[Python-modules-commits] [python-gnutls] 01/08: Import python-gnutls_3.0.0.orig.tar.gz
Orestis Ioannou
oorestisime-guest at moszumanska.debian.org
Sun Apr 10 16:04:45 UTC 2016
This is an automated email from the git hooks/post-receive script.
oorestisime-guest pushed a commit to branch master
in repository python-gnutls.
commit 294e034d4b854d9c5c079f593d352f35c2a41787
Author: Orestis Ioannou <orestis at oioannou.com>
Date: Sun Apr 10 17:23:12 2016 +0200
Import python-gnutls_3.0.0.orig.tar.gz
---
ChangeLog | 12 +++
INSTALL | 52 ++++--------
LICENSE | 5 +-
PKG-INFO | 24 +++---
README | 14 ++--
examples/client.py | 3 +-
examples/server.py | 3 +-
examples/twisted-client.py | 5 +-
examples/twisted-server.py | 6 +-
gnutls/__info__.py | 14 ++++
gnutls/__init__.py | 5 +-
gnutls/connection.py | 147 +++++++++-------------------------
gnutls/constants.py | 17 ----
gnutls/crypto.py | 26 +-----
gnutls/errors.py | 2 -
gnutls/interfaces/__init__.py | 2 -
gnutls/interfaces/twisted/__init__.py | 42 +++++-----
gnutls/library/__init__.py | 28 ++++---
gnutls/library/constants.py | 7 --
gnutls/library/errors.py | 2 -
gnutls/library/functions.py | 114 +-------------------------
gnutls/library/types.py | 18 +++--
gnutls/validators.py | 79 +-----------------
setup.py | 42 +++++-----
24 files changed, 186 insertions(+), 483 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ab10655..560cf8d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+Changes in version 3.0.0
+------------------------
+
+ * Fixed check for OpenPGP support
+ * Don't force the reactor type in test scripts
+ * Support GnuTLS 3.4
+ * Refactor passing parameters to Session objects
+ * Added __info__ module with package details
+ * Minor improvements to the Debian packaging
+ * Updated installation instructions
+ * Fix tests with latest python-application
+
Changes in version 2.0.1
------------------------
diff --git a/INSTALL b/INSTALL
index 99c460a..f75b999 100644
--- a/INSTALL
+++ b/INSTALL
@@ -2,29 +2,19 @@
Installation procedure
----------------------
-Even though the installation procedures below indicate that python-gnutls
-works with python-2.4 or newer, we recommend that at least python-2.5 is
-used, or even better python-2.6. This is because starting with python-2.5
-python-ctypes was integrated in the standard python distribution and is no
-longer required as a separate dependency.
-
-
1. Linux / UNIX
Build dependencies:
- gcc
- - python and python-dev (>= 2.4)
+ - python and python-dev (>= 2.7)
Runtime dependencies:
- - libgnutls (>= 2.4.1)
- - the libgnutls dependencies (libgcrypt, libtasn1, libgpg-error, zlib)
- - python (>= 2.4)
- - python-ctypes (only when using python-2.4, othewrwise ctypes was
- integrated in python starting with version 2.5.0)
+ - libgnutls (>= 3.2.0)
+ - libgnutls dependencies
+ - python (>= 2.7)
To build and install python-gnutls run:
-python setup.py build
python setup.py install
@@ -35,16 +25,15 @@ Build dependencies:
- Apple Developer Tools (XCode)
Runtime dependencies:
- - libgnutls (>= 2.4.1)
- - the libgnutls dependencies (libgcrypt, libtasn1, libgpg-error, zlib)
+ - libgnutls (>= 3.2.0)
+ - libgnutls dependencies
- python (this is already preinstalled on every OS X)
-Note: libgnutls and its dependencies can be installed from macports, fink or
+Note: libgnutls and its dependencies can be installed from Homebre, MacPorts, Fink or
by compiling and installing them from source.
To build and install python-gnutls run:
-python setup.py build
python setup.py install
@@ -55,30 +44,25 @@ they were not tested.
Build dependencies:
- Visual Studio (the version must match the one used to build the python
- interpreter that will be used. For example the python-2.6 windows
+ interpreter that will be used. For example the python-2.7 windows
binaries from python.org were built with Visual Studio 9)
- libpthreads (http://sourceware.org/pthreads-win32)
- - python and python-dev (>= 2.4) (select to include the development files
+ - python and python-dev (>= 2.7) (select to include the development files
when installing python)
Runtime dependencies:
- - libgnutls (>= 2.4.1).
- - the libgnutls dependencies: libgcrypt, libtasn1, libgpg-error, zlib.
- (they are automatically installed when installing libgnutls from the
- binary packages provided by gnutls.org)
+ - libgnutls (>= 3.2)
+ - libgnutls dependencies
- libpthreads
- - python (>= 2.4)
- - python-ctypes (only when using python-2.4, othewrwise ctypes was
- integrated in python starting with version 2.5.0)
+ - python (>= 2.7)
Before building python-gnutls, copy the pthread header files (pthread.h,
sched.h, semaphore.h) to C:\Developer\include\ and the pthread developer
libraries (libpthread*.a and pthread*.lib) to C:\Developer\lib\ (create
these directories first).
