Add support for SSL_peek #294
Conversation
Current coverage is
|
|
Since pyOpenSSL mostly attempts to mirror OpenSSL APIs, I think the approach is okay. We’ll have to wait for the next cryptography release then I guess. |
|
I cannot restart the tests, but I think we're good to go now. 😃 |
| """ | ||
| server, client = self._loopback() | ||
| server.send(b('xy')) | ||
| self.assertEquals(client.recv(2, MSG_PEEK), b('xy')) |
There was a problem hiding this comment.
please use assertEqual (no s) in new code, this variant is deprecated
|
sadly our pypy-builder is broken now :-/ meanwhile:
|
| :return: The string read from the Connection | ||
| """ | ||
| buf = _ffi.new("char[]", bufsiz) | ||
| result = _lib.SSL_read(self._ssl, buf, bufsiz) | ||
| if flags and flags & socket.MSG_PEEK: |
There was a problem hiding this comment.
please use flags is not None
|
you probably also should rebase while you’re at it, thanks :) |
|
Thanks for the feedback. I fixed alle the issues mentioned above and also added |
| @@ -1,3 +1,8 @@ | |||
| 2015-08-17 Maximilian Hils <pyopenssl@maximilianhils.com> | |||
|
|
|||
| * OpenSSL/SSL.py, : Add support for the ``MSG_PEEK`` flag to | |||
There was a problem hiding this comment.
while we have shit terrible changlog format you’ll have to add OpenSSL/test/test_ssl.py here too (and no trailing comma please, it slid in the previous entry, feel free to remove it :))
|
Thanks, I’ll wait for #298 to be merged now. As soon as we have a green Travis again, please rebase and we’ll finally be able to merge. Sorry for the inconvenience. |
| @@ -2998,6 +3008,15 @@ def test_bytearray_really_doesnt_overfill(self): | |||
| """ | |||
| self._doesnt_overfill_test(bytearray) | |||
|
|
|||
| def test_peek(self): | |||
There was a problem hiding this comment.
oh and while we’re waiting, pyOpenSSL has sadly the gross code convention to leave two lines between methods on a class, so you’ll have to fix it here and in the read tests too. I’m sorry, I really wish it hadn’t.
|
Rebase pls and report back. :) |
|
Here you go. 😉 |
|
thanks for trooping through :) |
Changes: 16.0.0 (2016-03-19) ------------------- This is the first release under full stewardship of PyCA. We have made *many* changes to make local development more pleasing. The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. It has been moved to `py.test <https://pytest.org/>`_, all CI test runs are part of `tox <https://testrun.org/tox/>`_ and the source code has been made fully `flake8 <https://flake8.readthedocs.org/>`_ compliant. We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations. Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency ``cryptography``. Affected users should upgrade to Python 3.3 or later. Deprecations: ^^^^^^^^^^^^^ - The support for EGD has been removed. The only affected function ``OpenSSL.rand.egd()`` now uses ``os.urandom()`` to seed the internal PRNG instead. Please see `pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>`_ for more background information on this decision. In accordance with our backward compatibility policy ``OpenSSL.rand.egd()`` will be *removed* no sooner than a year from the release of 16.0.0. Please note that you should `use urandom <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_ for all your secure random number needs. - Python 2.6 support has been deprecated. Our main dependency ``cryptography`` deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once ``cryptography`` does. Changes: ^^^^^^^^ - Fixed ``OpenSSL.SSL.Context.set_session_id``, ``OpenSSL.SSL.Connection.renegotiate``, ``OpenSSL.SSL.Connection.renegotiate_pending``, and ``OpenSSL.SSL.Context.load_client_ca``. They were lacking an implementation since 0.14. `#422 <https://github.com/pyca/pyopenssl/pull/422>`_ - Fixed segmentation fault when using keys larger than 4096-bit to sign data. `#428 <https://github.com/pyca/pyopenssl/pull/428>`_ - Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()`` was called before setting any app data. `#304 <https://github.com/pyca/pyopenssl/pull/304>`_ - Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey`` objects that represent public keys, and ``OpenSSL.crypto.load_publickey()`` to load such objects from serialized representations. `#382 <https://github.com/pyca/pyopenssl/pull/382>`_ - Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation list out to a string buffer. `#368 <https://github.com/pyca/pyopenssl/pull/368>`_ - Added ``OpenSSL.SSL.Connection.get_state_string()`` using the OpenSSL binding ``state_string_long``. `#358 <https://github.com/pyca/pyopenssl/pull/358>`_ - Added support for the ``socket.MSG_PEEK`` flag to ``OpenSSL.SSL.Connection.recv()`` and ``OpenSSL.SSL.Connection.recv_into()``. `#294 <https://github.com/pyca/pyopenssl/pull/294>`_ - Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and ``OpenSSL.SSL.Connection.get_protocol_version_name()``. `#244 <https://github.com/pyca/pyopenssl/pull/244>`_ - Switched to ``utf8string`` mask by default. OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8 characters present. This was changed to default to ``UTF8String`` in the config around 2005, but the actual code didn't change it until late last year. This will default us to the setting that actually works. To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``. `#234 <https://github.com/pyca/pyopenssl/pull/234>`_
This PR adds support for OpenSSL's
SSL_peekcommand, which is OpenSSL's (undocumented) equivalent ofMSG_PEEKfor normal sockets. I went for the straightforward way and mirrored the Python socket API - if you prefer a separatepeekmethod, I'm happy to adjust the PR.Tests may fail for now, as this requires the next cryptography release.