Helper function to create SSL socket = CPython's newPySSLSocket()
(
ctx_ref: PyRef<PySslContext>,
server_side: bool,
server_hostname: Option<PyStrRef>,
vm: &VirtualMachine,
)
| 1990 | // Helper function to create SSL socket |
| 1991 | // = CPython's newPySSLSocket() |
| 1992 | fn new_py_ssl_socket( |
| 1993 | ctx_ref: PyRef<PySslContext>, |
| 1994 | server_side: bool, |
| 1995 | server_hostname: Option<PyStrRef>, |
| 1996 | vm: &VirtualMachine, |
| 1997 | ) -> PyResult<(ssl::Ssl, SslServerOrClient, Option<PyStrRef>)> { |
| 1998 | // Validate socket type and context protocol |
| 1999 | if server_side && ctx_ref.protocol == SslVersion::TlsClient { |
| 2000 | return Err(new_ssl_error( |
| 2001 | vm, |
| 2002 | "Cannot create a server socket with a PROTOCOL_TLS_CLIENT context", |
| 2003 | )); |
| 2004 | } |
| 2005 | if !server_side && ctx_ref.protocol == SslVersion::TlsServer { |
| 2006 | return Err(new_ssl_error( |
| 2007 | vm, |
| 2008 | "Cannot create a client socket with a PROTOCOL_TLS_SERVER context", |
| 2009 | )); |
| 2010 | } |
| 2011 | |
| 2012 | // Create SSL object |
| 2013 | let mut ssl = |
| 2014 | ssl::Ssl::new(&ctx_ref.ctx()).map_err(|e| convert_openssl_error(vm, e))?; |
| 2015 | |
| 2016 | // Set session id context for server-side sockets |
| 2017 | let socket_type = if server_side { |
| 2018 | unsafe { |
| 2019 | const SID_CTX: &[u8] = b"Python"; |
| 2020 | let ret = SSL_set_session_id_context( |
| 2021 | ssl.as_ptr(), |
| 2022 | SID_CTX.as_ptr(), |
| 2023 | SID_CTX.len() as libc::c_uint, |
| 2024 | ); |
| 2025 | if ret == 0 { |
| 2026 | return Err(convert_openssl_error(vm, ErrorStack::get())); |
| 2027 | } |
| 2028 | } |
| 2029 | SslServerOrClient::Server |
| 2030 | } else { |
| 2031 | SslServerOrClient::Client |
| 2032 | }; |
| 2033 | |
| 2034 | // Configure server hostname |
| 2035 | if let Some(hostname) = &server_hostname { |
| 2036 | let hostname_str = hostname.as_str(); |
| 2037 | if hostname_str.is_empty() || hostname_str.starts_with('.') { |
| 2038 | return Err(vm.new_value_error( |
| 2039 | "server_hostname cannot be an empty string or start with a leading dot.", |
| 2040 | )); |
| 2041 | } |
| 2042 | if hostname_str.contains('\0') { |
| 2043 | return Err(vm.new_type_error("embedded null character")); |
| 2044 | } |
| 2045 | let ip = hostname_str.parse::<std::net::IpAddr>(); |
| 2046 | if ip.is_err() { |
| 2047 | ssl.set_hostname(hostname_str) |
| 2048 | .map_err(|e| convert_openssl_error(vm, e))?; |
| 2049 | } |
nothing calls this directly
no test coverage detected