From 368f2baf88fba2df46cc0643eedff4ccd392b52c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Mon, 5 Dec 2016 19:15:08 -0300
Subject: [PATCH] adds verify_mode to context

---
 wrapper/python/wolfssl/test/test_context.py |  7 +++++
 wrapper/python/wolfssl/wolfssl/_context.py  | 31 ++++++++++++++++++++-
 wrapper/python/wolfssl/wolfssl/_methods.py  |  2 +-
 wrapper/python/wolfssl/wolfssl/build_ffi.py | 23 +++++++--------
 4 files changed, 50 insertions(+), 13 deletions(-)

diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py
index 821259c1f..1ec774989 100644
--- a/wrapper/python/wolfssl/test/test_context.py
+++ b/wrapper/python/wolfssl/test/test_context.py
@@ -125,6 +125,13 @@ class TestSSLContext(unittest.TestCase):
 
     def test_context_creation(self):
         self.assertIsNotNone(self.ctx)
+        self.assertEqual(self.ctx.verify_mode, self.provider.CERT_NONE)
+
+        self.ctx.verify_mode = self.provider.CERT_OPTIONAL
+        self.assertEqual(self.ctx.verify_mode, self.provider.CERT_OPTIONAL)
+
+        self.ctx.verify_mode = self.provider.CERT_REQUIRED
+        self.assertEqual(self.ctx.verify_mode, self.provider.CERT_REQUIRED)
 
     def test_load_cert_chain_raises(self):
         self.assertRaises(TypeError, self.ctx.load_cert_chain, None)
diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py
index 41ce3c45f..d58a57268 100644
--- a/wrapper/python/wolfssl/wolfssl/_context.py
+++ b/wrapper/python/wolfssl/wolfssl/_context.py
@@ -33,10 +33,12 @@ CERT_NONE = 0
 CERT_OPTIONAL = 1
 CERT_REQUIRED = 2
 
+_VERIFY_MODE_LIST = [CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED]
+
 _SSL_SUCCESS = 1
 _SSL_FILETYPE_PEM = 1
 
-class SSLContext:
+class SSLContext(object):
     """
     An SSLContext holds various SSL-related configuration options and
     data, such as certificates and possibly a private key.
@@ -47,6 +49,7 @@ class SSLContext:
 
         self.protocol = protocol
         self._side = server_side
+        self._verify_mode = None
         self.native_object = _lib.wolfSSL_CTX_new(method.native_object)
 
         # wolfSSL_CTX_new() takes ownership of the method.
@@ -57,12 +60,38 @@ class SSLContext:
         if self.native_object == _ffi.NULL:
             raise MemoryError("Unnable to allocate context object")
 
+        # verify_mode initialization needs a valid native_object.
+        self.verify_mode = CERT_NONE
+
 
     def __del__(self):
         if self.native_object is not None:
             _lib.wolfSSL_CTX_free(self.native_object)
 
 
+    @property
+    def verify_mode(self):
+        """
+        Whether to try to verify other peers’ certificates and how to behave
+        if verification fails. This attribute must be one of CERT_NONE,
+        CERT_OPTIONAL or CERT_REQUIRED.
+        """
+        return self._verify_mode
+
+
+    @verify_mode.setter
+    def verify_mode(self, value):
+        if value not in _VERIFY_MODE_LIST:
+            raise ValueError("verify_mode must be one of CERT_NONE, "
+                             "CERT_OPTIONAL or CERT_REQUIRED")
+
+        if value != self._verify_mode:
+            self._verify_mode = value
+            _lib.wolfSSL_CTX_set_verify(self.native_object,
+                                        self._verify_mode,
+                                        _ffi.NULL)
+
+
 #    def wrap_socket(self, sock, server_side=False,
 #                    do_handshake_on_connect=True,
 #                    suppress_ragged_eofs=True,
diff --git a/wrapper/python/wolfssl/wolfssl/_methods.py b/wrapper/python/wolfssl/wolfssl/_methods.py
index cc493ea28..c97ccaddb 100644
--- a/wrapper/python/wolfssl/wolfssl/_methods.py
+++ b/wrapper/python/wolfssl/wolfssl/_methods.py
@@ -41,7 +41,7 @@ _PROTOCOL_LIST = [PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLS,
                   PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2]
 
 
-class WolfSSLMethod:
+class WolfSSLMethod(object):
     """
     An SSLMethod holds SSL-related configuration options such as
     protocol version and communication side.
diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py
index 01a5e3666..570973207 100644
--- a/wrapper/python/wolfssl/wolfssl/build_ffi.py
+++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py
@@ -19,18 +19,18 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
-import os
 
 from cffi import FFI
 
 ffi = FFI()
 
-ffi.set_source("wolfssl._ffi",
+ffi.set_source(
+    "wolfssl._ffi",
     """
-        #include <wolfssl/options.h>
-        #include <wolfssl/ssl.h>
+    #include <wolfssl/options.h>
+    #include <wolfssl/ssl.h>
 
-        void wolfSSL_Free(void *ptr, void* heap, int type);
+    void wolfSSL_Free(void *ptr, void* heap, int type);
     """,
     include_dirs=["/usr/local/include"],
     library_dirs=["/usr/local/lib"],
@@ -38,7 +38,7 @@ ffi.set_source("wolfssl._ffi",
 )
 
 ffi.cdef(
-"""
+    """
     typedef unsigned char byte;
     typedef unsigned int  word32;
 
@@ -52,11 +52,12 @@ ffi.cdef(
     void* wolfSSL_CTX_new(void*);
     void  wolfSSL_CTX_free(void*);
 
-    int wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int);
-    int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*);
-    int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int);
-    int wolfSSL_CTX_use_certificate_chain_file(void*, const char *);
-"""
+    void wolfSSL_CTX_set_verify(void*, int, void*);
+    int  wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int);
+    int  wolfSSL_CTX_load_verify_locations(void*, const char*, const char*);
+    int  wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int);
+    int  wolfSSL_CTX_use_certificate_chain_file(void*, const char *);
+    """
 )
 
 if __name__ == "__main__":