@@ -120,7 +120,8 @@ public class _SSLContext {
120120
121121 public _SSLContext ( CodeContext context , int protocol ) {
122122 if ( protocol != PROTOCOL_SSLv2 && protocol != PROTOCOL_SSLv23 && protocol != PROTOCOL_SSLv3 &&
123- protocol != PROTOCOL_TLSv1 && protocol != PROTOCOL_TLSv1_1 && protocol != PROTOCOL_TLSv1_2 ) {
123+ protocol != PROTOCOL_TLSv1 && protocol != PROTOCOL_TLSv1_1 && protocol != PROTOCOL_TLSv1_2 &&
124+ protocol != PROTOCOL_TLS_CLIENT && protocol != PROTOCOL_TLS_SERVER ) {
124125 throw PythonOps . ValueError ( "invalid protocol version" ) ;
125126 }
126127
@@ -131,8 +132,8 @@ public _SSLContext(CodeContext context, int protocol) {
131132 if ( protocol != PROTOCOL_SSLv3 )
132133 options |= OP_NO_SSLv3 ;
133134
134- verify_mode = SSL_VERIFY_NONE ;
135- check_hostname = false ;
135+ verify_mode = protocol == PROTOCOL_TLS_CLIENT ? CERT_REQUIRED : SSL_VERIFY_NONE ;
136+ check_hostname = protocol == PROTOCOL_TLS_CLIENT ;
136137 }
137138
138139 public void set_ciphers ( CodeContext context , string ciphers ) {
@@ -200,11 +201,7 @@ public void set_ecdh_curve(CodeContext context, [NotNone] Bytes curve) {
200201 public void load_cert_chain ( CodeContext context , string certfile , string keyfile = null , object password = null ) {
201202 if ( keyfile is not null ) throw new NotImplementedException ( nameof ( keyfile ) ) ;
202203 if ( password is not null ) throw new NotImplementedException ( nameof ( password ) ) ;
203- #if NET
204- _cert = X509Certificate2 . CreateFromPemFile ( certfile , keyfile ) ;
205- #else
206204 _cert = ReadCertificate ( context , certfile , readKey : true ) ;
207- #endif
208205 }
209206
210207 public PythonList get_ca_certs ( CodeContext context , bool binary_form = false ) {
@@ -766,6 +763,17 @@ public void write_eof() {
766763
767764#nullable restore
768765
766+ [ PythonType ]
767+ public class SSLSession {
768+ public object has_ticket { get ; }
769+ public object id { get ; }
770+ public object ticket_lifetime_hint { get ; }
771+ public object time { get ; }
772+ public object timeout { get ; }
773+
774+ private SSLSession ( ) { }
775+ }
776+
769777 public static object txt2obj ( CodeContext context , string txt , bool name = false ) {
770778 Asn1Object obj = null ;
771779 if ( name ) {
@@ -995,7 +1003,11 @@ private static PythonTuple IssuerFieldToPython(CodeContext context, string p) {
9951003 private static X509Certificate2 ReadCertificate ( CodeContext context , string filename , bool readKey = false ) {
9961004#if NET
9971005 if ( readKey ) {
998- return X509Certificate2 . CreateFromPemFile ( filename ) ;
1006+ try {
1007+ return X509Certificate2 . CreateFromPemFile ( filename ) ;
1008+ } catch ( Exception e ) {
1009+ throw ErrorDecoding ( context , filename , e ) ;
1010+ }
9991011 }
10001012#endif
10011013
@@ -1239,16 +1251,19 @@ private static Exception ErrorDecoding(CodeContext context, params object[] args
12391251 public const int PROTOCOL_TLSv1 = 3 ;
12401252 public const int PROTOCOL_TLSv1_1 = 4 ;
12411253 public const int PROTOCOL_TLSv1_2 = 5 ;
1254+ public const int PROTOCOL_TLS_CLIENT = 16 ;
1255+ public const int PROTOCOL_TLS_SERVER = 17 ;
12421256
12431257 public const int OP_ALL = unchecked ( ( int ) 0x800003FF ) ;
1244- public const int OP_CIPHER_SERVER_PREFERENCE = 0x400000 ;
1245- public const int OP_SINGLE_DH_USE = 0x100000 ;
1246- public const int OP_SINGLE_ECDH_USE = 0x80000 ;
1258+ public const int OP_CIPHER_SERVER_PREFERENCE = 0 ; // 0x400000;
1259+ public const int OP_SINGLE_DH_USE = 0 ; // 0x100000;
1260+ public const int OP_SINGLE_ECDH_USE = 0 ; // 0x80000;
12471261 public const int OP_NO_SSLv2 = 0x01000000 ;
12481262 public const int OP_NO_SSLv3 = 0x02000000 ;
12491263 public const int OP_NO_TLSv1 = 0x04000000 ;
12501264 public const int OP_NO_TLSv1_1 = 0x10000000 ;
12511265 public const int OP_NO_TLSv1_2 = 0x08000000 ;
1266+ public const int OP_NO_TLSv1_3 = 0 ; // 0x20000000;
12521267
12531268 internal const int OP_NO_COMPRESSION = 0x20000 ;
12541269 internal const int OP_NO_ALL = OP_NO_SSLv2 | OP_NO_SSLv3 | OP_NO_TLSv1 | OP_NO_TLSv1_1 | OP_NO_TLSv1_2 | OP_NO_COMPRESSION ;
@@ -1274,6 +1289,7 @@ private static Exception ErrorDecoding(CodeContext context, params object[] args
12741289 public const bool HAS_NPN = false ;
12751290 public const bool HAS_ALPN = false ;
12761291 public const bool HAS_TLS_UNIQUE = false ;
1292+ public const bool HAS_TLSv1_3 = false ;
12771293
12781294 private const int SSL_VERIFY_NONE = 0x00 ;
12791295 private const int SSL_VERIFY_PEER = 0x01 ;
0 commit comments