@@ -2020,25 +2020,24 @@ mod _ssl {
20202020 }
20212021
20222022 let peer_cert = stream. ssl ( ) . peer_certificate ( ) ;
2023- match peer_cert {
2024- None => Ok ( None ) ,
2025- Some ( cert) => {
2026- if binary {
2027- // Return DER-encoded certificate
2028- cert_to_py ( vm, & cert, true ) . map ( Some )
2023+ let Some ( cert) = peer_cert else {
2024+ return Ok ( None ) ;
2025+ } ;
2026+
2027+ if binary {
2028+ // Return DER-encoded certificate
2029+ cert_to_py ( vm, & cert, true ) . map ( Some )
2030+ } else {
2031+ // Check verify_mode
2032+ unsafe {
2033+ let ssl_ctx = sys:: SSL_get_SSL_CTX ( stream. ssl ( ) . as_ptr ( ) ) ;
2034+ let verify_mode = sys:: SSL_CTX_get_verify_mode ( ssl_ctx) ;
2035+ if ( verify_mode & sys:: SSL_VERIFY_PEER as libc:: c_int ) == 0 {
2036+ // Return empty dict when SSL_VERIFY_PEER is not set
2037+ Ok ( Some ( vm. ctx . new_dict ( ) . into ( ) ) )
20292038 } else {
2030- // Check verify_mode
2031- unsafe {
2032- let ssl_ctx = sys:: SSL_get_SSL_CTX ( stream. ssl ( ) . as_ptr ( ) ) ;
2033- let verify_mode = sys:: SSL_CTX_get_verify_mode ( ssl_ctx) ;
2034- if ( verify_mode & sys:: SSL_VERIFY_PEER as libc:: c_int ) == 0 {
2035- // Return empty dict when SSL_VERIFY_PEER is not set
2036- Ok ( Some ( vm. ctx . new_dict ( ) . into ( ) ) )
2037- } else {
2038- // Return decoded certificate
2039- cert_to_py ( vm, & cert, false ) . map ( Some )
2040- }
2041- }
2039+ // Return decoded certificate
2040+ cert_to_py ( vm, & cert, false ) . map ( Some )
20422041 }
20432042 }
20442043 }
@@ -2295,7 +2294,9 @@ mod _ssl {
22952294
22962295 // Return the underlying socket
22972296 // Get the socket from the stream (SocketStream wraps PyRef<PySocket>)
2298- let socket = stream. get_ref ( ) . unwrap ( ) ;
2297+ let socket = stream
2298+ . get_ref ( )
2299+ . expect ( "unwrap() called on bio mode; should only be called in socket mode" ) ;
22992300 Ok ( socket. 0 . clone ( ) )
23002301 }
23012302
@@ -2338,13 +2339,19 @@ mod _ssl {
23382339 }
23392340
23402341 // Socket mode: handle timeout and blocking
2341- let timeout = stream. get_ref ( ) . unwrap ( ) . timeout_deadline ( ) ;
2342+ let timeout = stream
2343+ . get_ref ( )
2344+ . expect ( "handshake called in bio mode; should only be called in socket mode" )
2345+ . timeout_deadline ( ) ;
23422346 loop {
23432347 let err = match stream. do_handshake ( ) {
23442348 Ok ( ( ) ) => return Ok ( ( ) ) ,
23452349 Err ( e) => e,
23462350 } ;
2347- let ( needs, state) = stream. get_ref ( ) . unwrap ( ) . socket_needs ( & err, & timeout) ;
2351+ let ( needs, state) = stream
2352+ . get_ref ( )
2353+ . expect ( "handshake called in bio mode; should only be called in socket mode" )
2354+ . socket_needs ( & err, & timeout) ;
23482355 match state {
23492356 SelectRet :: TimedOut => {
23502357 return Err ( socket:: timeout_error_msg (
@@ -2381,8 +2388,11 @@ mod _ssl {
23812388 }
23822389
23832390 // Socket mode: handle timeout and blocking
2384- let timeout = stream. get_ref ( ) . unwrap ( ) . timeout_deadline ( ) ;
2385- let state = stream. get_ref ( ) . unwrap ( ) . select ( SslNeeds :: Write , & timeout) ;
2391+ let socket_ref = stream
2392+ . get_ref ( )
2393+ . expect ( "write called in bio mode; should only be called in socket mode" ) ;
2394+ let timeout = socket_ref. timeout_deadline ( ) ;
2395+ let state = socket_ref. select ( SslNeeds :: Write , & timeout) ;
23862396 match state {
23872397 SelectRet :: TimedOut => {
23882398 return Err ( socket:: timeout_error_msg (
@@ -2398,7 +2408,10 @@ mod _ssl {
23982408 Ok ( len) => return Ok ( len) ,
23992409 Err ( e) => e,
24002410 } ;
2401- let ( needs, state) = stream. get_ref ( ) . unwrap ( ) . socket_needs ( & err, & timeout) ;
2411+ let ( needs, state) = stream
2412+ . get_ref ( )
2413+ . expect ( "write called in bio mode; should only be called in socket mode" )
2414+ . socket_needs ( & err, & timeout) ;
24022415 match state {
24032416 SelectRet :: TimedOut => {
24042417 return Err ( socket:: timeout_error_msg (
@@ -2524,7 +2537,10 @@ mod _ssl {
25242537 }
25252538 } else {
25262539 // Socket mode: handle timeout and blocking
2527- let timeout = stream. get_ref ( ) . unwrap ( ) . timeout_deadline ( ) ;
2540+ let timeout = stream
2541+ . get_ref ( )
2542+ . expect ( "read called in bio mode; should only be called in socket mode" )
2543+ . timeout_deadline ( ) ;
25282544 loop {
25292545 let err = match stream. ssl_read ( buf) {
25302546 Ok ( count) => break count,
@@ -2535,7 +2551,10 @@ mod _ssl {
25352551 {
25362552 break 0 ;
25372553 }
2538- let ( needs, state) = stream. get_ref ( ) . unwrap ( ) . socket_needs ( & err, & timeout) ;
2554+ let ( needs, state) = stream
2555+ . get_ref ( )
2556+ . expect ( "read called in bio mode; should only be called in socket mode" )
2557+ . socket_needs ( & err, & timeout) ;
25392558 match state {
25402559 SelectRet :: TimedOut => {
25412560 return Err ( socket:: timeout_error_msg (
@@ -3124,7 +3143,9 @@ mod _ssl {
31243143 }
31253144
31263145 // Convert back to PyBaseExceptionRef
3127- exc_obj. downcast ( ) . unwrap ( )
3146+ exc_obj. downcast ( ) . expect (
3147+ "exc_obj is created as PyBaseExceptionRef and must downcast successfully" ,
3148+ )
31283149 }
31293150 None => {
31303151 let cls = PySslError :: class ( & vm. ctx ) . to_owned ( ) ;
0 commit comments