-
+
To build and install python-gnutls run:
-python setup.py build
python setup.py install
In order to run an application based on python-gnutls, make sure that the
@@ -91,17 +75,15 @@ etc) are somewhere in %PATH%
Build dependencies:
- cygwin (>= 1.7.1)
- gcc
- - python and python-dev (>= 2.5)
+ - python and python-dev (>= 2.7)
Runtime dependencies:
- - libgnutls26 (>= 2.4.1)
- - the libgnutls dependencies (libgcrypt11, libtasn1, libgpg-error, zlib)
- (they will be installed automatically when libgnutls26 is installed)
- - python (>= 2.5)
+ - libgnutls (>= 3.2.0)
+ - libgnutls dependencies
+ - python (>= 2.7)
To build and install python-gnutls run:
-python setup.py build
python setup.py install
diff --git a/LICENSE b/LICENSE
index a84c968..1ea1f51 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,8 +1,5 @@
-Copyright (C) 2006-2007
-AG Projects
-Dan Pascu
-Mircea Amarascu
+Copyright (C) 2006-2016 AG Projects
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
diff --git a/PKG-INFO b/PKG-INFO
index 287e88e..c605372 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,26 +1,28 @@
Metadata-Version: 1.1
Name: python-gnutls
-Version: 2.0.1
-Summary: Python wrapper for the GNUTLS library
-Home-page: http://ag-projects.com/
+Version: 3.0.0
+Summary: Python wrapper for the GnuTLS library
+Home-page: https://github.com/AGProjects/python-gnutls
Author: Dan Pascu
Author-email: dan at ag-projects.com
License: LGPL
-Download-URL: http://cheeseshop.python.org/pypi/python-gnutls/2.0.1
-Description: This package provides a high level object oriented wrapper around libgnutls,
- as well as low level bindings to the GNUTLS types and functions via ctypes.
- The high level wrapper hides the details of accessing the GNUTLS library via
- ctypes behind a set of classes that encapsulate GNUTLS sessions, certificates
+Description:
+ Python wrapper for the GnuTLS library
+
+ This package provides a high level object oriented wrapper around libgnutls,
+ as well as low level bindings to the GnuTLS types and functions via ctypes.
+ The high level wrapper hides the details of accessing the GnuTLS library via
+ ctypes behind a set of classes that encapsulate GnuTLS sessions, certificates
and credentials and expose them to python applications using a simple API.
The package also includes a Twisted interface that has seamless intergration
with Twisted, providing connectTLS and listenTLS methods on the Twisted
reactor once imported (the methods are automatically attached to the reactor
- by simply importing the GNUTLS Twisted interface module).
+ by simply importing the GnuTLS Twisted interface module).
- The high level wrapper is written using the GNUTLS library bindings that are
+ The high level wrapper is written using the GnuTLS library bindings that are
made available via ctypes. This makes the wrapper very powerful and flexible
- as it has direct access to all the GNUTLS internals and is also very easy to
+ as it has direct access to all the GnuTLS internals and is also very easy to
extend without any need to write C code or recompile anything.
diff --git a/README b/README
index ef1052a..109bcee 100644
--- a/README
+++ b/README
@@ -1,19 +1,19 @@
-Python wrapper for the GNUTLS library
+Python wrapper for the GnuTLS library
This package provides a high level object oriented wrapper around libgnutls,
-as well as low level bindings to the GNUTLS types and functions via ctypes.
-The high level wrapper hides the details of accessing the GNUTLS library via
-ctypes behind a set of classes that encapsulate GNUTLS sessions, certificates
+as well as low level bindings to the GnuTLS types and functions via ctypes.
+The high level wrapper hides the details of accessing the GnuTLS library via
+ctypes behind a set of classes that encapsulate GnuTLS sessions, certificates
and credentials and expose them to python applications using a simple API.
The package also includes a Twisted interface that has seamless intergration
with Twisted, providing connectTLS and listenTLS methods on the Twisted
reactor once imported (the methods are automatically attached to the reactor
-by simply importing the GNUTLS Twisted interface module).
+by simply importing the GnuTLS Twisted interface module).
-The high level wrapper is written using the GNUTLS library bindings that are
+The high level wrapper is written using the GnuTLS library bindings that are
made available via ctypes. This makes the wrapper very powerful and flexible
-as it has direct access to all the GNUTLS internals and is also very easy to
+as it has direct access to all the GnuTLS internals and is also very easy to
extend without any need to write C code or recompile anything.
