PoC for using capabilities from Rust

alex · alex · commit 4c62259947d8 · 2025-02-01T10:29:13.000-08:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -11,16 +11,16 @@ jobs:
       matrix:
         PYTHON:
           # Base builds
-          - {VERSION: "3.7", TOXENV: "py37"}
-          - {VERSION: "3.8", TOXENV: "py38"}
-          - {VERSION: "3.9", TOXENV: "py39"}
-          - {VERSION: "3.10", TOXENV: "py310"}
-          - {VERSION: "3.11", TOXENV: "py311"}
-          - {VERSION: "3.12", TOXENV: "py312"}
-          - {VERSION: "3.13-dev", TOXENV: "py313"}
-          - {VERSION: "pypy-3.9", TOXENV: "pypy3"}
-          - {VERSION: "pypy-3.10", TOXENV: "pypy3"}
-          - {VERSION: "3.11", TOXENV: "py311-useWheel", OS: "windows-2022" }
+          # - {VERSION: "3.7", TOXENV: "py37"}
+          # - {VERSION: "3.8", TOXENV: "py38"}
+          # - {VERSION: "3.9", TOXENV: "py39"}
+          # - {VERSION: "3.10", TOXENV: "py310"}
+          # - {VERSION: "3.11", TOXENV: "py311"}
+          # - {VERSION: "3.12", TOXENV: "py312"}
+          # - {VERSION: "3.13-dev", TOXENV: "py313"}
+          # - {VERSION: "pypy-3.9", TOXENV: "pypy3"}
+          # - {VERSION: "pypy-3.10", TOXENV: "pypy3"}
+          # - {VERSION: "3.11", TOXENV: "py311-useWheel", OS: "windows-2022" }
           # -cryptographyMain
           - {VERSION: "3.7", TOXENV: "py37-cryptographyMain"}
           - {VERSION: "3.8", TOXENV: "py38-cryptographyMain"}
@@ -32,24 +32,24 @@ jobs:
           - {VERSION: "pypy-3.9", TOXENV: "pypy3-cryptographyMain"}
           - {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMain"}
           # -cryptographyMinimum
-          - {VERSION: "3.7", TOXENV: "py37-cryptographyMinimum"}
-          - {VERSION: "3.8", TOXENV: "py38-cryptographyMinimum"}
-          - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum"}
-          - {VERSION: "3.10", TOXENV: "py310-cryptographyMinimum"}
-          - {VERSION: "3.11", TOXENV: "py311-cryptographyMinimum"}
-          - {VERSION: "3.12", TOXENV: "py312-cryptographyMinimum"}
-          - {VERSION: "3.13-dev", TOXENV: "py313-cryptographyMinimum"}
-          - {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMinimum"}
+          # - {VERSION: "3.7", TOXENV: "py37-cryptographyMinimum"}
+          # - {VERSION: "3.8", TOXENV: "py38-cryptographyMinimum"}
+          # - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum"}
+          # - {VERSION: "3.10", TOXENV: "py310-cryptographyMinimum"}
+          # - {VERSION: "3.11", TOXENV: "py311-cryptographyMinimum"}
+          # - {VERSION: "3.12", TOXENV: "py312-cryptographyMinimum"}
+          # - {VERSION: "3.13-dev", TOXENV: "py313-cryptographyMinimum"}
+          # - {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMinimum"}
           # Cryptography wheels
-          - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum-useWheel"}
-          - {VERSION: "3.9", TOXENV: "py39-useWheel"}
+          # - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum-useWheel"}
+          # - {VERSION: "3.9", TOXENV: "py39-useWheel"}
           # Random order
-          - {VERSION: "3.9", TOXENV: "py39-randomorder"}
+          # - {VERSION: "3.9", TOXENV: "py39-randomorder"}
           # Meta
           - {VERSION: "3.9", TOXENV: "check-manifest"}
           - {VERSION: "3.11", TOXENV: "lint"}
-          - {VERSION: "3.11", TOXENV: "py311-mypy"}
-          - {VERSION: "3.9", TOXENV: "docs"}
+          # - {VERSION: "3.11", TOXENV: "py311-mypy"}
+          # - {VERSION: "3.9", TOXENV: "docs"}
     name: "${{ matrix.PYTHON.TOXENV }}${{ matrix.PYTHON.OS && format(' on {0}', matrix.PYTHON.OS) || '' }}"
     steps:
       - uses: actions/checkout@v4
@@ -87,10 +87,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        DOWNSTREAM:
-          - twisted
-          - certbot
-          - certbot-josepy
+        DOWNSTREAM: []
+          # - twisted
+          # - certbot
+          # - certbot-josepy
         PYTHON:
           - 3.12
     name: "Downstream tests for ${{ matrix.DOWNSTREAM }}"
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -13,6 +13,7 @@
 from weakref import WeakValueDictionary
 
 from cryptography import x509
+from cryptography.hazmat.bindings._rust import pyopenssl
 from cryptography.hazmat.primitives.asymmetric import ec
 
 from OpenSSL._util import (
@@ -169,16 +170,16 @@
 SENT_SHUTDOWN = _lib.SSL_SENT_SHUTDOWN
 RECEIVED_SHUTDOWN = _lib.SSL_RECEIVED_SHUTDOWN
 
