapper/python/wolfssl/docs/licensing.rst b/wrapper/python/wolfssl/docs/licensing.rst new file mode 100644 index 000000000..f5cc633bb --- /dev/null +++ b/wrapper/python/wolfssl/docs/licensing.rst @@ -0,0 +1 @@ +.. include:: ../LICENSING.rst From 7a52b5b394557586c610e417dde2d0de32e51a56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 29 May 2017 20:16:59 -0300 Subject: [PATCH 43/47] fixes makefiles and requiremets --- wrapper/python/wolfssl/MANIFEST.in | 1 + wrapper/python/wolfssl/Makefile | 11 +- wrapper/python/wolfssl/docs/Makefile | 221 ++---------------- wrapper/python/wolfssl/docs/requirements.txt | 2 + .../python/wolfssl/requirements-testing.txt | 6 +- 5 files changed, 33 insertions(+), 208 deletions(-) create mode 100644 wrapper/python/wolfssl/docs/requirements.txt diff --git a/wrapper/python/wolfssl/MANIFEST.in b/wrapper/python/wolfssl/MANIFEST.in index 3c56fcf44..31b8bcfa9 100644 --- a/wrapper/python/wolfssl/MANIFEST.in +++ b/wrapper/python/wolfssl/MANIFEST.in @@ -1 +1,2 @@ include LICENSING.rst +recursive-include certs *.pem diff --git a/wrapper/python/wolfssl/Makefile b/wrapper/python/wolfssl/Makefile index 1576ca662..fd18e126d 100644 --- a/wrapper/python/wolfssl/Makefile +++ b/wrapper/python/wolfssl/Makefile @@ -18,7 +18,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -.PHONY : all clean clean-build clean-pyc clean-test clean-docs install test docs upload +.PHONY : all clean clean-test clean-build clean-pyc install test check upload # builds the module all : @@ -29,7 +29,7 @@ install : all python ./setup.py install ## removes all build, test, coverage and Python artifacts -clean : clean-test clean-build clean-pyc clean-docs +clean : clean-test clean-build clean-pyc ## removes test and coverage artifacts clean-test : @@ -47,19 +47,12 @@ clean-pyc : find src test -name '*.pyc' -exec rm -f {} + find src test -name '*.pyo' -exec rm -f {} + -## removes documentation file artifacts -clean-docs : - $(MAKE) -C docs clean - # runs unit tests check : test test : clean-pyc tox -docs : - $(MAKE) -C docs singlehtml - # publishes module at pypi upload : test python ./setup.py sdist upload diff --git a/wrapper/python/wolfssl/docs/Makefile b/wrapper/python/wolfssl/docs/Makefile index c552bc9b3..655a78953 100644 --- a/wrapper/python/wolfssl/docs/Makefile +++ b/wrapper/python/wolfssl/docs/Makefile @@ -1,230 +1,59 @@ -# Makefile for Sphinx documentation +# Makefile # +# Copyright (C) 2006-2017 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +.PHONY : all clean html pdf man # You can set these variables from the command line. SPHINXOPTS = SPHINXBUILD = sphinx-build -PAPER = +PAPER = a4 BUILDDIR = _build -# User-friendly check for sphinx-build -ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) - $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/) -endif - # Internal variables. PAPEROPT_a4 = -D latex_paper_size=a4 PAPEROPT_letter = -D latex_paper_size=letter ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . -# the i18n builder cannot share the environment and doctrees with the others -I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . -.PHONY: help -help: +all: @echo "Please use \`make ' where is one of" - @echo " html to make standalone HTML files" - @echo " dirhtml to make HTML files named index.html in directories" - @echo " singlehtml to make a single large HTML file" - @echo " pickle to make pickle files" - @echo " json to make JSON files" - @echo " htmlhelp to make HTML files and a HTML help project" - @echo " qthelp to make HTML files and a qthelp project" - @echo " applehelp to make an Apple Help Book" - @echo " devhelp to make HTML files and a Devhelp project" - @echo " epub to make an epub" - @echo " epub3 to make an epub3" - @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" - @echo " latexpdf to make LaTeX files and run them through pdflatex" - @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" - @echo " text to make text files" + @echo " html to make a single large HTML file" + @echo " pdf to make LaTeX files and run them through pdflatex" @echo " man to make manual pages" - @echo " texinfo to make Texinfo files" - @echo " info to make Texinfo files and run them through makeinfo" - @echo " gettext to make PO message catalogs" - @echo " changes to make an overview of all changed/added/deprecated items" - @echo " xml to make Docutils-native XML files" - @echo " pseudoxml to make pseudoxml-XML files for display purposes" - @echo " linkcheck to check all external links for integrity" @echo " doctest to run all doctests embedded in the documentation (if enabled)" @echo " coverage to run coverage check of the documentation (if enabled)" - @echo " dummy to check syntax errors of document sources" -.PHONY: clean clean: rm -rf $(BUILDDIR)/* -.PHONY: html html: - $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." - -.PHONY: dirhtml -dirhtml: - $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." - -.PHONY: singlehtml -singlehtml: $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml @echo @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." -.PHONY: pickle -pickle: - $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle - @echo - @echo "Build finished; now you can process the pickle files." - -.PHONY: json -json: - $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json - @echo - @echo "Build finished; now you can process the JSON files." - -.PHONY: htmlhelp -htmlhelp: - $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp - @echo - @echo "Build finished; now you can run HTML Help Workshop with the" \ - ".hhp project file in $(BUILDDIR)/htmlhelp." - -.PHONY: qthelp -qthelp: - $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp - @echo - @echo "Build finished; now you can run "qcollectiongenerator" with the" \ - ".qhcp project file in $(BUILDDIR)/qthelp, like this:" - @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/wolfcrypt.qhcp" - @echo "To view the help file:" - @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/wolfcrypt.qhc" - -.PHONY: applehelp -applehelp: - $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp - @echo - @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." - @echo "N.B. You won't be able to view it unless you put it in" \ - "~/Library/Documentation/Help or install it in your application" \ - "bundle." - -.PHONY: devhelp -devhelp: - $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp - @echo - @echo "Build finished." - @echo "To view the help file:" - @echo "# mkdir -p $$HOME/.local/share/devhelp/wolfcrypt" - @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/wolfcrypt" - @echo "# devhelp" - -.PHONY: epub -epub: - $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub - @echo - @echo "Build finished. The epub file is in $(BUILDDIR)/epub." - -.PHONY: epub3 -epub3: - $(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3 - @echo - @echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3." - -.PHONY: latex -latex: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo - @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." - @echo "Run \`make' in that directory to run these through (pdf)latex" \ - "(use \`make latexpdf' here to do that automatically)." - -.PHONY: latexpdf -latexpdf: +pdf: $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex @echo "Running LaTeX files through pdflatex..." $(MAKE) -C $(BUILDDIR)/latex all-pdf @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." -.PHONY: latexpdfja -latexpdfja: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo "Running LaTeX files through platex and dvipdfmx..." - $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja - @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." - -.PHONY: text -text: - $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text - @echo - @echo "Build finished. The text files are in $(BUILDDIR)/text." - -.PHONY: man man: $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man @echo @echo "Build finished. The manual pages are in $(BUILDDIR)/man." - -.PHONY: texinfo -texinfo: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo - @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." - @echo "Run \`make' in that directory to run these through makeinfo" \ - "(use \`make info' here to do that automatically)." - -.PHONY: info -info: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo "Running Texinfo files through makeinfo..." - make -C $(BUILDDIR)/texinfo info - @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." - -.PHONY: gettext -gettext: - $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale - @echo - @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." - -.PHONY: changes -changes: - $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes - @echo - @echo "The overview file is in $(BUILDDIR)/changes." - -.PHONY: linkcheck -linkcheck: - $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck - @echo - @echo "Link check complete; look for any errors in the above output " \ - "or in $(BUILDDIR)/linkcheck/output.txt." - -.PHONY: doctest -doctest: - $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest - @echo "Testing of doctests in the sources finished, look at the " \ - "results in $(BUILDDIR)/doctest/output.txt." - -.PHONY: coverage -coverage: - $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage - @echo "Testing of coverage in the sources finished, look at the " \ - "results in $(BUILDDIR)/coverage/python.txt." - -.PHONY: xml -xml: - $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml - @echo - @echo "Build finished. The XML files are in $(BUILDDIR)/xml." - -.PHONY: pseudoxml -pseudoxml: - $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml - @echo - @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." - -.PHONY: dummy -dummy: - $(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy - @echo - @echo "Build finished. Dummy builder generates no files." diff --git a/wrapper/python/wolfssl/docs/requirements.txt b/wrapper/python/wolfssl/docs/requirements.txt new file mode 100644 index 000000000..ab3f3dd41 --- /dev/null +++ b/wrapper/python/wolfssl/docs/requirements.txt @@ -0,0 +1,2 @@ +Sphinx +sphinx_rtd_theme diff --git a/wrapper/python/wolfssl/requirements-testing.txt b/wrapper/python/wolfssl/requirements-testing.txt index 9a277b876..c422b4d23 100644 --- a/wrapper/python/wolfssl/requirements-testing.txt +++ b/wrapper/python/wolfssl/requirements-testing.txt @@ -1,3 +1,3 @@ -pytest>=3.0.5 -cffi>=1.9.1 -tox>=2.5.0 +pytest +cffi +tox From bba3fcf7720bba4f8ea23fae75ccd8d6c8addba0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 3 Jul 2017 12:22:22 -0300 Subject: [PATCH 44/47] removes certs --- wrapper/python/wolfssl/certs/ca-cert.pem | 87 --------- .../python/wolfssl/certs/ca-digicert-ev.pem | 23 --- wrapper/python/wolfssl/certs/client-cert.pem | 88 --------- wrapper/python/wolfssl/certs/client-key.pem | 27 --- wrapper/python/wolfssl/certs/server-cert.pem | 173 ------------------ wrapper/python/wolfssl/certs/server-key.pem | 27 --- 6 files changed, 425 deletions(-) delete mode 100644 wrapper/python/wolfssl/certs/ca-cert.pem delete mode 100644 wrapper/python/wolfssl/certs/ca-digicert-ev.pem delete mode 100644 wrapper/python/wolfssl/certs/client-cert.pem delete mode 100644 wrapper/python/wolfssl/certs/client-key.pem delete mode 100644 wrapper/python/wolfssl/certs/server-cert.pem delete mode 100644 wrapper/python/wolfssl/certs/server-key.pem diff --git a/wrapper/python/wolfssl/certs/ca-cert.pem b/wrapper/python/wolfssl/certs/ca-cert.pem deleted file mode 100644 index 8b34ea43d..000000000 --- a/wrapper/python/wolfssl/certs/ca-cert.pem +++ /dev/null @@ -1,87 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b7:b6:90:33:66:1b:6b:23 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: - f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: - de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: - 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: - 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: - 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: - a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: - a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: - 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: - 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: - 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: - 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: - de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: - cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: - b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: - 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: - ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: - 36:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - X509v3 Authority Key Identifier: - keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: - 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: - 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: - 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: - 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: - fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: - fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: - fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: - e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: - bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: - da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: - 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: - 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: - 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: - 55:a3:77:76 ------BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD -VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G -A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 -dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 -dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D -mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx -i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J -XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc -/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI -/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB -+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU -J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 -aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI -Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U -uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO -BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z -v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j -Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== ------END CERTIFICATE----- diff --git a/wrapper/python/wolfssl/certs/ca-digicert-ev.pem b/wrapper/python/wolfssl/certs/ca-digicert-ev.pem deleted file mode 100644 index 9e6810ab7..000000000 --- a/wrapper/python/wolfssl/certs/ca-digicert-ev.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j -ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL -MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 -LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug -RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm -+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW -PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM -xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB -Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 -hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg -EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA -FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec -nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z -eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF -hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 -Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe -vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep -+OkuE6N36B9K ------END CERTIFICATE----- diff --git a/wrapper/python/wolfssl/certs/client-cert.pem b/wrapper/python/wolfssl/certs/client-cert.pem deleted file mode 100644 index 9262ad609..000000000 --- a/wrapper/python/wolfssl/certs/client-cert.pem +++ /dev/null @@ -1,88 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b9:bc:90:ed:ad:aa:0a:8c - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: - 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: - 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: - 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: - ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: - 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: - b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: - 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: - 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: - bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: - c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: - ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: - cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: - 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: - 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: - d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: - 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: - ba:d3 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 - X509v3 Authority Key Identifier: - keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 - DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B9:BC:90:ED:AD:AA:0A:8C - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97: - 90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7: - c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9: - 46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3: - 76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56: - a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8: - c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3: - 44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2: - 6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b: - 95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6: - 66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f: - ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b: - 99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7: - 93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4: - 7c:d6:35:9e ------BEGIN CERTIFICATE----- -MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD -VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG -A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw -FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG -A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT -BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY -MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45 -pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYs -StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW -kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF -dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj -mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/ -wK71/Fvl+6G60wIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR -xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh -MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96 -ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu -Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW -EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl -UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx -uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7 -R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr -cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu -q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe ------END CERTIFICATE----- diff --git a/wrapper/python/wolfssl/certs/client-key.pem b/wrapper/python/wolfssl/certs/client-key.pem deleted file mode 100644 index c4e7ad22c..000000000 --- a/wrapper/python/wolfssl/certs/client-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvG -w0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJ -W+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbf -G36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnN -rv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAY -E7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQABAoIBAQCi5thfEHFkCJ4u -bdFtHoXSCrGMR84sUWqgEp5T3pFMHW3qWXvyd6rZxtmKq9jhFuRjJv+1bBNZuOOl -yHIXLgyfb+VZP3ZvSbERwlouFikN3reO3EDVou7gHqH0vpfbhmOWFM2YCWAtMHac -PM3miO5HknkLWgDiXl8RfH35CLcgBokqXf0AqyLh8LO8JKleJg4fAC3+IZpTW23T -K6uUgmhDNtj2L8Yi/LVBXQ0zYOqkfX7oS1WRVtNcV48flBcvqt7pnqj0z4pMjqDk -VnOyz0+GxWk88yQgi1yWDPprEjuaZ8HfxpaypdWSDZsJQmgkEEXUUOQXOUjQNYuU -bRHej8pZAoGBAOokp/lpM+lx3FJ9iCEoL0neunIW6cxHeogNlFeEWBY6gbA/os+m -bB6wBikAj+d3dqzbysfZXps/JpBSrvw4kAAUu7QPWJTnL2p+HE9BIdQxWR9OihqN -p1dsItjl9H4yphDLZKVVA4emJwWMw9e2J7JNujDaR49U0z2LhI2UmFilAoGBANU4 -G8OPxZMMRwtvNZLFsI1GyJIYj/WACvfvof6AubUqusoYsF2lB9CTjdicBBzUYo6m -JoEB/86KKmM0NUCqbYDeiSNqV02ebq2TTlaQC22dc4sMric93k7wqsVseGdslFKc -N2dsLe+7r9+mkDzER8+Nlp6YqbSfxaZQ3LPw+3QXAoGAXoMJYr26fKK/QnT1fBzS -ackEDYV+Pj0kEsMYe/Mp818OdmxZdeRBhGmdMvPNIquwNbpKsjzl2Vi2Yk9d3uWe -CspTsiz3nrNrClt5ZexukU6SIPb8/Bbt03YM4ux/smkTa3gOWkZktF63JaBadTpL -78c8Pvf9JrggxJkKmnO+wxkCgYEAukSTFKw0GTtfkWCs97TWgQU2UVM96GXcry7c -YT7Jfbh/h/A7mwOCKTfOck4R1bHBDAegmZFKjX/sec/xObXphexi99p9vGRNIjwO -8tZR9YfYmcARIF0PKf1b4q7ZHNkhVm38hNBf7RAVHBgh58Q9S9fQnmqVzyLJA3ue -42AB/C8CgYAR0EvPG2e5nxB1R4ZlrjHCxjCsWQZQ2Q+1cAb38NPIYnyo2m72IT/T -f1/qiqs/2Spe81HSwjA34y2jdQ0eTSE01VdwXIm/cuxKbmjVzRh0M06MOkWP5pZA -62P5GYY6Ud2JS7Dz+Z9dKJU4vjWrylznk1M0oUVdEzllQkahn831vw== ------END RSA PRIVATE KEY----- diff --git a/wrapper/python/wolfssl/certs/server-cert.pem b/wrapper/python/wolfssl/certs/server-cert.pem deleted file mode 100644 index 5504c822f..000000000 --- a/wrapper/python/wolfssl/certs/server-cert.pem +++ /dev/null @@ -1,173 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: - 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: - f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: - f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: - 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: - 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: - 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: - 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: - 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: - 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: - dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: - e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: - 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: - c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: - ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: - b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: - a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: - ad:d7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C - X509v3 Authority Key Identifier: - keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d: - 0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20: - a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce: - 39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3: - 56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29: - 7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47: - 25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25: - 36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1: - 7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e: - a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18: - 04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d: - 9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f: - 55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1: - 71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80: - e6:e4:0c:37 ------BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx -EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh -d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx -MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM -B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO -BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG -SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn -f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X -GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM -QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq -0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ -6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU -sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj -s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h -MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK -Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk -q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s -9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl -NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 -qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig -lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw== ------END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b7:b6:90:33:66:1b:6b:23 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: - f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: - de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: - 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: - 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: - 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: - a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: - a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: - 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: - 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: - 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: - 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: - de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: - cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: - b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: - 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: - ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: - 36:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - X509v3 Authority Key Identifier: - keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: - 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: - 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: - 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: - 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: - fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: - fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: - fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: - e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: - bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: - da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: - 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: - 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: - 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: - 55:a3:77:76 ------BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD -VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G -A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 -dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 -dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D -mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx -i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J -XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc -/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI -/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB -+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU -J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 -aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI -Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U -uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO -BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z -v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j -Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== ------END CERTIFICATE----- diff --git a/wrapper/python/wolfssl/certs/server-key.pem b/wrapper/python/wolfssl/certs/server-key.pem deleted file mode 100644 index d1627f4d4..000000000 --- a/wrapper/python/wolfssl/certs/server-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7 -qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf -P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj -xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk -wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC -Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv -n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd -x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y -oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz -0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB -QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD -LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8 -ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8 -yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT -3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N -zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB -hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv -VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB -qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf -H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza -1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ -c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe -9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY -dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n -WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA= ------END RSA PRIVATE KEY----- From 54177c14b4a6a069339edd61478e051b7caa9a13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 3 Jul 2017 12:31:47 -0300 Subject: [PATCH 45/47] imports certs from ./certs --- certs/external/ca-digicert-ev.pem | 23 +++++++++++++++++++++++ wrapper/python/wolfssl/.gitignore | 3 +++ wrapper/python/wolfssl/setup.py | 24 ++++++++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 certs/external/ca-digicert-ev.pem diff --git a/certs/external/ca-digicert-ev.pem b/certs/external/ca-digicert-ev.pem new file mode 100644 index 000000000..9e6810ab7 --- /dev/null +++ b/certs/external/ca-digicert-ev.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- diff --git a/wrapper/python/wolfssl/.gitignore b/wrapper/python/wolfssl/.gitignore index 361059ad0..d3d507b23 100644 --- a/wrapper/python/wolfssl/.gitignore +++ b/wrapper/python/wolfssl/.gitignore @@ -16,3 +16,6 @@ htmlcov/ # Sphinx documentation docs/_build/ + +# Certificates +certs/ \ No newline at end of file diff --git a/wrapper/python/wolfssl/setup.py b/wrapper/python/wolfssl/setup.py index 727fa9efb..78839496b 100755 --- a/wrapper/python/wolfssl/setup.py +++ b/wrapper/python/wolfssl/setup.py @@ -28,6 +28,7 @@ from __future__ import absolute_import import os import sys +import shutil from setuptools import setup, find_packages sys.path.insert(0, 'src') @@ -58,6 +59,29 @@ INFO = dict( tests={}, ) + +def update_certs(): + c_certs_dir = "../../../certs" + py_certs_dir = "certs" + certs = [ + "ca-cert.pem", + "client-cert.pem", + "client-key.pem", + "server-cert.pem", + "server-key.pem", + "external/ca-digicert-ev.pem" + ] + + if os.path.isdir(c_certs_dir): + if not os.path.isdir(py_certs_dir): + os.makedirs(py_certs_dir) + + for cert in certs: + shutil.copy(os.path.join(c_certs_dir, cert), py_certs_dir) + + if __name__ == "__main__": + update_certs() + KWARGS = {k:v for dct in INFO.values() for (k, v) in dct.items()} setup(**KWARGS) From 1729e0205fde5cccb94cbbc99c95b51aec308f46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 3 Jul 2017 12:39:42 -0300 Subject: [PATCH 46/47] reads _CADATA from file --- wrapper/python/wolfssl/test/test_context.py | 91 +-------------------- 1 file changed, 2 insertions(+), 89 deletions(-) diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 953f022c7..8de384eac 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -25,95 +25,8 @@ import pytest -_CADATA = """" -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b7:b6:90:33:66:1b:6b:23 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: - f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: - de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: - 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: - 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: - 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: - a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: - a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: - 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: - 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: - 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: - 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: - de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: - cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: - b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: - 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: - ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: - 36:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - X509v3 Authority Key Identifier: - keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: - 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: - 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: - 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: - 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: - fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: - fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: - fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: - e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: - bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: - da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: - 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: - 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: - 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: - 55:a3:77:76 ------BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD -VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G -A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 -dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 -dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D -mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx -i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J -XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc -/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI -/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB -+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU -J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 -aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI -Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U -uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO -BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z -v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j -Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== ------END CERTIFICATE----- -""" +with open("certs/ca-cert.pem") as ca: + _CADATA = ca.read() def test_context_creation(ssl_context): assert ssl_context != None From c93a903cae7b7eec4b727cdc005886c50f17fe7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 18 Jul 2017 02:10:41 -0300 Subject: [PATCH 47/47] =?UTF-8?q?atualiza=20lista=20de=20arquivos=20inclu?= =?UTF-8?q?=C3=ADdos=20na=20vers=C3=A3o=20de=20distribui=C3=A7=C3=A3o.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wrapper/include.am | 1 + wrapper/python/wolfssl/include.am | 38 +++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 wrapper/python/wolfssl/include.am diff --git a/wrapper/include.am b/wrapper/include.am index eb6d8f7fc..dbf0e7fc8 100644 --- a/wrapper/include.am +++ b/wrapper/include.am @@ -3,6 +3,7 @@ # All paths should be given relative to the root include wrapper/python/wolfcrypt/include.am +include wrapper/python/wolfssl/include.am # wolfSSL CSharp wrapper files EXTRA_DIST+= wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config diff --git a/wrapper/python/wolfssl/include.am b/wrapper/python/wolfssl/include.am new file mode 100644 index 000000000..0c5d06bc1 --- /dev/null +++ b/wrapper/python/wolfssl/include.am @@ -0,0 +1,38 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= wrapper/python/wolfssl/.gitignore +EXTRA_DIST+= wrapper/python/wolfssl/docs/api.rst +EXTRA_DIST+= wrapper/python/wolfssl/docs/conf.py +EXTRA_DIST+= wrapper/python/wolfssl/docs/examples.rst +EXTRA_DIST+= wrapper/python/wolfssl/docs/index.rst +EXTRA_DIST+= wrapper/python/wolfssl/docs/installation.rst +EXTRA_DIST+= wrapper/python/wolfssl/docs/Makefile +EXTRA_DIST+= wrapper/python/wolfssl/docs/licensing.rst +EXTRA_DIST+= wrapper/python/wolfssl/docs/requirements.txt +EXTRA_DIST+= wrapper/python/wolfssl/docs/usage.rst +EXTRA_DIST+= wrapper/python/wolfssl/examples/client.py +EXTRA_DIST+= wrapper/python/wolfssl/examples/server.py +EXTRA_DIST+= wrapper/python/wolfssl/test/conftest.py +EXTRA_DIST+= wrapper/python/wolfssl/test/test_client.py +EXTRA_DIST+= wrapper/python/wolfssl/test/test_context.py +EXTRA_DIST+= wrapper/python/wolfssl/test/test_methods.py +EXTRA_DIST+= wrapper/python/wolfssl/src/wolfssl/__about__.py +EXTRA_DIST+= wrapper/python/wolfssl/src/wolfssl/__init__.py +EXTRA_DIST+= wrapper/python/wolfssl/src/wolfssl/build_ffi.py +EXTRA_DIST+= wrapper/python/wolfssl/src/wolfssl/_memory.py +EXTRA_DIST+= wrapper/python/wolfssl/src/wolfssl/_methods.py +EXTRA_DIST+= wrapper/python/wolfssl/src/wolfssl/exceptions.py +EXTRA_DIST+= wrapper/python/wolfssl/src/wolfssl/utils.py +EXTRA_DIST+= wrapper/python/wolfssl/LICENSING.rst +EXTRA_DIST+= wrapper/python/wolfssl/Makefile +EXTRA_DIST+= wrapper/python/wolfssl/MANIFEST.in +EXTRA_DIST+= wrapper/python/wolfssl/README.rst +EXTRA_DIST+= wrapper/python/wolfssl/requirements-testing.txt +EXTRA_DIST+= wrapper/python/wolfssl/setup.py +EXTRA_DIST+= wrapper/python/wolfssl/tox.ini +EXTRA_DIST+= wrapper/python/wolfssl/Vagrantfile +EXTRA_DIST+= wrapper/python/wolfssl/.centos-provisioner.sh +EXTRA_DIST+= wrapper/python/wolfssl/.ubuntu-provisioner.sh +