diff --git a/examples/client.py b/examples/client.py
index 1f40006..acd4a49 100755
--- a/examples/client.py
+++ b/examples/client.py
@@ -17,9 +17,10 @@ key = X509PrivateKey(open(certs_path + '/valid.key').read())
ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key)
+context = TLSContext(cred)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-session = ClientSession(sock, cred)
+session = ClientSession(sock, context)
session.connect(('localhost', 10000))
session.handshake()
diff --git a/examples/server.py b/examples/server.py
index 3708d63..a1ec41a 100755
--- a/examples/server.py
+++ b/examples/server.py
@@ -18,10 +18,11 @@ key = X509PrivateKey(open(certs_path + '/valid.key').read())
ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key, [ca], [crl])
+context = TLSContext(cred)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-ssf = ServerSessionFactory(sock, cred)
+ssf = ServerSessionFactory(sock, context)
ssf.bind(('0.0.0.0', 10000))
ssf.listen(100)
diff --git a/examples/twisted-client.py b/examples/twisted-client.py
index afd3306..d64a2b5 100755
--- a/examples/twisted-client.py
+++ b/examples/twisted-client.py
@@ -13,7 +13,7 @@ from twisted.internet import reactor
from gnutls.constants import *
from gnutls.crypto import *
from gnutls.errors import *
-from gnutls.interfaces.twisted import X509Credentials
+from gnutls.interfaces.twisted import TLSContext, X509Credentials
class EchoProtocol(LineOnlyReceiver):
@@ -46,7 +46,8 @@ ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key, [ca])
cred.verify_peer = True
+context = TLSContext(cred, session_parameters="NORMAL:-COMP-ALL:+COMP-DEFLATE:+COMP-NULL")
-reactor.connectTLS('localhost', 10000, EchoFactory(), cred)
+reactor.connectTLS('localhost', 10000, EchoFactory(), context)
reactor.run()
diff --git a/examples/twisted-server.py b/examples/twisted-server.py
index 0dd4a76..774b92d 100755
--- a/examples/twisted-server.py
+++ b/examples/twisted-server.py
@@ -13,7 +13,7 @@ from twisted.internet import reactor
from gnutls.constants import *
from gnutls.crypto import *
from gnutls.errors import *
-from gnutls.interfaces.twisted import X509Credentials
+from gnutls.interfaces.twisted import TLSContext, X509Credentials
class EchoProtocol(LineOnlyReceiver):
@@ -52,8 +52,8 @@ ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key, [ca], [crl])
cred.verify_peer = True
-cred.session_params.compressions = (COMP_LZO, COMP_DEFLATE, COMP_NULL)
+context = TLSContext(cred, session_parameters="NORMAL:+COMP-DEFLATE")
-reactor.listenTLS(10000, EchoFactory(), cred)
+reactor.listenTLS(10000, EchoFactory(), context)
reactor.run()
diff --git a/gnutls/__info__.py b/gnutls/__info__.py
new file mode 100644
index 0000000..61c8698
--- /dev/null
+++ b/gnutls/__info__.py
@@ -0,0 +1,14 @@
+
+"""Package information"""
+
+__project__ = "python-gnutls"
+__summary__ = "Python wrapper for the GnuTLS library"
+__webpage__ = "https://github.com/AGProjects/python-gnutls"
+
+__version__ = "3.0.0"
+
+__author__ = "Dan Pascu"
+__email__ = "dan at ag-projects.com"
+
+__license__ = "LGPL"
+__copyright__ = "Copyright 2006-2016 {}".format(__author__)
diff --git a/gnutls/__init__.py b/gnutls/__init__.py
index 6946090..8d07ed9 100644
--- a/gnutls/__init__.py
+++ b/gnutls/__init__.py
@@ -1,5 +1,4 @@
-# Copyright (C) 2007 AG Projects. See LICENSE for details.
-#
-__version__ = '2.0.1'
+"""Python wrapper for the GnuTLS library"""
+from gnutls.__info__ import __project__, __summary__, __webpage__, __version__, __author__, __email__, __license__, __copyright__
diff --git a/gnutls/connection.py b/gnutls/connection.py
index ca30de3..f4de436 100644
--- a/gnutls/connection.py
+++ b/gnutls/connection.py
@@ -1,9 +1,7 @@
-# Copyright (C) 2007-2008 AG Projects. See LICENSE for details.
