1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
|
From bb7d7a803665005cc72ad68a388e9e937ff3d2f6 Mon Sep 17 00:00:00 2001
From: Josef Schlehofer <pepe.schlehofer@gmail.com>
Date: Sat, 23 Mar 2019 21:02:17 +0100
Subject: [PATCH] support for mbedTLS
---
INSTALL.rst | 4 ++--
doc/thread-safety.rst | 2 +-
setup.py | 28 +++++++++++++++++++++-------
src/module.c | 6 ++++--
src/pycurl.h | 7 ++++++-
src/threadsupport.c | 39 +++++++++++++++++++++++++++++++++++++++
6 files changed, 73 insertions(+), 13 deletions(-)
diff --git a/INSTALL.rst b/INSTALL.rst
index 8ad8b4f..da70d25 100644
--- a/INSTALL.rst
+++ b/INSTALL.rst
@@ -53,7 +53,7 @@ It will then fail at runtime as follows::
To fix this, you need to tell ``setup.py`` what SSL backend is used::
- python setup.py --with-[openssl|gnutls|nss] install
+ python setup.py --with-[openssl|gnutls|nss|mbedtls] install
Note: as of PycURL 7.21.5, setup.py accepts ``--with-openssl`` option to
indicate that libcurl is built against OpenSSL. ``--with-ssl`` is an alias
@@ -85,7 +85,7 @@ environment variable::
The same applies to the SSL backend, if you need to specify it (see the SSL
note above)::
- export PYCURL_SSL_LIBRARY=[openssl|gnutls|nss]
+ export PYCURL_SSL_LIBRARY=[openssl|gnutls|nss|mbedtls]
easy_install pycurl
diff --git a/doc/thread-safety.rst b/doc/thread-safety.rst
index 5ba3f3e..ae2b9e5 100644
--- a/doc/thread-safety.rst
+++ b/doc/thread-safety.rst
@@ -21,7 +21,7 @@ For Python programs using PycURL, this means:
Python code *outside of a libcurl callback for the PycURL object in question*
is unsafe.
-PycURL handles the necessary SSL locks for OpenSSL/LibreSSL, GnuTLS and NSS.
+PycURL handles the necessary SSL locks for OpenSSL/LibreSSL, GnuTLS, NSS and mbedTLS.
A special situation exists when libcurl uses the standard C library
name resolver (i.e., not threaded nor c-ares resolver). By default libcurl
diff --git a/setup.py b/setup.py
index e1e6925..5ab437f 100644
--- a/setup.py
+++ b/setup.py
@@ -143,6 +143,7 @@ class ExtensionConfiguration(object):
'--with-ssl': self.using_openssl,
'--with-gnutls': self.using_gnutls,
'--with-nss': self.using_nss,
+ '--with-mbedtls': self.using_mbedtls,
}
def detect_ssl_option(self):
@@ -152,20 +153,20 @@ class ExtensionConfiguration(object):
if option != other_option:
if scan_argv(self.argv, other_option) is not None:
raise ConfigurationError('Cannot give both %s and %s' % (option, other_option))
-
+
return option
def detect_ssl_backend(self):
ssl_lib_detected = False
-
+
if 'PYCURL_SSL_LIBRARY' in os.environ:
ssl_lib = os.environ['PYCURL_SSL_LIBRARY']
- if ssl_lib in ['openssl', 'gnutls', 'nss']:
+ if ssl_lib in ['openssl', 'gnutls', 'nss', 'mbedtls']:
ssl_lib_detected = True
getattr(self, 'using_%s' % ssl_lib)()
else:
raise ConfigurationError('Invalid value "%s" for PYCURL_SSL_LIBRARY' % ssl_lib)
-
+
option = self.detect_ssl_option()
if option:
ssl_lib_detected = True
@@ -194,6 +195,10 @@ class ExtensionConfiguration(object):
self.using_nss()
ssl_lib_detected = True
break
+ if arg[2:] == 'mbedtls':
+ self.using_nss()
+ ssl_lib_detected = True
+ break
if not ssl_lib_detected and len(self.argv) == len(self.original_argv) \
and not os.environ.get('PYCURL_CURL_CONFIG') \
@@ -201,7 +206,7 @@ class ExtensionConfiguration(object):
# this path should only be taken when no options or
# configuration environment variables are given to setup.py
ssl_lib_detected = self.detect_ssl_lib_on_centos6()
-
+
self.ssl_lib_detected = ssl_lib_detected
def curl_config(self):
@@ -301,7 +306,7 @@ class ExtensionConfiguration(object):
if errtext:
msg += ":\n" + errtext
raise ConfigurationError(msg)
-
+
# hack
self.sslhintbuf = sslhintbuf
@@ -327,7 +332,7 @@ specify the SSL backend manually.''')
self.library_dirs.append(arg[2:])
else:
self.extra_link_args.append(arg)
-
+
if not self.libraries:
self.libraries.append("curl")
@@ -354,6 +359,9 @@ specify the SSL backend manually.''')
