Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(15)

Unified Diff: Doc/library/ssl.rst

Issue 10639: reindent.py converts newlines to platform default
Patch Set: Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Doc/library/sqlite3.rst ('k') | Doc/library/stat.rst » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
--- a/Doc/library/ssl.rst Tue Jul 26 09:37:46 2011 +0300
+++ b/Doc/library/ssl.rst Mon Jul 25 09:47:18 2011 -0400
@@ -386,13 +386,6 @@
.. versionadded:: 3.2
-.. data:: CHANNEL_BINDING_TYPES
-
- List of supported TLS channel binding types. Strings in this list
- can be used as arguments to :meth:`SSLSocket.get_channel_binding`.
-
- .. versionadded:: 3.3
-
.. data:: OPENSSL_VERSION
The version string of the OpenSSL library loaded by the interpreter::
@@ -447,16 +440,27 @@
the same limitation)
- :meth:`~socket.socket.shutdown()`
-However, since the SSL (and TLS) protocol has its own framing atop
-of TCP, the SSL sockets abstraction can, in certain respects, diverge from
-the specification of normal, OS-level sockets. See especially the
-:ref:`notes on non-blocking sockets <ssl-nonblocking>`.
-
-SSL sockets also have the following additional methods and attributes:
+They also have the following additional methods and attributes:
.. method:: SSLSocket.do_handshake()
- Perform the SSL setup handshake.
+ Performs the SSL setup handshake. If the socket is non-blocking, this method
+ may raise :exc:`SSLError` with the value of the exception instance's
+ ``args[0]`` being either :const:`SSL_ERROR_WANT_READ` or
+ :const:`SSL_ERROR_WANT_WRITE`, and should be called again until it stops
+ raising those exceptions. Here's an example of how to do that::
+
+ while True:
+ try:
+ sock.do_handshake()
+ break
+ except ssl.SSLError as err:
+ if err.args[0] == ssl.SSL_ERROR_WANT_READ:
+ select.select([sock], [], [])
+ elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
+ select.select([], [sock], [])
+ else:
+ raise
.. method:: SSLSocket.getpeercert(binary_form=False)
@@ -502,18 +506,6 @@
version of the SSL protocol that defines its use, and the number of secret
bits being used. If no connection has been established, returns ``None``.
-.. method:: SSLSocket.get_channel_binding(cb_type="tls-unique")
-
- Get channel binding data for current connection, as a bytes object. Returns
- ``None`` if not connected or the handshake has not been completed.
-
- The *cb_type* parameter allow selection of the desired channel binding
- type. Valid channel binding types are listed in the
- :data:`CHANNEL_BINDING_TYPES` list. Currently only the 'tls-unique' channel
- binding, defined by :rfc:`5929`, is supported. :exc:`ValueError` will be
- raised if an unsupported channel binding type is requested.
-
- .. versionadded:: 3.3
.. method:: SSLSocket.unwrap()
@@ -957,42 +949,6 @@
the sockets in non-blocking mode and use an event loop).
-.. _ssl-nonblocking:
-
-Notes on non-blocking sockets
------------------------------
-
-When working with non-blocking sockets, there are several things you need
-to be aware of:
-
-- Calling :func:`~select.select` tells you that the OS-level socket can be
- read from (or written to), but it does not imply that there is sufficient
- data at the upper SSL layer. For example, only part of an SSL frame might
- have arrived. Therefore, you must be ready to handle :meth:`SSLSocket.recv`
- and :meth:`SSLSocket.send` failures, and retry after another call to
- :func:`~select.select`.
-
- (of course, similar provisions apply when using other primitives such as
- :func:`~select.poll`)
-
-- The SSL handshake itself will be non-blocking: the
- :meth:`SSLSocket.do_handshake` method has to be retried until it returns
- successfully. Here is a synopsis using :func:`~select.select` to wait for
- the socket's readiness::
-
- while True:
- try:
- sock.do_handshake()
- break
- except ssl.SSLError as err:
- if err.args[0] == ssl.SSL_ERROR_WANT_READ:
- select.select([sock], [], [])
- elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
- select.select([], [sock], [])
- else:
- raise
-
-
.. _ssl-security:
Security considerations
« no previous file with comments | « Doc/library/sqlite3.rst ('k') | Doc/library/stat.rst » ('j') | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+