-#
"""GNUTLS connection support"""
-__all__ = ['X509Credentials', 'ClientSession', 'ServerSession', 'ServerSessionFactory']
+__all__ = ['X509Credentials', 'TLSContext', 'ClientSession', 'ServerSession', 'ServerSessionFactory']
from time import time
from socket import SHUT_RDWR as SOCKET_SHUT_RDWR
@@ -24,20 +22,21 @@ from gnutls.library.constants import GNUTLS_A_UNKNOWN_CA, GNUTLS_A_INSUFFICIENT_
from gnutls.library.constants import GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_REVOKED
from gnutls.library.constants import GNUTLS_NAME_DNS
from gnutls.library.types import gnutls_certificate_credentials_t, gnutls_session_t, gnutls_x509_crt_t
-from gnutls.library.types import gnutls_certificate_server_retrieve_function
+from gnutls.library.types import gnutls_certificate_retrieve_function
+from gnutls.library.types import gnutls_priority_t
from gnutls.library.functions import *
- at gnutls_certificate_server_retrieve_function
-def _retrieve_server_certificate(c_session, retr_st):
+ at gnutls_certificate_retrieve_function
+def _retrieve_certificate(c_session, req_ca_dn, nreqs, pk_algos, pk_algos_length, retr_st):
session = PyObj_FromPtr(gnutls_session_get_ptr(c_session))
identity = session.credentials.select_server_identity(session)
- retr_st.contents.type = GNUTLS_CRT_X509
retr_st.contents.deinit_all = 0
if identity is None:
retr_st.contents.ncerts = 0
else:
retr_st.contents.ncerts = 1
+ retr_st.contents.cert_type = GNUTLS_CRT_X509
retr_st.contents.cert.x509.contents = identity.cert._c_object
retr_st.contents.key.x509 = identity.key._c_object
return 0
@@ -69,12 +68,6 @@ class _ServerNameIdentities(dict):
class X509Credentials(object):
- DH_BITS = 1024
- RSA_BITS = 1024
-
- dh_params = None
- rsa_params = None
-
def __new__(cls, *args, **kwargs):
c_object = gnutls_certificate_credentials_t()
gnutls_certificate_allocate_credentials(byref(c_object))
@@ -91,7 +84,7 @@ class X509Credentials(object):
gnutls_certificate_set_x509_key(self._c_object, byref(cert._c_object), 1, key._c_object)
elif (cert, key) != (None, None):
raise ValueError("Specify neither or both the certificate and private key")
- gnutls_certificate_server_set_retrieve_function(self._c_object, _retrieve_server_certificate)
+ gnutls_certificate_set_retrieve_function(self._c_object, _retrieve_certificate)
self._max_depth = 5
self._max_bits = 8200
self._type = CRED_CERTIFICATE
@@ -104,7 +97,6 @@ class X509Credentials(object):
self.server_name_identities = _ServerNameIdentities(identities)
if cert and key:
self.server_name_identities.add(X509Identity(cert, key))
- self.session_params = SessionParams(self._type)
def __del__(self):
self.__deinit(self._c_object)
@@ -119,16 +111,6 @@ class X509Credentials(object):
gnutls_certificate_set_x509_trust(self._c_object, cast(byref(ca_list), POINTER(gnutls_x509_crt_t)), size)
self._trusted = self._trusted + tuple(trusted)
- def generate_dh_params(self, bits=DH_BITS):
- reference = self.dh_params ## keep a reference to preserve it until replaced
- X509Credentials.dh_params = DHParams(bits)
- del reference
-
- def generate_rsa_params(self, bits=RSA_BITS):
- reference = self.rsa_params ## keep a reference to preserve it until replaced
- X509Credentials.rsa_params = RSAParams(bits)
- del reference
-
# Properties
@property
@@ -197,66 +179,25 @@ class X509Credentials(object):
return None
-class SessionParams(object):
- _default_kx_algorithms = {
- CRED_CERTIFICATE: (KX_RSA, KX_DHE_DSS, KX_DHE_RSA),
- CRED_ANON: (KX_ANON_DH,)}
- _all_kx_algorithms = {
- CRED_CERTIFICATE: set((KX_RSA, KX_DHE_DSS, KX_DHE_RSA, KX_RSA_EXPORT)),
- CRED_ANON: set((KX_ANON_DH,))}
-
- def __new__(cls, credentials_type):
- if credentials_type not in cls._default_kx_algorithms:
- raise TypeError("Unknown credentials type: %r" % credentials_type)
- return object.__new__(cls)
-
- def __init__(self, credentials_type):
- self._credentials_type = credentials_type
- self._protocols = (PROTO_TLS1_1, PROTO_TLS1_0, PROTO_SSL3)
- self._kx_algorithms = self._default_kx_algorithms[credentials_type]
- self._ciphers = (CIPHER_AES_128_CBC, CIPHER_3DES_CBC, CIPHER_ARCFOUR_128)
- self._mac_algorithms = (MAC_SHA1, MAC_MD5, MAC_RMD160)
- self._compressions = (COMP_NULL,)
-
- def _get_protocols(self):
- return self._protocols
- def _set_protocols(self, protocols):
- self._protocols = ProtocolListValidator(protocols)
- protocols = property(_get_protocols, _set_protocols)
- del _get_protocols, _set_protocols
-
- def _get_kx_algorithms(self):
- return self._kx_algorithms
- def _set_kx_algorithms(self, algorithms):
- cred_type = self._credentials_type
- algorithms = KeyExchangeListValidator(algorithms)
- invalid = set(algorithms) - self._all_kx_algorithms[cred_type]
- if invalid:
- raise ValueError("Cannot specify %r with %r credentials" % (list(invalid), cred_type))
- self._kx_algorithms = algorithms
- kx_algorithms = property(_get_kx_algorithms, _set_kx_algorithms)
- del _get_kx_algorithms, _set_kx_algorithms
-
- def _get_ciphers(self):
