Backport some changes from the 3.6 branch

Src/IronPython.Modules/_ssl.cs

@@ -120,7 +120,8 @@ public class _SSLContext {
 
             public _SSLContext(CodeContext context, int protocol) {
                 if (protocol != PROTOCOL_SSLv2 && protocol != PROTOCOL_SSLv23 && protocol != PROTOCOL_SSLv3 &&
-                    protocol != PROTOCOL_TLSv1 && protocol != PROTOCOL_TLSv1_1 && protocol != PROTOCOL_TLSv1_2) {
+                    protocol != PROTOCOL_TLSv1 && protocol != PROTOCOL_TLSv1_1 && protocol != PROTOCOL_TLSv1_2 &&
+                    protocol != PROTOCOL_TLS_CLIENT && protocol != PROTOCOL_TLS_SERVER) {
                     throw PythonOps.ValueError("invalid protocol version");
                 }
 
@@ -131,8 +132,8 @@ public _SSLContext(CodeContext context, int protocol) {
                 if (protocol != PROTOCOL_SSLv3)
                     options |= OP_NO_SSLv3;
 
-                verify_mode = SSL_VERIFY_NONE;
-                check_hostname = false;
+                verify_mode = protocol == PROTOCOL_TLS_CLIENT ? CERT_REQUIRED : SSL_VERIFY_NONE;
+                check_hostname = protocol == PROTOCOL_TLS_CLIENT;
             }
 
             public void set_ciphers(CodeContext context, string ciphers) {
@@ -200,11 +201,7 @@ public void set_ecdh_curve(CodeContext context, [NotNone] Bytes curve) {
             public void load_cert_chain(CodeContext context, string certfile, string keyfile = null, object password = null) {
                 if (keyfile is not null) throw new NotImplementedException(nameof(keyfile));
                 if (password is not null) throw new NotImplementedException(nameof(password));
-#if NET
-                _cert = X509Certificate2.CreateFromPemFile(certfile, keyfile);
-#else
                 _cert = ReadCertificate(context, certfile, readKey: true);
-#endif
             }
 
             public PythonList get_ca_certs(CodeContext context, bool binary_form = false) {
@@ -766,6 +763,17 @@ public void write_eof() {
 
 #nullable restore
 
+        [PythonType]
+        public class SSLSession {
+            public object has_ticket { get; }
+            public object id { get; }
+            public object ticket_lifetime_hint { get; }
+            public object time { get; }
+            public object timeout { get; }
+
+            private SSLSession() { }
+        }
+
         public static object txt2obj(CodeContext context, string txt, bool name = false) {
             Asn1Object obj = null;
             if (name) {
@@ -995,7 +1003,11 @@ private static PythonTuple IssuerFieldToPython(CodeContext context, string p) {
         private static X509Certificate2 ReadCertificate(CodeContext context, string filename, bool readKey = false) {
 #if NET
             if (readKey) {
-                return X509Certificate2.CreateFromPemFile(filename);
+                try {
+                    return X509Certificate2.CreateFromPemFile(filename);
+                } catch (Exception e) {
+                    throw ErrorDecoding(context, filename, e);
+                }
             }
 #endif
 
@@ -1239,16 +1251,19 @@ private static Exception ErrorDecoding(CodeContext context, params object[] args
         public const int PROTOCOL_TLSv1 = 3;
         public const int PROTOCOL_TLSv1_1 = 4;
         public const int PROTOCOL_TLSv1_2 = 5;
+        public const int PROTOCOL_TLS_CLIENT = 16;
+        public const int PROTOCOL_TLS_SERVER = 17;
 
         public const int OP_ALL = unchecked((int)0x800003FF);
-        public const int OP_CIPHER_SERVER_PREFERENCE = 0x400000;
-        public const int OP_SINGLE_DH_USE = 0x100000;
-        public const int OP_SINGLE_ECDH_USE = 0x80000;
+        public const int OP_CIPHER_SERVER_PREFERENCE = 0; // 0x400000;
+        public const int OP_SINGLE_DH_USE = 0; // 0x100000;
+        public const int OP_SINGLE_ECDH_USE = 0; // 0x80000;
         public const int OP_NO_SSLv2 = 0x01000000;
         public const int OP_NO_SSLv3 = 0x02000000;
         public const int OP_NO_TLSv1 = 0x04000000;
         public const int OP_NO_TLSv1_1 = 0x10000000;
         public const int OP_NO_TLSv1_2 = 0x08000000;
+        public const int OP_NO_TLSv1_3 = 0; // 0x20000000;
 
         internal const int OP_NO_COMPRESSION = 0x20000;
         internal const int OP_NO_ALL = OP_NO_SSLv2 | OP_NO_SSLv3 | OP_NO_TLSv1 | OP_NO_TLSv1_1 | OP_NO_TLSv1_2 | OP_NO_COMPRESSION;
@@ -1274,6 +1289,7 @@ private static Exception ErrorDecoding(CodeContext context, params object[] args
         public const bool HAS_NPN = false;
         public const bool HAS_ALPN = false;
         public const bool HAS_TLS_UNIQUE = false;
+        public const bool HAS_TLSv1_3 = false;
 
         private const int SSL_VERIFY_NONE = 0x00;
         private const int SSL_VERIFY_PEER = 0x01;

Src/IronPython.Modules/mmap.cs

@@ -727,20 +727,23 @@ public object tell() {
                 }
             }
 
-            public void write([BytesLike] IList<byte> s) {
+            public int write([NotNone] IBufferProtocol s) {
+                using var buffer = s.GetBuffer();
                 using (new MmapLocker(this)) {
                     EnsureWritable();
 
                     long pos = Position;
 
-                    if (_view.Capacity - pos < s.Count) {
+                    if (_view.Capacity - pos < buffer.AsReadOnlySpan().Length) {
                         throw PythonOps.ValueError("data out of range");
                     }
 
-                    byte[] data = s as byte[] ?? (s is Bytes b ? b.UnsafeByteArray : s.ToArray());
-                    _view.WriteArray(pos, data, 0, s.Count);
+                    byte[] data = buffer.AsUnsafeArray() ?? buffer.ToArray();
+                    _view.WriteArray(pos, data, 0, data.Length);
 
-                    Position = pos + s.Count;
+                    Position = pos + data.Length;
+
+                    return data.Length;
                 }
             }