compio-py-dynamic-openssl 0.5.0

Dynamic OpenSSL implementation for compio-py
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

// SPDX-License-Identifier: Apache-2.0 OR MulanPSL-2.0
// Copyright 2026 Fantix King

use std::{
    ffi::OsStr,
    io::{Read, Write},
    net::IpAddr,
};

use compio_log::debug;
pub use pyo3;
use pyo3::{
    ffi::{PyObject, c_str},
    prelude::*,
    types::PyDict,
};

use self::{
    loader::get,
    ssl::{HandshakeError, Ssl, SslStream},
    sys as ffi,
};

pub mod bio;
pub mod error;
pub mod loader;
pub mod ssl;
pub mod sys;

pub struct SSLContext {
    ptr: *mut ffi::SSL_CTX,
    pyobj: Py<PyAny>,
}

impl TryFrom<Bound<'_, PyAny>> for SSLContext {
    type Error = PyErr;

    fn try_from(obj: Bound<PyAny>) -> PyResult<Self> {
        #[repr(C)]
        struct PySSLContext {
            ob_base: PyObject,
            ctx: *mut ffi::SSL_CTX,
        }

        unsafe {
            let ptr = obj.as_ptr() as *const PySSLContext;
            let ptr = (*ptr).ctx;
            if ptr.is_null() {
                return Err(pyo3::exceptions::PyValueError::new_err(
                    "SSLContext has null SSL_CTX",
                ));
            }
            Ok(Self {
                ptr,
                pyobj: obj.unbind(),
            })
        }
    }
}

impl SSLContext {
    pub fn connect<S>(&self, domain: &str, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
    where
        S: Read + Write,
    {
        let mut ssl = Ssl::new(self.ptr)?;
        let ip = domain.parse::<IpAddr>().ok();
        if ip.is_none() {
            ssl.set_hostname(domain)?;
        }
        let res = Python::attach(|py| {
            self.pyobj
                .bind(py)
                .getattr("check_hostname")?
                .extract::<bool>()
        });
        match res {
            Ok(true) => {
                let param = ssl.param_mut();
                match ip {
                    Some(ip) => param.set_ip(ip)?,
                    None => param.set_host(domain)?,
                }
            }
            Ok(false) => {}
            Err(e) => panic!("{e}"),
        }

        ssl.connect(stream)
    }

    pub fn accept<S>(&self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
    where
        S: Read + Write,
    {
        let ssl = Ssl::new(self.ptr)?;
        ssl.accept(stream)
    }
}

impl Clone for SSLContext {
    fn clone(&self) -> Self {
        Python::attach(|py| Self {
            ptr: self.ptr,
            pyobj: self.pyobj.clone_ref(py),
        })
    }
}

pub fn load_py(py: Python) -> PyResult<bool> {
    if loader::is_loaded() {
        return Ok(true);
    }

    let find_lib = c_str!(
        r#"
import inspect, ssl
try:
    lib = inspect.getfile(ssl.SSLSession)
except TypeError:
    import os, sysconfig
    lib = os.path.join(sysconfig.get_config_var("LIBDIR"), sysconfig.get_config_var("LDLIBRARY"))
"#
    );
    let locals = PyDict::new(py);
    py.run(find_lib, None, Some(&locals))?;
    let lib = locals
        .get_item("lib")?
        .expect("defined lib")
        .extract::<String>()?;
    match py.detach(|| loader::load(OsStr::new(&lib))) {
        Ok(()) => Ok(true),
        Err(loader::Error::AlreadyLoaded) => Ok(true),
        Err(loader::Error::LibraryNotFound) => {
            debug!("Failed to load OpenSSL: library not found");
            Ok(false)
        }
        Err(loader::Error::IoError(_e)) => {
            debug!("Failed to load OpenSSL: {_e}");
            Ok(false)
        }
        Err(loader::Error::VersionTooOld) => {
            debug!("Failed to load OpenSSL: version is too old");
            Ok(false)
        }
        Err(loader::Error::Loader(_e)) => {
            debug!("Failed to load OpenSSL: {_e}");
            Ok(false)
        }
        #[cfg(windows)]
        Err(loader::Error::PE(_e)) => {
            debug!("Failed to load OpenSSL: {_e}");
            Ok(false)
        }
    }
}