adds set_ciphers to context

2016-12-05 19:47:00 -03:00
parent 368f2baf88
commit 52eb0becf0
3 changed files with 22 additions and 2 deletions
--- a/wrapper/python/wolfssl/test/test_context.py
+++ b/wrapper/python/wolfssl/test/test_context.py
@ -125,6 +125,8 @@ class TestSSLContext(unittest.TestCase):

    def test_context_creation(self):
        self.assertIsNotNone(self.ctx)
+
+    def test_verify_mode(self):
        self.assertEqual(self.ctx.verify_mode, self.provider.CERT_NONE)

        self.ctx.verify_mode = self.provider.CERT_OPTIONAL
@ -133,6 +135,9 @@ class TestSSLContext(unittest.TestCase):
        self.ctx.verify_mode = self.provider.CERT_REQUIRED
        self.assertEqual(self.ctx.verify_mode, self.provider.CERT_REQUIRED)

+    def test_set_ciphers(self):
+        self.ctx.set_ciphers("DHE-RSA-AES256-SHA256:AES256-SHA256")
+
    def test_load_cert_chain_raises(self):
        self.assertRaises(TypeError, self.ctx.load_cert_chain, None)

--- a/wrapper/python/wolfssl/wolfssl/_context.py
+++ b/wrapper/python/wolfssl/wolfssl/_context.py
@ -103,6 +103,20 @@ class SSLContext(object):
 #                         _context=self)
 #
 #
+
+    def set_ciphers(self, ciphers):
+        """
+        Set the available ciphers for sockets created with this context. It
+        should be a string in the wolfSSL cipher list format. If no cipher can
+        be selected (because compile-time options or other configuration forbids
+        use of all the specified ciphers), an SSLError will be raised.
+        """
+        ret = _lib.wolfSSL_CTX_set_cipher_list(self.native_object, t2b(ciphers))
+
+        if ret != _SSL_SUCCESS:
+            raise SSLError("Unnable to set cipher list")
+
+
    def load_cert_chain(self, certfile, keyfile=None, password=None):
        """
        Load a private key and the corresponding certificate. The certfile
@ -118,7 +132,7 @@ class SSLContext(object):
            ret = _lib.wolfSSL_CTX_use_certificate_chain_file(
                self.native_object, t2b(certfile))
            if ret != _SSL_SUCCESS:
-                raise SSLError("Unnable to load certificate chain")
+                raise SSLError("Unnable to load certificate chain. Err %d"% ret)
        else:
            raise TypeError("certfile should be a valid filesystem path")

@ -126,7 +140,7 @@ class SSLContext(object):
            ret = _lib.wolfSSL_CTX_use_PrivateKey_file(
                self.native_object, t2b(keyfile), _SSL_FILETYPE_PEM)
            if ret != _SSL_SUCCESS:
-                raise SSLError("Unnable to load private key")
+                raise SSLError("Unnable to load private key. Err %d" % ret)


    def load_verify_locations(self, cafile=None, capath=None, cadata=None):
--- a/wrapper/python/wolfssl/wolfssl/build_ffi.py
+++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py
@ -53,6 +53,7 @@ ffi.cdef(
    void  wolfSSL_CTX_free(void*);

    void wolfSSL_CTX_set_verify(void*, int, void*);
+    int  wolfSSL_CTX_set_cipher_list(void*, const char*);
    int  wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int);
    int  wolfSSL_CTX_load_verify_locations(void*, const char*, const char*);
    int  wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int);