1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
# Licensed under the LGPL: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
# For details: https://github.com/pylint-dev/astroid/blob/main/LICENSE
# Copyright (c) https://github.com/pylint-dev/astroid/blob/main/CONTRIBUTORS.txt
"""Astroid hooks for the ssl library."""
from astroid import parse
from astroid.brain.helpers import register_module_extender
from astroid.const import PY310_PLUS
from astroid.manager import AstroidManager
def _verifyflags_enum() -> str:
enum = """
class VerifyFlags(_IntFlag):
VERIFY_DEFAULT = 0
VERIFY_CRL_CHECK_LEAF = 1
VERIFY_CRL_CHECK_CHAIN = 2
VERIFY_X509_STRICT = 3
VERIFY_X509_TRUSTED_FIRST = 4"""
if PY310_PLUS:
enum += """
VERIFY_ALLOW_PROXY_CERTS = 5
VERIFY_X509_PARTIAL_CHAIN = 6
"""
return enum
def _options_enum() -> str:
enum = """
class Options(_IntFlag):
OP_ALL = 1
OP_NO_SSLv2 = 2
OP_NO_SSLv3 = 3
OP_NO_TLSv1 = 4
OP_NO_TLSv1_1 = 5
OP_NO_TLSv1_2 = 6
OP_NO_TLSv1_3 = 7
OP_CIPHER_SERVER_PREFERENCE = 8
OP_SINGLE_DH_USE = 9
OP_SINGLE_ECDH_USE = 10
OP_NO_COMPRESSION = 11
OP_NO_TICKET = 12
OP_NO_RENEGOTIATION = 13
OP_ENABLE_MIDDLEBOX_COMPAT = 14"""
return enum
def ssl_transform():
return parse(
"""
# Import necessary for conversion of objects defined in C into enums
from enum import IntEnum as _IntEnum, IntFlag as _IntFlag
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
from _ssl import _SSLContext, MemoryBIO
from _ssl import (
SSLError, SSLZeroReturnError, SSLWantReadError, SSLWantWriteError,
SSLSyscallError, SSLEOFError,
)
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
try:
from _ssl import RAND_egd
except ImportError:
# LibreSSL does not provide RAND_egd
pass
from _ssl import (OP_ALL, OP_CIPHER_SERVER_PREFERENCE,
OP_NO_COMPRESSION, OP_NO_SSLv2, OP_NO_SSLv3,
OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE)
from _ssl import (ALERT_DESCRIPTION_ACCESS_DENIED, ALERT_DESCRIPTION_BAD_CERTIFICATE,
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE,
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE,
ALERT_DESCRIPTION_BAD_RECORD_MAC,
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED,
ALERT_DESCRIPTION_CERTIFICATE_REVOKED,
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN,
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE,
ALERT_DESCRIPTION_CLOSE_NOTIFY, ALERT_DESCRIPTION_DECODE_ERROR,
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE,
ALERT_DESCRIPTION_DECRYPT_ERROR,
ALERT_DESCRIPTION_HANDSHAKE_FAILURE,
ALERT_DESCRIPTION_ILLEGAL_PARAMETER,
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY,
ALERT_DESCRIPTION_INTERNAL_ERROR,
ALERT_DESCRIPTION_NO_RENEGOTIATION,
ALERT_DESCRIPTION_PROTOCOL_VERSION,
ALERT_DESCRIPTION_RECORD_OVERFLOW,
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE,
ALERT_DESCRIPTION_UNKNOWN_CA,
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY,
ALERT_DESCRIPTION_UNRECOGNIZED_NAME,
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE,
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION,
ALERT_DESCRIPTION_USER_CANCELLED)
from _ssl import (SSL_ERROR_EOF, SSL_ERROR_INVALID_ERROR_CODE, SSL_ERROR_SSL,
SSL_ERROR_SYSCALL, SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_READ,
SSL_ERROR_WANT_WRITE, SSL_ERROR_WANT_X509_LOOKUP, SSL_ERROR_ZERO_RETURN)
from _ssl import VERIFY_CRL_CHECK_CHAIN, VERIFY_CRL_CHECK_LEAF, VERIFY_DEFAULT, VERIFY_X509_STRICT
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN
from _ssl import _OPENSSL_API_VERSION
from _ssl import PROTOCOL_SSLv23, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2
from _ssl import PROTOCOL_TLS, PROTOCOL_TLS_CLIENT, PROTOCOL_TLS_SERVER
class AlertDescription(_IntEnum):
ALERT_DESCRIPTION_ACCESS_DENIED = 0
ALERT_DESCRIPTION_BAD_CERTIFICATE = 1
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE = 2
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE = 3
ALERT_DESCRIPTION_BAD_RECORD_MAC = 4
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED = 5
ALERT_DESCRIPTION_CERTIFICATE_REVOKED = 6
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN = 7
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE = 8
ALERT_DESCRIPTION_CLOSE_NOTIFY = 9
ALERT_DESCRIPTION_DECODE_ERROR = 10
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE = 11
ALERT_DESCRIPTION_DECRYPT_ERROR = 12
ALERT_DESCRIPTION_HANDSHAKE_FAILURE = 13
ALERT_DESCRIPTION_ILLEGAL_PARAMETER = 14
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY = 15
ALERT_DESCRIPTION_INTERNAL_ERROR = 16
ALERT_DESCRIPTION_NO_RENEGOTIATION = 17
ALERT_DESCRIPTION_PROTOCOL_VERSION = 18
ALERT_DESCRIPTION_RECORD_OVERFLOW = 19
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE = 20
ALERT_DESCRIPTION_UNKNOWN_CA = 21
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY = 22
ALERT_DESCRIPTION_UNRECOGNIZED_NAME = 23
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE = 24
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION = 25
ALERT_DESCRIPTION_USER_CANCELLED = 26
class SSLErrorNumber(_IntEnum):
SSL_ERROR_EOF = 0
SSL_ERROR_INVALID_ERROR_CODE = 1
SSL_ERROR_SSL = 2
SSL_ERROR_SYSCALL = 3
SSL_ERROR_WANT_CONNECT = 4
SSL_ERROR_WANT_READ = 5
SSL_ERROR_WANT_WRITE = 6
SSL_ERROR_WANT_X509_LOOKUP = 7
SSL_ERROR_ZERO_RETURN = 8
class VerifyMode(_IntEnum):
CERT_NONE = 0
CERT_OPTIONAL = 1
CERT_REQUIRED = 2
"""
+ _verifyflags_enum()
+ _options_enum()
)
register_module_extender(AstroidManager(), "ssl", ssl_transform)
|
