Add missing ssl options for urllib3

Author: msimacek

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/SSLModuleBuiltins.java

@@ -231,6 +231,7 @@ public void postInitialize(Python3Core core) {
         module.setAttribute(tsLiteral("HAS_ECDH"), false);
         module.setAttribute(tsLiteral("HAS_NPN"), false);
         module.setAttribute(tsLiteral("HAS_ALPN"), true);
+        module.setAttribute(tsLiteral("HAS_NEVER_CHECK_COMMON_NAME"), false);
         module.setAttribute(tsLiteral("HAS_SSLv2"), false);
         boolean hasSSLv3 = supportedProtocols.contains(SSLProtocol.SSLv3);
         module.setAttribute(tsLiteral("HAS_SSLv3"), hasSSLv3);
@@ -268,13 +269,15 @@ public void postInitialize(Python3Core core) {
         module.setAttribute(tsLiteral("SSL_ERROR_EOF"), SSLErrorCode.ERROR_EOF.getErrno());
         module.setAttribute(tsLiteral("SSL_ERROR_INVALID_ERROR_CODE"), 10);
 
-        module.setAttribute(tsLiteral("OP_ALL"), SSLOptions.DEFAULT_OPTIONS);
+        module.setAttribute(tsLiteral("OP_ALL"), SSLOptions.SSL_OP_ALL);
         module.setAttribute(tsLiteral("OP_NO_SSLv2"), SSLOptions.SSL_OP_NO_SSLv2);
         module.setAttribute(tsLiteral("OP_NO_SSLv3"), SSLOptions.SSL_OP_NO_SSLv3);
         module.setAttribute(tsLiteral("OP_NO_TLSv1"), SSLOptions.SSL_OP_NO_TLSv1);
         module.setAttribute(tsLiteral("OP_NO_TLSv1_1"), SSLOptions.SSL_OP_NO_TLSv1_1);
         module.setAttribute(tsLiteral("OP_NO_TLSv1_2"), SSLOptions.SSL_OP_NO_TLSv1_2);
         module.setAttribute(tsLiteral("OP_NO_TLSv1_3"), SSLOptions.SSL_OP_NO_TLSv1_3);
+        module.setAttribute(tsLiteral("OP_NO_COMPRESSION"), SSLOptions.SSL_OP_NO_COMPRESSION);
+        module.setAttribute(tsLiteral("OP_NO_TICKET"), SSLOptions.SSL_OP_NO_TICKET);
 
         module.setAttribute(tsLiteral("VERIFY_DEFAULT"), 0);
         module.setAttribute(tsLiteral("VERIFY_CRL_CHECK_LEAF"), X509_V_FLAG_CRL_CHECK);

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins.java

@@ -177,7 +177,7 @@ PSSLContext createContext(VirtualFrame frame, Object type, int protocol,
                     verifyMode = SSLModuleBuiltins.SSL_CERT_NONE;
                 }
                 PSSLContext context = factory().createSSLContext(type, method, SSLModuleBuiltins.X509_V_FLAG_TRUSTED_FIRST, checkHostname, verifyMode, createSSLContext());
-                long options = SSLOptions.DEFAULT_OPTIONS;
+                long options = SSLOptions.SSL_OP_ALL;
                 if (method != SSLMethod.SSL3) {
                     options |= SSLOptions.SSL_OP_NO_SSLv3;
                 }

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/SSLOperationNode.java

@@ -43,8 +43,8 @@
 import static com.oracle.graal.python.builtins.PythonBuiltinClassType.MemoryError;
 import static com.oracle.graal.python.builtins.objects.exception.OSErrorEnum.EAGAIN;
 import static com.oracle.graal.python.builtins.objects.exception.OSErrorEnum.EWOULDBLOCK;
-import static com.oracle.graal.python.util.PythonUtils.toTruffleStringUncached;
 import static com.oracle.graal.python.util.PythonUtils.TS_ENCODING;
+import static com.oracle.graal.python.util.PythonUtils.toTruffleStringUncached;
 
 import java.nio.ByteBuffer;
 import java.security.cert.CertificateException;
@@ -171,6 +171,7 @@ void doSocket(VirtualFrame frame, PSSLSocket socket, ByteBuffer appInput, ByteBu
                     @Cached PConstructAndRaiseNode constructAndRaiseNode,
                     @Cached TruffleString.FromJavaStringNode fromJavaStringNode) {
         assert socket.getSocket() != null;
+        prepare(socket);
         TimeoutHelper timeoutHelper = null;
         if (socket.getSocket().getTimeoutNs() > 0) {
             timeoutHelper = new TimeoutHelper(socket.getSocket().getTimeoutNs());
@@ -272,6 +273,7 @@ void doSocket(VirtualFrame frame, PSSLSocket socket, ByteBuffer appInput, ByteBu
     @Specialization(guards = "socket.getSocket() == null")
     void doMemory(VirtualFrame frame, PSSLSocket socket, ByteBuffer appInput, ByteBuffer targetBuffer, SSLOperation operation,
                     @Cached PConstructAndRaiseNode constructAndRaiseNode) {
+        prepare(socket);
         SSLOperationStatus status;
         try {
             status = loop(socket, appInput, targetBuffer, operation);
@@ -307,6 +309,17 @@ void doMemory(VirtualFrame frame, PSSLSocket socket, ByteBuffer appInput, ByteBu
         }
     }
 
+    private static void prepare(PSSLSocket socket) {
+        if ((socket.getContext().getOptions() & SSLOptions.SSL_OP_NO_TICKET) != 0) {
+            invalidateSession(socket);
+        }
+    }
+
+    @TruffleBoundary
+    private static void invalidateSession(PSSLSocket socket) {
+        socket.getEngine().getSession().invalidate();
+    }
+
     private static void putAsMuchAsPossible(ByteBuffer target, PMemoryBIO sourceBIO) {
         ByteBuffer source = sourceBIO.getBufferForReading();
         int remaining = Math.min(source.remaining(), target.remaining());

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/SSLOptions.java

@@ -42,12 +42,16 @@
 
 public abstract class SSLOptions {
 
-    public static final int DEFAULT_OPTIONS = 0;
-
     public static final int SSL_OP_NO_SSLv2 = 0;
     public static final int SSL_OP_NO_SSLv3 = 0x2000000;
     public static final int SSL_OP_NO_TLSv1 = 0x4000000;
     public static final int SSL_OP_NO_TLSv1_1 = 0x10000000;
     public static final int SSL_OP_NO_TLSv1_2 = 0x8000000;
     public static final int SSL_OP_NO_TLSv1_3 = 0x20000000;
+
+    // We just ignore this because Java's TLS doesn't provide compression anyway
+    public static final int SSL_OP_NO_COMPRESSION = 0x20000;
+    public static final int SSL_OP_NO_TICKET = 0x4000;
+
+    public static final int SSL_OP_ALL = SSL_OP_NO_COMPRESSION;
 }