-SSLv23_METHOD = 3
-TLSv1_METHOD = 4
-TLSv1_1_METHOD = 5
-TLSv1_2_METHOD = 6
-TLS_METHOD = 7
-TLS_SERVER_METHOD = 8
-TLS_CLIENT_METHOD = 9
-DTLS_METHOD = 10
-DTLS_SERVER_METHOD = 11
-DTLS_CLIENT_METHOD = 12
+SSLv23_METHOD = pyopenssl.SSLv23_METHOD
+TLSv1_METHOD = pyopenssl.TLSv1_METHOD
+TLSv1_1_METHOD = pyopenssl.TLSv1_1_METHOD
+TLSv1_2_METHOD = pyopenssl.TLSv1_2_METHOD
+TLS_METHOD = pyopenssl.TLS_METHOD
+TLS_SERVER_METHOD = pyopenssl.TLS_SERVER_METHOD
+TLS_CLIENT_METHOD = pyopenssl.TLS_CLIENT_METHOD
+DTLS_METHOD = pyopenssl.DTLS_METHOD
+DTLS_SERVER_METHOD = pyopenssl.DTLS_SERVER_METHOD
+DTLS_CLIENT_METHOD = pyopenssl.DTLS_CLIENT_METHOD
 
 SSL3_VERSION: int = _lib.SSL3_VERSION
 TLS1_VERSION: int = _lib.TLS1_VERSION
@@ -827,7 +828,7 @@ class Session:
     _session: Any
 
 
-class Context:
+class Context(pyopenssl.Context):
     """
     :class:`OpenSSL.SSL.Context` instances define the parameters for setting
     up new SSL connections.
@@ -838,38 +839,7 @@ class Context:
                    not be used.
     """
 
-    _methods: typing.ClassVar[
-        dict[int, tuple[Callable[[], Any], int | None]]
-    ] = {
-        SSLv23_METHOD: (_lib.TLS_method, None),
-        TLSv1_METHOD: (_lib.TLS_method, TLS1_VERSION),
-        TLSv1_1_METHOD: (_lib.TLS_method, TLS1_1_VERSION),
-        TLSv1_2_METHOD: (_lib.TLS_method, TLS1_2_VERSION),
-        TLS_METHOD: (_lib.TLS_method, None),
-        TLS_SERVER_METHOD: (_lib.TLS_server_method, None),
-        TLS_CLIENT_METHOD: (_lib.TLS_client_method, None),
-        DTLS_METHOD: (_lib.DTLS_method, None),
-        DTLS_SERVER_METHOD: (_lib.DTLS_server_method, None),
-        DTLS_CLIENT_METHOD: (_lib.DTLS_client_method, None),
-    }
-
     def __init__(self, method: int) -> None:
-        if not isinstance(method, int):
-            raise TypeError("method must be an integer")
-
-        try:
-            method_func, version = self._methods[method]
-        except KeyError:
-            raise ValueError("No such protocol")
-
-        method_obj = method_func()
-        _openssl_assert(method_obj != _ffi.NULL)
-
-        context = _lib.SSL_CTX_new(method_obj)
-        _openssl_assert(context != _ffi.NULL)
-        context = _ffi.gc(context, _lib.SSL_CTX_free)
-
-        self._context = context
         self._passphrase_helper: _PassphraseHelper | None = None
         self._passphrase_callback: _PassphraseCallback[Any] | None = None
         self._passphrase_userdata: Any | None = None
@@ -894,9 +864,6 @@ def __init__(self, method: int) -> None:
         self._cookie_verify_helper: _CookieVerifyCallbackHelper | None = None
 
         self.set_mode(_lib.SSL_MODE_ENABLE_PARTIAL_WRITE)
-        if version is not None:
-            self.set_min_proto_version(version)
-            self.set_max_proto_version(version)
 
     def set_min_proto_version(self, version: int) -> None:
         """
diff --git a/tox.ini b/tox.ini
@@ -27,7 +27,7 @@ setenv =
     PIP_NO_BINARY=cryptography
     useWheel: PIP_NO_BINARY=
 commands =
-    cryptographyMain: pip install -U git+https://github.com/pyca/cryptography.git
+    cryptographyMain: pip install -U git+https://github.com/alex/cryptography.git@openssl-horror-show
     openssl version
     coverage run --parallel -m OpenSSL.debug
     coverage run --parallel -m pytest -v {posargs}