- return self._ciphers
- def _set_ciphers(self, ciphers):
- self._ciphers = CipherListValidator(ciphers)
- ciphers = property(_get_ciphers, _set_ciphers)
- del _get_ciphers, _set_ciphers
-
- def _get_mac_algorithms(self):
- return self._mac_algorithms
- def _set_mac_algorithms(self, algorithms):
- self._mac_algorithms = MACListValidator(algorithms)
- mac_algorithms = property(_get_mac_algorithms, _set_mac_algorithms)
- del _get_mac_algorithms, _set_mac_algorithms
-
- def _get_compressions(self):
- return self._compressions
- def _set_compressions(self, compressions):
- self._compressions = CompressionListValidator(compressions)
- compressions = property(_get_compressions, _set_compressions)
- del _get_compressions, _set_compressions
+class TLSContext(object):
+ def __init__(self, credentials, session_parameters=None):
+ self.credentials = credentials
+ self.session_parameters = session_parameters
+
+ @property
+ def session_parameters(self):
+ return self.__dict__.get('session_parameters')
+
+ @session_parameters.setter
+ def session_parameters(self, value):
+ priority = gnutls_priority_t()
+ try:
+ gnutls_priority_init(byref(priority), value, None)
+ except GNUTLSError:
+ raise ValueError("invalid session parameters: %s" % value)
+ else:
+ gnutls_priority_deinit(priority)
+ self.__dict__['session_parameters'] = value
class Session(object):
@@ -273,17 +214,16 @@ class Session(object):
instance._c_object = gnutls_session_t()
return instance
- def __init__(self, socket, credentials):
+ def __init__(self, socket, context):
gnutls_init(byref(self._c_object), self.session_type)
## Store a pointer to self on the C session
gnutls_session_set_ptr(self._c_object, id(self))
gnutls_set_default_priority(self._c_object)
- # gnutls_dh_set_prime_bits(session, DH_BITS)?
+ gnutls_priority_set_direct(self._c_object, context.session_parameters, None)
gnutls_transport_set_ptr(self._c_object, socket.fileno())
gnutls_handshake_set_private_extensions(self._c_object, 1)
self.socket = socket
- self.credentials = credentials
- self._update_params()
+ self.credentials = context.credentials
def __del__(self):
self.__deinit(self._c_object)
@@ -353,24 +293,9 @@ class Session(object):
# Session methods
- def _update_params(self):
- """Update the priorities of the session params using the credentials."""
- def c_priority_list(priorities):
- size = len(priorities) + 1
- return (c_int * size)(*priorities)
- session_params = self.credentials.session_params
- # protocol order in the priority list is irrelevant (it always uses newer protocols first)
- # the protocol list only specifies what protocols are to be enabled.
- gnutls_protocol_set_priority(self._c_object, c_priority_list(session_params.protocols))
- gnutls_kx_set_priority(self._c_object, c_priority_list(session_params.kx_algorithms))
- gnutls_cipher_set_priority(self._c_object, c_priority_list(session_params.ciphers))
- gnutls_mac_set_priority(self._c_object, c_priority_list(session_params.mac_algorithms))
- gnutls_compression_set_priority(self._c_object, c_priority_list(session_params.compressions))
-
def handshake(self):
gnutls_handshake(self._c_object)
- #@method_args((basestring, buffer))
def send(self, data):
data = str(data)
if not data:
@@ -428,8 +353,8 @@ class Session(object):
class ClientSession(Session):
session_type = GNUTLS_CLIENT
- def __init__(self, socket, credentials, server_name=None):
- Session.__init__(self, socket, credentials)
+ def __init__(self, socket, context, server_name=None):
+ Session.__init__(self, socket, context)
self._server_name = None
if server_name is not None:
self.server_name = server_name
@@ -447,8 +372,8 @@ class ClientSession(Session):
class ServerSession(Session):
session_type = GNUTLS_SERVER
- def __init__(self, socket, credentials):
- Session.__init__(self, socket, credentials)
+ def __init__(self, socket, context):
+ Session.__init__(self, socket, context)
gnutls_certificate_server_set_request(self._c_object, CERT_REQUEST)
@property
@@ -473,11 +398,11 @@ class ServerSession(Session):
class ServerSessionFactory(object):
- def __init__(self, socket, credentials, session_class=ServerSession):
+ def __init__(self, socket, context, session_class=ServerSession):
if not issubclass(session_class, ServerSession):
raise TypeError, "session_class must be a subclass of ServerSession"
self.socket = socket
- self.credentials = credentials
+ self.context = context
self.session_class = session_class
def __getattr__(self, name):
@@ -492,7 +417,7 @@ class ServerSessionFactory(object):
def accept(self):
new_sock, address = self.socket.accept()
- session = self.session_class(new_sock, self.credentials)
+ session = self.session_class(new_sock, self.context)
return (session, address)
def shutdown(self, how=SOCKET_SHUT_RDWR):
diff --git a/gnutls/constants.py b/gnutls/constants.py
index e1e9082..1bdf839 100644
--- a/gnutls/constants.py
+++ b/gnutls/constants.py
@@ -1,24 +1,7 @@
-# Copyright (C) 2007 AG Projects. See LICENSE for details.
