cheroot.ssl.builtin module#
A library for integrating Python’s builtin ssl
library with Cheroot.
The ssl
module must be importable for SSL functionality.
To use this module, set HTTPServer.ssl_adapter
to an instance of
BuiltinSSLAdapter
.
- class cheroot.ssl.builtin.BuiltinSSLAdapter(certificate, private_key, certificate_chain=None, ciphers=None)#
Bases:
Adapter
Wrapper for integrating Python’s builtin
ssl
with Cheroot.- CERT_KEY_TO_ENV = {'issuer': 'I_DN', 'notAfter': 'V_END', 'notBefore': 'V_START', 'serialNumber': 'M_SERIAL', 'subject': 'S_DN', 'subjectAltName': 'SAN', 'version': 'M_VERSION'}#
- CERT_KEY_TO_LDAP_CODE = {'commonName': 'CN', 'countryName': 'C', 'description': 'D', 'emailAddress': 'Email', 'givenName': 'G', 'initials': 'I', 'localityName': 'L', 'organizationName': 'O', 'organizationalUnitName': 'OU', 'stateOrProvinceName': 'ST', 'surname': 'S', 'title': 'T', 'userid': 'UID'}#
- _abc_impl = <_abc._abc_data object>#
- _make_env_cert_dict(env_prefix, parsed_cert)#
Return a dict of WSGI environment variables for a certificate.
E.g. SSL_CLIENT_M_VERSION, SSL_CLIENT_M_SERIAL, etc. See https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#envvars.
- _make_env_dn_dict(env_prefix, cert_value)#
Return a dict of WSGI environment variables for a certificate DN.
E.g. SSL_CLIENT_S_DN_CN, SSL_CLIENT_S_DN_C, etc. See SSL_CLIENT_S_DN_x509 at https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#envvars.
- _make_env_san_dict(env_prefix, cert_value)#
Return a dict of WSGI environment variables for a certificate DN.
E.g. SSL_CLIENT_SAN_Email_0, SSL_CLIENT_SAN_DNS_0, etc. See SSL_CLIENT_SAN_* at https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#envvars.
- bind(sock)#
Wrap and return the given socket.
- certificate = None#
The file name of the server SSL certificate.
- certificate_chain = None#
The file name of the certificate chain file.
- ciphers = None#
The ciphers list of SSL.
- property context#
SSLContext
that will be used to wrap sockets.
- get_environ(sock)#
Create WSGI environ entries to be merged into each request.
- makefile(sock, mode='r', bufsize=8192)#
Return socket file object.
- private_key = None#
The file name of the server’s private key file.
- wrap(sock)#
Wrap and return the given socket, plus WSGI environ entries.
- cheroot.ssl.builtin._assert_ssl_exc_contains(exc, *msgs)#
Check whether SSL exception contains either of messages provided.
- cheroot.ssl.builtin._loopback_for_cert(certificate, private_key, certificate_chain)#
Create a loopback connection to parse a cert with a private key.
- cheroot.ssl.builtin._loopback_for_cert_thread(context, server)#
Wrap a socket in ssl and perform the server-side handshake.
- cheroot.ssl.builtin._parse_cert(certificate, private_key, certificate_chain)#
Parse a certificate.
- cheroot.ssl.builtin._sni_callback(sock, sni, context)#
Handle the SNI callback to tag the socket with the SNI.