@@ -100,6 +100,12 @@ def __init__(self, session):
100100 if self .native_object == _ffi .NULL :
101101 raise SSLError ("Unable to get internal WOLFSSL_X509 from wolfSSL" )
102102
103+ def __del__ (self ):
104+ if getattr (self , 'native_object' , None ) is not None \
105+ and self .native_object != _ffi .NULL :
106+ _lib .wolfSSL_X509_free (self .native_object )
107+ self .native_object = _ffi .NULL
108+
103109 def get_subject_cn (self ):
104110 cnPtr = _lib .wolfSSL_X509_get_subjectCN (self .native_object )
105111 if cnPtr == _ffi .NULL :
@@ -173,6 +179,7 @@ def __init__(self, protocol, server_side=None):
173179 def __del__ (self ):
174180 if getattr (self , 'native_object' , None ) is not None and self .native_object != _ffi .NULL :
175181 _lib .wolfSSL_CTX_free (self .native_object )
182+ self .native_object = _ffi .NULL
176183
177184 @property
178185 def verify_mode (self ):
@@ -208,8 +215,11 @@ def check_hostname(self):
208215 @check_hostname .setter
209216 def check_hostname (self , value ):
210217 if value is not True and value is not False :
211- raise ValueError ("check_hostname must be either True or False" )
212-
218+ raise ValueError ("check_hostname must be either "
219+ "True or False" )
220+ if value and self ._verify_mode != CERT_REQUIRED :
221+ raise ValueError ("check_hostname needs verify_mode "
222+ "set to CERT_REQUIRED" )
213223 self ._check_hostname = value
214224
215225 def get_options (self ):
@@ -245,6 +255,9 @@ def wrap_socket(self, sock, server_side=None,
245255 "between init and wrap_socket()" )
246256
247257 if self ._server_side is None :
258+ if server_side :
259+ raise ValueError ("SSLContext server_side value not consistent "
260+ "between init and wrap_socket()" )
248261 self ._server_side = server_side
249262
250263 if server_side is None and self ._server_side is not None :
@@ -460,8 +473,11 @@ def __init__(self, sock=None, keyfile=None, certfile=None,
460473 if self ._context .check_hostname :
461474
462475 sni = _ffi .new ("char[]" , server_hostname .encode ("utf-8" ))
463- _lib .wolfSSL_check_domain_name (self .native_object ,
464- sni )
476+ ret = _lib .wolfSSL_check_domain_name (self .native_object ,
477+ sni )
478+ if ret != _SSL_SUCCESS :
479+ raise SSLError ("Unable to set domain name check for "
480+ "hostname verification" )
465481
466482 if connected :
467483 try :
@@ -560,7 +576,17 @@ def write(self, data):
560576
561577 data = t2b (data )
562578
563- return _lib .wolfSSL_write (self .native_object , data , len (data ))
579+ ret = _lib .wolfSSL_write (
580+ self .native_object , data , len (data ))
581+ if ret <= 0 :
582+ err = _lib .wolfSSL_get_error (
583+ self .native_object , 0 )
584+ if err == _SSL_ERROR_WANT_WRITE :
585+ raise SSLWantWriteError ()
586+ else :
587+ raise SSLError (
588+ "wolfSSL_write error (%d)" % err )
589+ return ret
564590
565591 def send (self , data , flags = 0 ):
566592 if flags != 0 :
@@ -765,7 +791,7 @@ def do_handshake(self, block=False): # pylint: disable=unused-argument
765791 if alertRet == _SSL_SUCCESS :
766792 alertHistory = alertHistoryPtr [0 ]
767793 code = alertHistory .last_rx .code
768- alertDesc = _lib .wolfSSL_alert_type_string_long (code )
794+ alertDesc = _lib .wolfSSL_alert_desc_string_long (code )
769795 if alertDesc != _ffi .NULL :
770796 alertStr = _ffi .string (alertDesc ).decode ("ascii" )
771797 else :
@@ -844,7 +870,7 @@ def get_peer_x509(self):
844870 after making a successful SSL/TLS connection.
845871 """
846872 if self .native_object == _ffi .NULL :
847- return _ffi . NULL
873+ return None
848874
849875 return WolfSSLX509 (self .native_object )
850876
@@ -857,7 +883,7 @@ def getpeercert(self, binary_form=False):
857883 x509 = self .get_peer_x509 ()
858884
859885 if not x509 :
860- return x509
886+ return None
861887
862888 if binary_form :
863889 return x509 .get_der ()
0 commit comments