From bb7d7a803665005cc72ad68a388e9e937ff3d2f6 Mon Sep 17 00:00:00 2001
From: Josef Schlehofer <pepe.schlehofer@gmail.com>
Date: Sat, 23 Mar 2019 21:02:17 +0100
Subject: [PATCH] support for mbedTLS
---
INSTALL.rst | 4 ++--
doc/thread-safety.rst | 2 +-
setup.py | 28 +++++++++++++++++++++-------
src/module.c | 6 ++++--
src/pycurl.h | 7 ++++++-
src/threadsupport.c | 39 +++++++++++++++++++++++++++++++++++++++
6 files changed, 73 insertions(+), 13 deletions(-)
diff --git a/INSTALL.rst b/INSTALL.rst
index 8ad8b4f..da70d25 100644
--- a/INSTALL.rst
+++ b/INSTALL.rst
@@ -53,7 +53,7 @@ It will then fail at runtime as follows::
To fix this, you need to tell ``setup.py`` what SSL backend is used::
- python setup.py --with-[openssl|gnutls|nss] install
+ python setup.py --with-[openssl|gnutls|nss|mbedtls] install
Note: as of PycURL 7.21.5, setup.py accepts ``--with-openssl`` option to
indicate that libcurl is built against OpenSSL. ``--with-ssl`` is an alias
@@ -85,7 +85,7 @@ environment variable::
The same applies to the SSL backend, if you need to specify it (see the SSL
note above)::
- export PYCURL_SSL_LIBRARY=[openssl|gnutls|nss]
+ export PYCURL_SSL_LIBRARY=[openssl|gnutls|nss|mbedtls]
easy_install pycurl
diff --git a/doc/thread-safety.rst b/doc/thread-safety.rst
index 5ba3f3e..ae2b9e5 100644
--- a/doc/thread-safety.rst
+++ b/doc/thread-safety.rst
@@ -21,7 +21,7 @@ For Python programs using PycURL, this means:
Python code *outside of a libcurl callback for the PycURL object in question*
is unsafe.
-PycURL handles the necessary SSL locks for OpenSSL/LibreSSL, GnuTLS and NSS.
+PycURL handles the necessary SSL locks for OpenSSL/LibreSSL, GnuTLS, NSS and mbedTLS.
A special situation exists when libcurl uses the standard C library
name resolver (i.e., not threaded nor c-ares resolver). By default libcurl
diff --git a/setup.py b/setup.py
index e1e6925..5ab437f 100644
--- a/setup.py
+++ b/setup.py
@@ -143,6 +143,7 @@ class ExtensionConfiguration(object):
'--with-ssl': self.using_openssl,
'--with-gnutls': self.using_gnutls,
'--with-nss': self.using_nss,
+ '--with-mbedtls': self.using_mbedtls,
}
def detect_ssl_option(self):
@@ -152,20 +153,20 @@ class ExtensionConfiguration(object):
if option != other_option:
if scan_argv(self.argv, other_option) is not None:
raise ConfigurationError('Cannot give both %s and %s' % (option, other_option))
-
+
return option
def detect_ssl_backend(self):
ssl_lib_detected = False
-
+
if 'PYCURL_SSL_LIBRARY' in os.environ:
ssl_lib = os.environ['PYCURL_SSL_LIBRARY']
- if ssl_lib in ['openssl', 'gnutls', 'nss']:
+ if ssl_lib in ['openssl', 'gnutls', 'nss', 'mbedtls']:
ssl_lib_detected = True
getattr(self, 'using_%s' % ssl_lib)()
else:
raise ConfigurationError('Invalid value "%s" for PYCURL_SSL_LIBRARY' % ssl_lib)
-
+
option = self.detect_ssl_option()
if option:
ssl_lib_detected = True
@@ -194,6 +195,10 @@ class ExtensionConfiguration(object):
self.using_nss()
ssl_lib_detected = True
break
+ if arg[2:] == 'mbedtls':
+ self.using_nss()
+ ssl_lib_detected = True
+ break
if not ssl_lib_detected and len(self.argv) == len(self.original_argv) \
and not os.environ.get('PYCURL_CURL_CONFIG') \
@@ -201,7 +206,7 @@ class ExtensionConfiguration(object):
# this path should only be taken when no options or
# configuration environment variables are given to setup.py
ssl_lib_detected = self.detect_ssl_lib_on_centos6()
-
+
self.ssl_lib_detected = ssl_lib_detected
def curl_config(self):
@@ -301,7 +306,7 @@ class ExtensionConfiguration(object):
if errtext:
msg += ":\n" + errtext
raise ConfigurationError(msg)
-
+
# hack
self.sslhintbuf = sslhintbuf
@@ -327,7 +332,7 @@ specify the SSL backend manually.''')
self.library_dirs.append(arg[2:])
else:
self.extra_link_args.append(arg)
-
+
if not self.libraries:
self.libraries.append("curl")
@@ -354,6 +359,9 @@ specify the SSL backend manually.''')
