fix unwrap

youknowone · youknowone · commit b7404e9e273e · 2025-10-29T18:05:00.000+09:00
diff --git a/stdlib/src/ssl.rs b/stdlib/src/ssl.rs
@@ -2020,25 +2020,24 @@ mod _ssl {
             }
 
             let peer_cert = stream.ssl().peer_certificate();
-            match peer_cert {
-                None => Ok(None),
-                Some(cert) => {
-                    if binary {
-                        // Return DER-encoded certificate
-                        cert_to_py(vm, &cert, true).map(Some)
+            let Some(cert) = peer_cert else {
+                return Ok(None);
+            };
+
+            if binary {
+                // Return DER-encoded certificate
+                cert_to_py(vm, &cert, true).map(Some)
+            } else {
+                // Check verify_mode
+                unsafe {
+                    let ssl_ctx = sys::SSL_get_SSL_CTX(stream.ssl().as_ptr());
+                    let verify_mode = sys::SSL_CTX_get_verify_mode(ssl_ctx);
+                    if (verify_mode & sys::SSL_VERIFY_PEER as libc::c_int) == 0 {
+                        // Return empty dict when SSL_VERIFY_PEER is not set
+                        Ok(Some(vm.ctx.new_dict().into()))
                     } else {
-                        // Check verify_mode
-                        unsafe {
-                            let ssl_ctx = sys::SSL_get_SSL_CTX(stream.ssl().as_ptr());
-                            let verify_mode = sys::SSL_CTX_get_verify_mode(ssl_ctx);
-                            if (verify_mode & sys::SSL_VERIFY_PEER as libc::c_int) == 0 {
-                                // Return empty dict when SSL_VERIFY_PEER is not set
-                                Ok(Some(vm.ctx.new_dict().into()))
-                            } else {
-                                // Return decoded certificate
-                                cert_to_py(vm, &cert, false).map(Some)
-                            }
-                        }
+                        // Return decoded certificate
+                        cert_to_py(vm, &cert, false).map(Some)
                     }
                 }
             }
@@ -2295,7 +2294,9 @@ mod _ssl {
 
             // Return the underlying socket
             // Get the socket from the stream (SocketStream wraps PyRef<PySocket>)
-            let socket = stream.get_ref().unwrap();
+            let socket = stream
+                .get_ref()
+                .expect("unwrap() called on bio mode; should only be called in socket mode");
             Ok(socket.0.clone())
         }
 
@@ -2338,13 +2339,19 @@ mod _ssl {
             }
 
             // Socket mode: handle timeout and blocking
-            let timeout = stream.get_ref().unwrap().timeout_deadline();
+            let timeout = stream
+                .get_ref()
+                .expect("handshake called in bio mode; should only be called in socket mode")
+                .timeout_deadline();
             loop {
                 let err = match stream.do_handshake() {
                     Ok(()) => return Ok(()),
                     Err(e) => e,
                 };
-                let (needs, state) = stream.get_ref().unwrap().socket_needs(&err, &timeout);
+                let (needs, state) = stream
+                    .get_ref()
+                    .expect("handshake called in bio mode; should only be called in socket mode")
+                    .socket_needs(&err, &timeout);
                 match state {
                     SelectRet::TimedOut => {
                         return Err(socket::timeout_error_msg(
@@ -2381,8 +2388,11 @@ mod _ssl {
             }
 
             // Socket mode: handle timeout and blocking
-            let timeout = stream.get_ref().unwrap().timeout_deadline();
-            let state = stream.get_ref().unwrap().select(SslNeeds::Write, &timeout);
+            let socket_ref = stream
+                .get_ref()
+                .expect("write called in bio mode; should only be called in socket mode");
+            let timeout = socket_ref.timeout_deadline();
+            let state = socket_ref.select(SslNeeds::Write, &timeout);
             match state {
                 SelectRet::TimedOut => {
                     return Err(socket::timeout_error_msg(
@@ -2398,7 +2408,10 @@ mod _ssl {
                     Ok(len) => return Ok(len),
                     Err(e) => e,
                 };
-                let (needs, state) = stream.get_ref().unwrap().socket_needs(&err, &timeout);
+                let (needs, state) = stream
+                    .get_ref()
+                    .expect("write called in bio mode; should only be called in socket mode")
+                    .socket_needs(&err, &timeout);
                 match state {
                     SelectRet::TimedOut => {
                         return Err(socket::timeout_error_msg(
@@ -2524,7 +2537,10 @@ mod _ssl {
                 }
             } else {
                 // Socket mode: handle timeout and blocking
-                let timeout = stream.get_ref().unwrap().timeout_deadline();
+                let timeout = stream
+                    .get_ref()
+                    .expect("read called in bio mode; should only be called in socket mode")
+                    .timeout_deadline();
                 loop {
                     let err = match stream.ssl_read(buf) {
                         Ok(count) => break count,
@@ -2535,7 +2551,10 @@ mod _ssl {
                     {
                         break 0;
                     }
-                    let (needs, state) = stream.get_ref().unwrap().socket_needs(&err, &timeout);
+                    let (needs, state) = stream
+                        .get_ref()
+                        .expect("read called in bio mode; should only be called in socket mode")
+                        .socket_needs(&err, &timeout);
                     match state {
                         SelectRet::TimedOut => {
                             return Err(socket::timeout_error_msg(
@@ -3019,7 +3038,6 @@ mod _ssl {
         match err.errors().last() {
             Some(e) => {
                 // Check if this is a system library error (file not found, etc.)
-                // CPython: Modules/_ssl.c:667-670, 697-701
                 let lib = sys::ERR_GET_LIB(e.code());
                 let library_str = e.library().unwrap_or("");
 
@@ -3052,7 +3070,6 @@ mod _ssl {
                     .map_or(file, |(_, basename)| basename);
 
                 // Get error codes - same approach as CPython
-                // CPython: Modules/_ssl.c:474-496
                 let lib = sys::ERR_GET_LIB(e.code());
                 let reason = sys::ERR_GET_REASON(e.code());
 
@@ -3069,7 +3086,6 @@ mod _ssl {
                     .unwrap_or("unknown error");
 
                 // Check if this is a certificate verification error
-                // CPython: Modules/_ssl.c:663-666, 683-686
                 // ERR_LIB_SSL = 20 (from _ssl_data_300.h)
                 // SSL_R_CERTIFICATE_VERIFY_FAILED = 134 (from _ssl_data_300.h)
                 let is_cert_verify_error = lib == 20 && reason == 134;
@@ -3086,7 +3102,6 @@ mod _ssl {
                 };
 
                 // Build message
-                // CPython: Modules/_ssl.c:539-549
                 let msg = if let Some(lib_str) = lib_name {
                     format!("[{lib_str}] {errstr} ({file}:{line})")
                 } else {
@@ -3124,7 +3139,9 @@ mod _ssl {
                 }
 
                 // Convert back to PyBaseExceptionRef
-                exc_obj.downcast().unwrap()
+                exc_obj.downcast().expect(
+                    "exc_obj is created as PyBaseExceptionRef and must downcast successfully",
+                )
             }
             None => {
                 let cls = PySslError::class(&vm.ctx).to_owned();