-#
"""GNUTLS constants"""
__all__ = [
- ## GNUTLS session protocols
- 'PROTO_TLS1_2', 'PROTO_TLS1_1', 'PROTO_TLS1_0', 'PROTO_SSL3',
-
- ## Key exchange algorithms
- 'KX_RSA', 'KX_DHE_DSS', 'KX_DHE_RSA', 'KX_RSA_EXPORT', 'KX_ANON_DH',
-
- ## Ciphers
- 'CIPHER_AES_128_CBC', 'CIPHER_3DES_CBC', 'CIPHER_ARCFOUR_128', 'CIPHER_AES_256_CBC', 'CIPHER_DES_CBC', 'CIPHER_CAMELLIA_256_CBC', 'CIPHER_CAMELLIA_128_CBC',
-
- ## MAC algorithms
- 'MAC_SHA512', 'MAC_SHA384', 'MAC_SHA256', 'MAC_SHA1', 'MAC_MD5', 'MAC_RMD160',
-
- ## Compressions
- 'COMP_DEFLATE', 'COMP_LZO', 'COMP_NULL',
-
## Credential types
'CRED_CERTIFICATE', 'CRED_ANON',
diff --git a/gnutls/crypto.py b/gnutls/crypto.py
index 58dc255..1145902 100644
--- a/gnutls/crypto.py
+++ b/gnutls/crypto.py
@@ -1,9 +1,7 @@
-# Copyright (C) 2007 AG Projects. See LICENSE for details.
-#
"""GNUTLS crypto support"""
-__all__ = ['X509Name', 'X509Certificate', 'X509PrivateKey', 'X509Identity', 'X509CRL', 'DHParams', 'RSAParams']
+__all__ = ['X509Name', 'X509Certificate', 'X509PrivateKey', 'X509Identity', 'X509CRL', 'DHParams']
import re
from ctypes import *
@@ -328,25 +326,3 @@ class DHParams(object):
def __del__(self):
self.__deinit(self._c_object)
-
-class RSAParams(object):
- def __new__(cls, *args, **kwargs):
- instance = object.__new__(cls)
- instance.__deinit = gnutls_rsa_params_deinit
- instance._c_object = gnutls_rsa_params_t()
- return instance
-
- @method_args(int)
- def __init__(self, bits=1024):
- gnutls_rsa_params_init(byref(self._c_object))
- gnutls_rsa_params_generate2(self._c_object, bits)
-
- def __get__(self, obj, type_=None):
- return self._c_object
-
- def __set__(self, obj, value):
- raise AttributeError("Read-only attribute")
-
- def __del__(self):
- self.__deinit(self._c_object)
-
diff --git a/gnutls/errors.py b/gnutls/errors.py
index 592ba1d..01dd2a7 100644
--- a/gnutls/errors.py
+++ b/gnutls/errors.py
@@ -1,5 +1,3 @@
-# Copyright (C) 2007 AG Projects. See LICENSE for details.
-#
"""GNUTLS errors"""
diff --git a/gnutls/interfaces/__init__.py b/gnutls/interfaces/__init__.py
index dc64199..e69de29 100644
--- a/gnutls/interfaces/__init__.py
+++ b/gnutls/interfaces/__init__.py
@@ -1,2 +0,0 @@
-# Copyright (C) 2007 AG Projects. See LICENSE for details.
-#
diff --git a/gnutls/interfaces/twisted/__init__.py b/gnutls/interfaces/twisted/__init__.py
index 4f55b5a..712efbd 100644
--- a/gnutls/interfaces/twisted/__init__.py
+++ b/gnutls/interfaces/twisted/__init__.py
@@ -1,9 +1,7 @@
-# Copyright (C) 2007-2008 AG Projects. See LICENSE for details.
