diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | OpenSSL/ssl/context.c | 39 | ||||
-rw-r--r-- | OpenSSL/ssl/ssl.c | 14 | ||||
-rw-r--r-- | OpenSSL/test/test_ssl.py | 104 | ||||
-rw-r--r-- | doc/api/ssl.rst | 30 |
5 files changed, 193 insertions, 4 deletions
@@ -1,4 +1,12 @@ -2011-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> +2012-02-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/ssl/ssl.c: Add session cache related constants for use + with the new Context.set_session_cache_mode method. + + * OpenSSL/ssl/context.c: Add new Context methods + set_session_cache_mode and get_session_cache_mode. + +2011-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> * OpenSSL/crypto/pkey.c: Raise TypeError when trying to check a PKey instance which has no private component, instead of crashing. diff --git a/OpenSSL/ssl/context.c b/OpenSSL/ssl/context.c index aa4976d..0b9f4b6 100644 --- a/OpenSSL/ssl/context.c +++ b/OpenSSL/ssl/context.c @@ -690,8 +690,8 @@ ssl_Context_load_client_ca(ssl_ContextObj *self, PyObject *args) } static char ssl_Context_set_session_id_doc[] = "\n\ -Set the session identifier, this is needed if you want to do session\n\ -resumption (which, ironically, isn't implemented yet)\n\ +Set the session identifier. This is needed if you want to do session\n\ +resumption.\n\ \n\ :param buf: A Python object that can be safely converted to a string\n\ :returns: None\n\ @@ -717,6 +717,39 @@ ssl_Context_set_session_id(ssl_ContextObj *self, PyObject *args) } } +static char ssl_Context_set_session_cache_mode_doc[] = "\n\ +Enable/disable session caching and specify the mode used.\n\ +\n\ +:param mode: One or more of the SESS_CACHE_* flags (combine using bitwise or)\n\ +:returns: The previously set caching mode.\n\ +"; +static PyObject * +ssl_Context_set_session_cache_mode(ssl_ContextObj *self, PyObject *args) { + long mode, result; + + if (!PyArg_ParseTuple(args, "l:set_session_cache_mode", &mode)) { + return NULL; + } + + result = SSL_CTX_set_session_cache_mode(self->ctx, mode); + return PyLong_FromLong(result); + +} + +static char ssl_Context_get_session_cache_mode_doc[] = "\n\ +:returns: The currently used cache mode.\n\ +"; +static PyObject * +ssl_Context_get_session_cache_mode(ssl_ContextObj *self, PyObject *args) { + long result; + + if (!PyArg_ParseTuple(args, ":get_session_cache_mode")) { + return NULL; + } + result = SSL_CTX_get_session_cache_mode(self->ctx); + return PyLong_FromLong(result); +} + static char ssl_Context_set_verify_doc[] = "\n\ Set the verify mode and verify callback\n\ \n\ @@ -1176,6 +1209,8 @@ static PyMethodDef ssl_Context_methods[] = { ADD_METHOD(check_privatekey), ADD_METHOD(load_client_ca), ADD_METHOD(set_session_id), + ADD_METHOD(set_session_cache_mode), + ADD_METHOD(get_session_cache_mode), ADD_METHOD(set_verify), ADD_METHOD(set_verify_depth), ADD_METHOD(get_verify_mode), diff --git a/OpenSSL/ssl/ssl.c b/OpenSSL/ssl/ssl.c index cee3661..a68f447 100644 --- a/OpenSSL/ssl/ssl.c +++ b/OpenSSL/ssl/ssl.c @@ -274,6 +274,20 @@ do { \ PyModule_AddIntConstant(module, "SSLEAY_PLATFORM", SSLEAY_PLATFORM); PyModule_AddIntConstant(module, "SSLEAY_DIR", SSLEAY_DIR); + /* Cache modes */ +#define CACHE_MODE(mode) \ + PyModule_AddIntConstant(module, "SESS_CACHE_" #mode, SSL_SESS_CACHE_##mode) + + CACHE_MODE(OFF); + CACHE_MODE(CLIENT); + CACHE_MODE(SERVER); + CACHE_MODE(BOTH); + CACHE_MODE(NO_AUTO_CLEAR); + CACHE_MODE(NO_INTERNAL_LOOKUP); + CACHE_MODE(NO_INTERNAL_STORE); + CACHE_MODE(NO_INTERNAL); +#undef CACHE_MODE + /* Straight up version number */ PyModule_AddIntConstant(module, "OPENSSL_VERSION_NUMBER", OPENSSL_VERSION_NUMBER); diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py index c9417b9..cda6d53 100644 --- a/OpenSSL/test/test_ssl.py +++ b/OpenSSL/test/test_ssl.py @@ -10,7 +10,7 @@ from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK from sys import platform, version_info from socket import error, socket from os import makedirs -from os.path import join +from os.path import join, dirname from unittest import main from weakref import ref @@ -28,6 +28,11 @@ from OpenSSL.SSL import ( VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE) from OpenSSL.SSL import ( + SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH, + SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP, + SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL) + +from OpenSSL.SSL import ( Error, SysCallError, WantReadError, ZeroReturnError, SSLeay_version) from OpenSSL.SSL import Context, ContextType, Connection, ConnectionType @@ -909,6 +914,37 @@ class ContextTests(TestCase, _LoopbackMixin): self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"]) + def