◐ Shell
clean mode source ↗

More openssl impl by youknowone · Pull Request #6464 · RustPython/RustPython

youknowone

605-636: LGTM - Message callback ex_data management.

The dedicated ex_data index for msg_callback and the free function properly manage the Python object reference lifecycle, preventing memory leaks and use-after-free issues.

1126-1146: LGTM - Options update with clear/set delta.

The logic correctly computes which options to clear and set, ensuring the final options match the requested value rather than just ORing new options.

1367-1373: LGTM - ALPN protocol slice bounds fix.

Using pos..pos + proto.len() correctly returns only the selected protocol bytes, preventing potential buffer overread.

1485-1500: LGTM - Empty cadata error handling.

The differentiated error messages for PEM vs DER format help users understand why their certificate data wasn't loaded.

1960-1977: LGTM - Password bytes extraction helper.

The helper correctly handles all expected password types (str, bytes, bytearray) with clear error messaging.

2117-2134: LGTM - ex_data setup with proper reference counting.

The pattern of cloning, calling into_raw(), and relying on msg_callback_data_free to decrement the refcount correctly manages the Python object lifecycle.

2555-2578: LGTM - Server-side peer cert chain fix.

Correctly handles the OpenSSL behavior where SSL_get_peer_cert_chain excludes the peer certificate for server-side sockets, matching CPython's behavior.

2844-2880: LGTM - DER certificate loading with improved EOF detection.

The enhanced logic correctly distinguishes between:

  1. Clean EOF (all data consumed as valid certificates)
  2. Parse error (garbage data after valid certificates)
  3. Empty/invalid data

This matches CPython's certificate loading behavior.

1599-1601: LGTM - X509_check_ca return value fix.

X509_check_ca returns non-zero for any CA certificate type (not just 1), so the != 0 check is correct.

886-889: LGTM - PSK callback field additions.

The new fields for PSK callbacks and identity hint are properly initialized with PyMutex<Option<_>> for thread-safe optional storage.

1872-1921: Password callback implementation is safe.

The callback closure captures vm and pw_obj by reference within a synchronous operation. OpenSSL's PEM_read_bio_PrivateKey invokes the callback immediately during the read operation to request the password, and the closure is not stored for later use. The references remain valid throughout the function's execution, and error propagation via RefCell is correctly implemented.