Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(29564)

Delta Between Two Patch Sets: Lib/ssl.py

Issue 8109: Server-side support for TLS Server Name Indication extension
Left Patch Set: Created 7 years, 2 months ago
Right Patch Set: Created 7 years, 1 month ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
LEFTRIGHT
(no file at all)
1 # Wrapper module for _ssl, providing some additional facilities 1 # Wrapper module for _ssl, providing some additional facilities
2 # implemented in Python. Written by Bill Janssen. 2 # implemented in Python. Written by Bill Janssen.
3 3
4 """This module provides some more Pythonic support for SSL. 4 """This module provides some more Pythonic support for SSL.
5 5
6 Object types: 6 Object types:
7 7
8 SSLSocket -- subtype of socket.socket which does SSL over the socket 8 SSLSocket -- subtype of socket.socket which does SSL over the socket
9 9
10 Exceptions: 10 Exceptions:
(...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after
229 def __init__(self, sock=None, keyfile=None, certfile=None, 229 def __init__(self, sock=None, keyfile=None, certfile=None,
230 server_side=False, cert_reqs=CERT_NONE, 230 server_side=False, cert_reqs=CERT_NONE,
231 ssl_version=PROTOCOL_SSLv23, ca_certs=None, 231 ssl_version=PROTOCOL_SSLv23, ca_certs=None,
232 do_handshake_on_connect=True, 232 do_handshake_on_connect=True,
233 family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None, 233 family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None,
234 suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, 234 suppress_ragged_eofs=True, npn_protocols=None, ciphers=None,
235 server_hostname=None, 235 server_hostname=None,
236 _context=None): 236 _context=None):
237 237
238 if _context: 238 if _context:
239 self.context = _context 239 self._context = _context
240 else: 240 else:
241 if server_side and not certfile: 241 if server_side and not certfile:
242 raise ValueError("certfile must be specified for server-side " 242 raise ValueError("certfile must be specified for server-side "
243 "operations") 243 "operations")
244 if keyfile and not certfile: 244 if keyfile and not certfile:
245 raise ValueError("certfile must be specified") 245 raise ValueError("certfile must be specified")
246 if certfile and not keyfile: 246 if certfile and not keyfile:
247 keyfile = certfile 247 keyfile = certfile
248 self.context = SSLContext(ssl_version) 248 self._context = SSLContext(ssl_version)
249 self.context.verify_mode = cert_reqs 249 self._context.verify_mode = cert_reqs
250 if ca_certs: 250 if ca_certs:
251 self.context.load_verify_locations(ca_certs) 251 self._context.load_verify_locations(ca_certs)
252 if certfile: 252 if certfile:
253 self.context.load_cert_chain(certfile, keyfile) 253 self._context.load_cert_chain(certfile, keyfile)
254 if npn_protocols: 254 if npn_protocols:
255 self.context.set_npn_protocols(npn_protocols) 255 self._context.set_npn_protocols(npn_protocols)
256 if ciphers: 256 if ciphers:
257 self.context.set_ciphers(ciphers) 257 self._context.set_ciphers(ciphers)
258 self.keyfile = keyfile 258 self.keyfile = keyfile
259 self.certfile = certfile 259 self.certfile = certfile
260 self.cert_reqs = cert_reqs 260 self.cert_reqs = cert_reqs
261 self.ssl_version = ssl_version 261 self.ssl_version = ssl_version
262 self.ca_certs = ca_certs 262 self.ca_certs = ca_certs
263 self.ciphers = ciphers 263 self.ciphers = ciphers
264 if server_side and server_hostname: 264 if server_side and server_hostname:
265 raise ValueError("server_hostname can only be specified " 265 raise ValueError("server_hostname can only be specified "
266 "in client mode") 266 "in client mode")
267 self.server_side = server_side 267 self.server_side = server_side
(...skipping 21 matching lines...) Expand all
289 socket.__init__(self, fileno=fileno) 289 socket.__init__(self, fileno=fileno)
290 else: 290 else:
291 socket.__init__(self, family=family, type=type, proto=proto) 291 socket.__init__(self, family=family, type=type, proto=proto)
292 292
293 self._closed = False 293 self._closed = False
294 self._sslobj = None 294 self._sslobj = None
295 self._connected = connected 295 self._connected = connected
296 if connected: 296 if connected:
297 # create the SSL object 297 # create the SSL object
298 try: 298 try:
299 self._sslobj = self.context._wrap_socket(self, server_side, 299 self._sslobj = self._context._wrap_socket(self, server_side,
300 server_hostname) 300 server_hostname)
301 if do_handshake_on_connect: 301 if do_handshake_on_connect:
302 timeout = self.gettimeout() 302 timeout = self.gettimeout()
303 if timeout == 0.0: 303 if timeout == 0.0:
304 # non-blocking 304 # non-blocking
305 raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets") 305 raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
306 self.do_handshake() 306 self.do_handshake()
307 307
308 except socket_error as x: 308 except socket_error as x:
309 self.close() 309 self.close()
310 raise x 310 raise x
311 @property
312 def context(self):
313 return self._context
314
315 @context.setter
316 def context(self, ctx):
317 self._context = ctx
318 self._set_context(ctx)
AntoinePitrou 2012/12/02 12:02:40 Probably `self._sslobj._set_context(ctx)`.
dan 2012/12/10 04:28:24 yes!
311 319
312 def dup(self): 320 def dup(self):
313 raise NotImplemented("Can't dup() %s instances" % 321 raise NotImplemented("Can't dup() %s instances" %
314 self.__class__.__name__) 322 self.__class__.__name__)
315 323
316 def _checkClosed(self, msg=None): 324 def _checkClosed(self, msg=None):
317 # raise an exception here if you wish to check for spurious closes 325 # raise an exception here if you wish to check for spurious closes
318 pass 326 pass
319 327
320 def read(self, len=0, buffer=None): 328 def read(self, len=0, buffer=None):
(...skipping 325 matching lines...) Expand 10 before | Expand all | Expand 10 after
646 cert_reqs = CERT_NONE 654 cert_reqs = CERT_NONE
647 s = create_connection(addr) 655 s = create_connection(addr)
648 s = wrap_socket(s, ssl_version=ssl_version, 656 s = wrap_socket(s, ssl_version=ssl_version,
649 cert_reqs=cert_reqs, ca_certs=ca_certs) 657 cert_reqs=cert_reqs, ca_certs=ca_certs)
650 dercert = s.getpeercert(True) 658 dercert = s.getpeercert(True)
651 s.close() 659 s.close()
652 return DER_cert_to_PEM_cert(dercert) 660 return DER_cert_to_PEM_cert(dercert)
653 661
654 def get_protocol_name(protocol_code): 662 def get_protocol_name(protocol_code):
655 return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') 663 return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
LEFTRIGHT

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+