test_set_session_cache_mode_wrong_args(self): + """ + L{Context.set_session_cache_mode} raises L{TypeError} if called with + other than one integer argument. + """ + context = Context(TLSv1_METHOD) + self.assertRaises(TypeError, context.set_session_cache_mode) + self.assertRaises(TypeError, context.set_session_cache_mode, object()) + + + def test_get_session_cache_mode_wrong_args(self): + """ + L{Context.get_session_cache_mode} raises L{TypeError} if called with any + arguments. + """ + context = Context(TLSv1_METHOD) + self.assertRaises(TypeError, context.get_session_cache_mode, 1) + + + def test_session_cache_mode(self): + """ + L{Context.set_session_cache_mode} specifies how sessions are cached. + The setting can be retrieved via L{Context.get_session_cache_mode}. + """ + context = Context(TLSv1_METHOD) + old = context.set_session_cache_mode(SESS_CACHE_OFF) + off = context.set_session_cache_mode(SESS_CACHE_BOTH) + self.assertEqual(SESS_CACHE_OFF, off) + self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode()) + + class ServerNameCallbackTests(TestCase, _LoopbackMixin): """ @@ -1627,6 +1663,72 @@ class ConstantsTests(TestCase): "OP_NO_COMPRESSION unavailable - OpenSSL version may be too old" + def test_sess_cache_off(self): + """ + The value of L{OpenSSL.SSL.SESS_CACHE_OFF} 0x0, the value of + L{SSL_SESS_CACHE_OFF} defined by I{openssl/ssl.h}. + """ + self.assertEqual(0x0, SESS_CACHE_OFF) + + + def test_sess_cache_client(self): + """ + The value of L{OpenSSL.SSL.SESS_CACHE_CLIENT} 0x1, the value of + L{SSL_SESS_CACHE_CLIENT} defined by I{openssl/ssl.h}. + """ + self.assertEqual(0x1, SESS_CACHE_CLIENT) + + + def test_sess_cache_server(self): + """ + The value of L{OpenSSL.SSL.SESS_CACHE_SERVER} 0x2, the value of + L{SSL_SESS_CACHE_SERVER} defined by I{openssl/ssl.h}. + """ + self.assertEqual(0x2, SESS_CACHE_SERVER) + + + def test_sess_cache_both(self): + """ + The value of L{OpenSSL.SSL.SESS_CACHE_BOTH} 0x3, the value of + L{SSL_SESS_CACHE_BOTH} defined by I{openssl/ssl.h}. + """ + self.assertEqual(0x3, SESS_CACHE_BOTH) + + + def test_sess_cache_no_auto_clear(self): + """ + The value of L{OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR} 0x80, the value of + L{SSL_SESS_CACHE_NO_AUTO_CLEAR} defined by I{openssl/ssl.h}. + """ + self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR) + + + def test_sess_cache_no_internal_lookup(self): + """ + The value of L{OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP} 0x100, the + value of L{SSL_SESS_CACHE_NO_INTERNAL_LOOKUP} defined by + I{openssl/ssl.h}. + """ + self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP) + + + def test_sess_cache_no_internal_store(self): + """ + The value of L{OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE} 0x200, the + value of L{SSL_SESS_CACHE_NO_INTERNAL_STORE} defined by + I{openssl/ssl.h}. + """ + self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE) + + + def test_sess_cache_no_internal(self): + """ + The value of L{OpenSSL.SSL.SESS_CACHE_NO_INTERNAL} 0x300, the value of + L{SSL_SESS_CACHE_NO_INTERNAL} defined by I{openssl/ssl.h}. + """ + self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL) + + class MemoryBIOTests(TestCase, _LoopbackMixin): """ diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst index 1eed876..5014889 100644 --- a/doc/api/ssl.rst +++ b/doc/api/ssl.rst @@ -69,6 +69,20 @@ Context, Connection. information to retrieve. See the man page for the :py:func:`SSLeay_version` C API for details. +.. py:data:: SESS_CACHE_OFF + SESS_CACHE_CLIENT + SESS_CACHE_SERVER + SESS_CACHE_BOTH + SESS_CACHE_NO_AUTO_CLEAR + SESS_CACHE_NO_INTERNAL_LOOKUP + SESS_CACHE_NO_INTERNAL_STORE + SESS_CACHE_NO_INTERNAL + + Constants used with :py:meth:`Context.set_session_cache_mode` to specify + the behavior of the session cache and potential session reuse. See the man + page for the :py:func:`SSL_CTX_set_session_cache_mode` C API for details. + + .. versionadded:: 0.14 .. py:data:: OPENSSL_VERSION_NUMBER @@ -315,6 +329,22 @@ Context objects have the following methods: *callback* should return a false value (e.g. an empty string). +.. py:method:: Context.set_session_cache_mode(mode) + + Set the behavior of the session cache used by all connections using this + Context. The previously set mode is returned. See :py:const:`SESS_CACHE_*` + for details about particular modes. + + .. versionadded:: 0.14 + + +.. py:method:: Context.get_session_cache_mode() + + Get the current session cache mode. + + .. versionadded:: 0.14 + + .. py:method:: Context.set_session_id(name) Set the context *name* within which a session can be reused for this |