-#
"""GNUTLS Twisted interface"""
-__all__ = ['X509Credentials', 'connectTLS', 'listenTLS']
+__all__ = ['X509Credentials', 'TLSContext', 'connectTLS', 'listenTLS']
from time import time
@@ -13,7 +11,7 @@ from twisted.internet import main, base, interfaces, abstract, tcp, error
from zope.interface import implementsOnly, implementedBy
from gnutls.connection import ClientSession, ServerSession, ServerSessionFactory
-from gnutls.connection import X509Credentials as _X509Credentials
+from gnutls.connection import TLSContext, X509Credentials as _X509Credentials
from gnutls.constants import SHUT_RDWR, SHUT_WR
from gnutls.errors import *
@@ -140,21 +138,21 @@ class TLSClient(TLSMixin, tcp.Client):
implementsOnly(interfaces.ISSLTransport, *[i for i in implementedBy(tcp.Client) if i != interfaces.ITLSTransport])
- def __init__(self, host, port, bindAddress, credentials, connector, reactor=None, server_name=None):
- self.credentials = credentials
+ def __init__(self, host, port, bindAddress, context, connector, reactor=None, server_name=None):
+ self.context = context
self.server_name = server_name
self.__watchdog = None
tcp.Client.__init__(self, host, port, bindAddress, connector, reactor)
def createInternetSocket(self):
sock = tcp.Client.createInternetSocket(self)
- return ClientSession(sock, self.credentials, self.server_name)
+ return ClientSession(sock, self.context, self.server_name)
def _recurrentVerify(self):
if not self.connected or self.disconnecting:
return
try:
- self.credentials.verify_callback(self.socket.peer_certificate)
+ self.context.credentials.verify_callback(self.socket.peer_certificate)
except Exception, e:
self.loseConnection(e)
return
@@ -163,7 +161,7 @@ class TLSClient(TLSMixin, tcp.Client):
def _verifyPeer(self):
session = self.socket
- credentials = self.credentials
+ credentials = self.context.credentials
if not credentials.verify_peer:
return
try:
@@ -230,16 +228,16 @@ class TLSClient(TLSMixin, tcp.Client):
class TLSConnector(base.BaseConnector):
- def __init__(self, host, port, factory, credentials, timeout, bindAddress, reactor=None, server_name=None):
+ def __init__(self, host, port, factory, context, timeout, bindAddress, reactor=None, server_name=None):
self.host = host
self.port = port
self.bindAddress = bindAddress
- self.credentials = credentials
+ self.context = context
self.server_name = server_name
base.BaseConnector.__init__(self, factory, timeout, reactor)
def _makeTransport(self):
- return TLSClient(self.host, self.port, self.bindAddress, self.credentials, self, self.reactor, self.server_name)
+ return TLSClient(self.host, self.port, self.bindAddress, self.context, self, self.reactor, self.server_name)
class TLSServer(TLSMixin, tcp.Server):
@@ -249,7 +247,7 @@ class TLSServer(TLSMixin, tcp.Server):
def __init__(self, sock, protocol, client, server, sessionno, *args, **kw):
self.__watchdog = None
- self.credentials = server.credentials
+ self.context = server.context
tcp.Server.__init__(self, sock, protocol, client, server, sessionno, *args, **kw)
self.protocol.makeConnection = lambda *args: None
self.protocol.transport = self ## because we may call connectionLost without connectionMade
@@ -259,7 +257,7 @@ class TLSServer(TLSMixin, tcp.Server):
if not self.connected or self.disconnecting:
return
try:
- self.credentials.verify_callback(self.socket.peer_certificate)
+ self.context.credentials.verify_callback(self.socket.peer_certificate)
except Exception, e:
self.loseConnection(e)
return
@@ -268,7 +266,7 @@ class TLSServer(TLSMixin, tcp.Server):
def _verifyPeer(self):
session = self.socket
- credentials = self.credentials
+ credentials = self.context.credentials
if not credentials.verify_peer:
return
try:
@@ -332,24 +330,24 @@ class TLSPort(tcp.Port):
transport = TLSServer
- def __init__(self, port, factory, credentials, backlog=50, interface='', reactor=None, session_class=ServerSession):
+ def __init__(self, port, factory, context, backlog=50, interface='', reactor=None, session_class=ServerSession):
tcp.Port.__init__(self, port, factory, backlog, interface, reactor)
- self.credentials = credentials
+ self.context = context
self.session_class = session_class
def createInternetSocket(self):
sock = tcp.Port.createInternetSocket(self)
- return ServerSessionFactory(sock, self.credentials, self.session_class)
+ return ServerSessionFactory(sock, self.context, self.session_class)
-def connectTLS(reactor, host, port, factory, credentials, timeout=30, bindAddress=None, server_name=None):
- c = TLSConnector(host, port, factory, credentials, timeout, bindAddress, reactor, server_name)
+def connectTLS(reactor, host, port, factory, context, timeout=30, bindAddress=None, server_name=None):
+ c = TLSConnector(host, port, factory, context, timeout, bindAddress, reactor, server_name)
c.connect()
return c
-def listenTLS(reactor, port, factory, credentials, backlog=50, interface='', session_class=ServerSession):
- p = TLSPort(port, factory, credentials, backlog, interface, reactor, session_class)
+def listenTLS(reactor, port, factory, context, backlog=50, interface='', session_class=ServerSession):
+ p = TLSPort(port, factory, context, backlog, interface, reactor, session_class)
p.startListening()
return p
diff --git a/gnutls/library/__init__.py b/gnutls/library/__init__.py
index 7c404b3..3e35662 100644
--- a/gnutls/library/__init__.py
+++ b/gnutls/library/__init__.py
@@ -1,6 +1,5 @@
-# Copyright (C) 2007-2010 AG Projects. See LICENSE for details.