elif ssl_version.startswith('NSS/'):
self.using_nss()
ssl_lib_detected = True
+ elif ssl_version.startswith('mbedTLS/'):
+ self.using_mbedtls()
+ ssl_lib_detected = 'mbedtls'
return ssl_lib_detected
def detect_ssl_lib_on_centos6(self):
@@ -505,6 +513,11 @@ specify the SSL backend manually.''')
self.libraries.append('ssl3')
self.define_macros.append(('HAVE_CURL_SSL', 1))
+ def using_mbedtls(self):
+ self.define_macros.append(('HAVE_CURL_MBEDTLS', 1))
+ self.libraries.append('mbedtls')
+ self.define_macros.append(('HAVE_CURL_SSL', 1))
+
def get_bdist_msi_version_hack():
# workaround for distutils/msi version requirement per
# epydoc.sourceforge.net/stdlib/distutils.version.StrictVersion-class.html -
@@ -871,6 +884,7 @@ PycURL Unix options:
--with-ssl legacy alias for --with-openssl
--with-gnutls libcurl is linked against GnuTLS
--with-nss libcurl is linked against NSS
+ --with-mbedtls libcurl is linked against mbedTLS
'''
windows_help = '''\
diff --git a/src/module.c b/src/module.c
index 2331ae8..7fdb25a 100644
--- a/src/module.c
+++ b/src/module.c
@@ -328,7 +328,7 @@ initpycurl(void)
PyObject *collections_module = NULL;
PyObject *named_tuple = NULL;
PyObject *arglist = NULL;
-
+
assert(Curl_Type.tp_weaklistoffset > 0);
assert(CurlMulti_Type.tp_weaklistoffset > 0);
assert(CurlShare_Type.tp_weaklistoffset > 0);
@@ -355,6 +355,8 @@ initpycurl(void)
runtime_ssl_lib = "gnutls";
} else if (!strncmp(vi->ssl_version, "NSS/", 4)) {
runtime_ssl_lib = "nss";
+ } else if (!strncmp(vi->ssl_version, "mbedTLS/", 2)) {
+ runtime_ssl_lib = "mbedtls";
} else {
runtime_ssl_lib = "none/other";
}
@@ -461,7 +463,7 @@ initpycurl(void)
/* constants for ioctl callback argument values */
insint_c(d, "IOCMD_NOP", CURLIOCMD_NOP);
insint_c(d, "IOCMD_RESTARTREAD", CURLIOCMD_RESTARTREAD);
-
+
/* opensocketfunction return value */
insint_c(d, "SOCKET_BAD", CURL_SOCKET_BAD);
diff --git a/src/pycurl.h b/src/pycurl.h
index 65290f7..2294cb8 100644
--- a/src/pycurl.h
+++ b/src/pycurl.h
@@ -174,6 +174,11 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
# define COMPILE_SSL_LIB "gnutls"
# elif defined(HAVE_CURL_NSS)
# define COMPILE_SSL_LIB "nss"
+# elif defined(HAVE_CURL_MBEDTLS)
+# include <mbedtls/ssl.h>
+# define PYCURL_NEED_SSL_TSL
+# define PYCURL_NEED_MBEDTLS_TSL
+# define COMPILE_SSL_LIB "mbedtls"
# else
# ifdef _MSC_VER
/* sigh */
@@ -190,7 +195,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
/* since we have no crypto callbacks for other ssl backends,
* no reason to require users match those */
# define COMPILE_SSL_LIB "none/other"
-# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS */
+# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
#else
# define COMPILE_SSL_LIB "none/other"
#endif /* HAVE_CURL_SSL */
diff --git a/src/threadsupport.c b/src/threadsupport.c
index 6ca07f5..51abffd 100644
--- a/src/threadsupport.c
+++ b/src/threadsupport.c
@@ -232,6 +232,45 @@ pycurl_ssl_cleanup(void)
}
#endif
+/* mbedTLS */
+
+#ifdef PYCURL_NEED_MBEDTLS_TSL
+static int
+pycurl_ssl_mutex_create(void **m)
+{
+ if ((*((PyThread_type_lock *) m) = PyThread_allocate_lock()) == NULL) {
+ return -1;
+ } else {
+ return 0;
+ }
+}
+
+static int
+pycurl_ssl_mutex_destroy(void **m)
+{
+ PyThread_free_lock(*((PyThread_type_lock *) m));
+ return 0;
+}
+
+static int
+pycurl_ssl_mutex_lock(void **m)
+{
+ return !PyThread_acquire_lock(*((PyThread_type_lock *) m), 1);
+}
+
+PYCURL_INTERNAL int
+pycurl_ssl_init(void)
+{
+ return 0;
+}
+
+PYCURL_INTERNAL void
+pycurl_ssl_cleanup(void)
+{
+ return;
+}
+#endif
+
/*************************************************************************
// CurlShareObject
**************************************************************************/
--
2.17.0.windows.1