elif ssl_version.startswith('NSS/'):
self.using_nss()
ssl_lib_detected = True
+ elif ssl_version.startswith('mbedTLS/'):
+ self.using_mbedtls()
+ ssl_lib_detected = 'mbedtls'
return ssl_lib_detected
def detect_ssl_lib_on_centos6(self):
@@ -505,6 +513,11 @@ specify the SSL backend manually.''')
self.libraries.append('ssl3')
self.define_macros.append(('HAVE_CURL_SSL', 1))
+ def using_mbedtls(self):
+ self.define_macros.append(('HAVE_CURL_MBEDTLS', 1))
+ self.libraries.append('mbedtls')
+ self.define_macros.append(('HAVE_CURL_SSL', 1))
+
def get_bdist_msi_version_hack():
# workaround for distutils/msi version requirement per
# epydoc.sourceforge.net/stdlib/distutils.version.StrictVersion-class.html -
@@ -871,6 +884,7 @@ PycURL Unix options:
--with-ssl legacy alias for --with-openssl
--with-gnutls libcurl is linked against GnuTLS
--with-nss libcurl is linked against NSS
+ --with-mbedtls libcurl is linked against mbedTLS
'''
windows_help = '''\
diff --git a/src/module.c b/src/module.c
index 2331ae8..7fdb25a 100644
--- a/src/module.c
+++ b/src/module.c
@@ -328,7 +328,7 @@ initpycurl(void)
PyObject *collections_module = NULL;
PyObject *named_tuple = NULL;
PyObject *arglist = NULL;
-
+
assert(Curl_Type.tp_weaklistoffset > 0);
assert(CurlMulti_Type.tp_weaklistoffset > 0);
assert(CurlShare_Type.tp_weaklistoffset > 0);
@@ -355,6 +355,8 @@ initpycurl(void)
runtime_ssl_lib = "gnutls";
} else if (!strncmp(vi->ssl_version, "NSS/", 4)) {
runtime_ssl_lib = "nss";
+ } else if (!strncmp(vi->ssl_version, "mbedTLS/", 2)) {
+ runtime_ssl_lib = "mbedtls";
} else {
runtime_ssl_lib = "none/other";
}
@@ -461,7 +463,7 @@ initpycurl(void)
/* constants for ioctl callback argument values */
insint_c(d, "IOCMD_NOP", CURLIOCMD_NOP);
insint_c(d, "IOCMD_RESTARTREAD", CURLIOCMD_RESTARTREAD);
-
+
/* opensocketfunction return value */
insint_c(d, "SOCKET_BAD", CURL_SOCKET_BAD);
diff --git a/src/pycurl.h b/src/pycurl.h
index 65290f7..2294cb8 100644
--- a/src/pycurl.h
+++ b/src/pycurl.h
@@ -174,6 +174,11 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
# define COMPILE_SSL_LIB "gnutls"
# elif defined(HAVE_CURL_NSS)
# define COMPILE_SSL_LIB "nss"
+# elif defined(HAVE_CURL_MBEDTLS)
+# include <mbedtls/ssl.h>
+# define PYCURL_NEED_SSL_TSL
+# define PYCURL_NEED_MBEDTLS_TSL
+# define COMPILE_SSL_LIB "mbedtls"
# else
# ifdef _MSC_VER
/* sigh */
@@ -190,7 +195,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
/* since we have no crypto callbacks for other ssl backends,
* no reason to require users match those */
# define COMPILE_SSL_LIB "none/other"
-# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS */
+# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
#else
# define COMPILE_SSL_LIB "none/other"
#endif /* HAVE_CURL_SSL */
diff --git a/src/threadsupport.c b/src/threadsupport.c
index 6ca07f5..51abffd 100644
--- a/src/threadsupport.c
+++ b/src/threadsupport.c
@@ -232,6 +232,45 @@ pycurl_ssl_cleanup(void)
}
#endif
+/* mbedTLS */
+
+#ifdef PYCURL_NEED_MBEDTLS_TSL
+static int
+pycurl_ssl_mutex_create(void **m)
+{
+ if ((*((PyThread_type_lock *) m) = PyThread_allocate_lock()) == NULL) {
+ return -1;
+ } else {
+ return 0;
+ }
+}
+
+static int
+pycurl_ssl_mutex_destroy(void **m)
+{
+ PyThread_free_lock(*((PyThread_type_lock *) m));
+ return 0;
+}
+
+static int
+pycurl_ssl_mutex_lock(void **m)
+{
+ return !PyThread_acquire_lock(*((PyThread_type_lock *) m), 1);
+}
+
+PYCURL_INTERNAL int
+pycurl_ssl_init(void)
+{
+ return 0;
+}
+
+PYCURL_INTERNAL void
+pycurl_ssl_cleanup(void)
+{
+ return;
+}
+#endif
+
/*************************************************************************
// CurlShareObject
**************************************************************************/
--
2.17.0.windows.1
|