From 52eb0becf06bd680ffbf84344b37fa2d93e326b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 5 Dec 2016 19:47:00 -0300 Subject: [PATCH] adds set_ciphers to context --- wrapper/python/wolfssl/test/test_context.py | 5 +++++ wrapper/python/wolfssl/wolfssl/_context.py | 18 ++++++++++++++++-- wrapper/python/wolfssl/wolfssl/build_ffi.py | 1 + 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/wrapper/python/wolfssl/test/test_context.py b/wrapper/python/wolfssl/test/test_context.py index 1ec774989..9a5bdd1d4 100644 --- a/wrapper/python/wolfssl/test/test_context.py +++ b/wrapper/python/wolfssl/test/test_context.py @@ -125,6 +125,8 @@ class TestSSLContext(unittest.TestCase): def test_context_creation(self): self.assertIsNotNone(self.ctx) + + def test_verify_mode(self): self.assertEqual(self.ctx.verify_mode, self.provider.CERT_NONE) self.ctx.verify_mode = self.provider.CERT_OPTIONAL @@ -133,6 +135,9 @@ class TestSSLContext(unittest.TestCase): self.ctx.verify_mode = self.provider.CERT_REQUIRED self.assertEqual(self.ctx.verify_mode, self.provider.CERT_REQUIRED) + def test_set_ciphers(self): + self.ctx.set_ciphers("DHE-RSA-AES256-SHA256:AES256-SHA256") + def test_load_cert_chain_raises(self): self.assertRaises(TypeError, self.ctx.load_cert_chain, None) diff --git a/wrapper/python/wolfssl/wolfssl/_context.py b/wrapper/python/wolfssl/wolfssl/_context.py index d58a57268..17d150a58 100644 --- a/wrapper/python/wolfssl/wolfssl/_context.py +++ b/wrapper/python/wolfssl/wolfssl/_context.py @@ -103,6 +103,20 @@ class SSLContext(object): # _context=self) # # + + def set_ciphers(self, ciphers): + """ + Set the available ciphers for sockets created with this context. It + should be a string in the wolfSSL cipher list format. If no cipher can + be selected (because compile-time options or other configuration forbids + use of all the specified ciphers), an SSLError will be raised. + """ + ret = _lib.wolfSSL_CTX_set_cipher_list(self.native_object, t2b(ciphers)) + + if ret != _SSL_SUCCESS: + raise SSLError("Unnable to set cipher list") + + def load_cert_chain(self, certfile, keyfile=None, password=None): """ Load a private key and the corresponding certificate. The certfile @@ -118,7 +132,7 @@ class SSLContext(object): ret = _lib.wolfSSL_CTX_use_certificate_chain_file( self.native_object, t2b(certfile)) if ret != _SSL_SUCCESS: - raise SSLError("Unnable to load certificate chain") + raise SSLError("Unnable to load certificate chain. Err %d"% ret) else: raise TypeError("certfile should be a valid filesystem path") @@ -126,7 +140,7 @@ class SSLContext(object): ret = _lib.wolfSSL_CTX_use_PrivateKey_file( self.native_object, t2b(keyfile), _SSL_FILETYPE_PEM) if ret != _SSL_SUCCESS: - raise SSLError("Unnable to load private key") + raise SSLError("Unnable to load private key. Err %d" % ret) def load_verify_locations(self, cafile=None, capath=None, cadata=None): diff --git a/wrapper/python/wolfssl/wolfssl/build_ffi.py b/wrapper/python/wolfssl/wolfssl/build_ffi.py index 570973207..ec0fd4dfe 100644 --- a/wrapper/python/wolfssl/wolfssl/build_ffi.py +++ b/wrapper/python/wolfssl/wolfssl/build_ffi.py @@ -53,6 +53,7 @@ ffi.cdef( void wolfSSL_CTX_free(void*); void wolfSSL_CTX_set_verify(void*, int, void*); + int wolfSSL_CTX_set_cipher_list(void*, const char*); int wolfSSL_CTX_use_PrivateKey_file(void*, const char*, int); int wolfSSL_CTX_load_verify_locations(void*, const char*, const char*); int wolfSSL_CTX_load_verify_buffer(void*, const unsigned char*, long, int);