-#
+from itertools import chain
__all__ = ['constants', 'errors', 'functions', 'types']
@@ -13,25 +12,25 @@ def get_system_name():
return system
-def library_locations(version):
+def library_locations(abi_version):
import os
system = get_system_name()
if system == 'darwin':
- library_names = ['libgnutls.%d.dylib' % version]
+ library_names = ['libgnutls.%d.dylib' % abi_version]
dynamic_loader_env_vars = ['DYLD_LIBRARY_PATH', 'LD_LIBRARY_PATH']
additional_paths = ['/usr/local/lib', '/opt/local/lib', '/sw/lib']
elif system == 'windows':
- library_names = ['libgnutls-%d.dll' % version]
+ library_names = ['libgnutls-%d.dll' % abi_version]
dynamic_loader_env_vars = ['PATH']
additional_paths = ['.']
elif system == 'cygwin':
- library_names = ['cyggnutls-%d.dll' % version]
+ library_names = ['cyggnutls-%d.dll' % abi_version]
dynamic_loader_env_vars = ['LD_LIBRARY_PATH']
additional_paths = ['/usr/bin']
else:
# Debian uses libgnutls-deb0.so.28, go figure
- library_names = ['libgnutls.so.%d' % version, 'libgnutls-deb0.so.%d' % version]
+ library_names = ['libgnutls.so.%d' % abi_version, 'libgnutls-deb0.so.%d' % abi_version]
dynamic_loader_env_vars = ['LD_LIBRARY_PATH']
additional_paths = ['/usr/local/lib']
for library_name in library_names:
@@ -42,10 +41,10 @@ def library_locations(version):
yield os.path.join(path, library_name)
-def load_library(version):
+def load_library(abi_versions):
from ctypes import CDLL
- for library in library_locations(version):
+ for library in chain.from_iterable(library_locations(abi_version) for abi_version in sorted(abi_versions, reverse=True)):
try:
return CDLL(library)
except OSError:
@@ -53,11 +52,10 @@ def load_library(version):
else:
break
else:
- raise RuntimeError('cannot find libgnutls on this system')
+ raise RuntimeError('cannot find a supported version of libgnutls on this system')
-libgnutls = load_library(version=28)
-libgnutls.gnutls_global_init()
+libgnutls = load_library(abi_versions=(28, 30)) # will use the highest of the available ABI versions
from gnutls.library import constants
@@ -66,12 +64,16 @@ from gnutls.library import functions
from gnutls.library import types
-__need_version__ = '3.1.4'
+__need_version__ = '3.2.0'
if functions.gnutls_check_version(__need_version__) is None:
version = functions.gnutls_check_version(None)
raise RuntimeError("Found GNUTLS library version %s, but at least version %s is required" % (version, __need_version__))
+# calling gnutls_global_init is no longer required starting with gnutls 3.3
+if functions.gnutls_check_version('3.3') is None:
+ libgnutls.gnutls_global_init()
+
del get_system_name, library_locations, load_library
diff --git a/gnutls/library/constants.py b/gnutls/library/constants.py
index a24090e..2778c9f 100644
--- a/gnutls/library/constants.py
+++ b/gnutls/library/constants.py
@@ -1,8 +1,3 @@
-# Copyright (C) 2007-2010 AG Projects. See LICENSE for details.
-#
-
-from ctypes import *
-
GNUTLS_AL_FATAL = 2
GNUTLS_AL_WARNING = 1
@@ -57,7 +52,6 @@ GNUTLS_CIPHER_RC2_40_CBC = 90
GNUTLS_CIPHER_UNKNOWN = 0
GNUTLS_CLIENT = 2
GNUTLS_COMP_DEFLATE = 2
-GNUTLS_COMP_LZO = 3
GNUTLS_COMP_NULL = 1
GNUTLS_COMP_UNKNOWN = 0
GNUTLS_CRD_ANON = 2
@@ -138,7 +132,6 @@ GNUTLS_E_INVALID_SESSION = -10 # Variable c_int
GNUTLS_E_KEY_USAGE_VIOLATION = -48 # Variable c_int
GNUTLS_E_LARGE_PACKET = -7 # Variable c_int
GNUTLS_E_LIBRARY_VERSION_MISMATCH = -83 # Variable c_int
-GNUTLS_E_LZO_INIT_FAILED = -85 # Variable c_int
GNUTLS_E_MAC_VERIFY_FAILED = -100 # Variable c_int
GNUTLS_E_MEMORY_ERROR = -25 # Variable c_int
GNUTLS_E_MPI_PRINT_FAILED = -35 # Variable c_int
diff --git a/gnutls/library/errors.py b/gnutls/library/errors.py
index c78596a..02b738f 100644
--- a/gnutls/library/errors.py
+++ b/gnutls/library/errors.py
@@ -1,5 +1,3 @@
-# Copyright (C) 2007 AG Projects. See LICENSE for details.
-#
"""GNUTLS library errors"""
diff --git a/gnutls/library/functions.py b/gnutls/library/functions.py
index 5c82d7f..654dae7 100644
--- a/gnutls/library/functions.py
+++ b/gnutls/library/functions.py
@@ -1,5 +1,3 @@
-# Copyright (C) 2007-2010 AG Projects. See LICENSE for details.
-#
import sys
from ctypes import *
@@ -84,9 +82,9 @@ gnutls_certificate_client_get_request_status = libgnutls.gnutls_certificate_clie
gnutls_certificate_client_get_request_status.argtypes = [gnutls_session_t]
gnutls_certificate_client_get_request_status.restype = c_int
... 434 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-gnutls.git
More information about the Python-modules-commits
mailing list