cheroot.ssl.pyopenssl module#

A library for integrating pyOpenSSL with Cheroot.

The OpenSSL module must be importable for SSL/TLS/HTTPS functionality. You can obtain it from here.

To use this module, set HTTPServer.ssl_adapter to an instance of ssl.Adapter. There are two ways to use TLS:

Method One#

If this is not None, it is assumed to be an SSL.Context instance, and will be passed to SSL.Connection on bind(). The developer is responsible for forming a valid Context object. This approach is to be preferred for more flexibility, e.g. if the cert and key are streams instead of files, or need decryption, or SSL.SSLv3_METHOD is desired instead of the default SSL.SSLv23_METHOD, etc. Consult the pyOpenSSL documentation for complete options.

Method Two (shortcut)#

Both are None by default. If ssl_adapter.context is None, but .private_key and .certificate are both given and valid, they will be read, and the context will be automatically created from them.

class cheroot.ssl.pyopenssl.SSLConnection(*args)#

Bases: object

A thread-safe wrapper for an SSL.Connection.

Parameters:

args (tuple) – the arguments to create the wrapped SSL.Connection(*args)

accept(*args)#
bind(*args)#
close(*args)#
connect(*args)#
connect_ex(*args)#
property family#
fileno(*args)#
get_app_data(*args)#
get_cipher_list(*args)#
get_context(*args)#
get_peer_certificate(*args)#
getpeername(*args)#
getsockname(*args)#
getsockopt(*args)#
gettimeout(*args)#
listen(*args)#
makefile(*args)#
pending(*args)#
read(*args)#
recv(*args)#
renegotiate(*args)#
send(*args)#
sendall(*args)#
set_accept_state(*args)#
set_app_data(*args)#
set_connect_state(*args)#
setblocking(*args)#
setsockopt(*args)#
settimeout(*args)#
shutdown(*args)#
sock_shutdown(*args)#
state_string(*args)#
want_read(*args)#
want_write(*args)#
write(*args)#
class cheroot.ssl.pyopenssl.SSLConnectionProxyMeta(name, bases, nmspc)#

Bases: object

Metaclass for generating a bunch of proxy methods.

class cheroot.ssl.pyopenssl.SSLFileobjectMixin#

Bases: object

Base mixin for a TLS socket stream.

_safe_call(is_reader, call, *args, **kwargs)#

Wrap the given call with TLS error-trapping.

is_reader: if False EOF errors will be raised. If True, EOF errors will return “” (to emulate normal sockets).

readline(size=-1)#

Receive message of a size from the socket.

Matches the following interface: https://docs.python.org/3/library/io.html#io.IOBase.readline

recv(size)#

Receive message of a size from the socket.

send(*args, **kwargs)#

Send some part of message to the socket.

sendall(*args, **kwargs)#

Send whole message to the socket.

ssl_retry = 0.01#
ssl_timeout = 3#
class cheroot.ssl.pyopenssl.SSLFileobjectStreamReader(sock, mode='r', bufsize=8192)#

Bases: SSLFileobjectMixin, StreamReader

SSL file object attached to a socket object.

_abc_impl = <_abc._abc_data object>#
class cheroot.ssl.pyopenssl.SSLFileobjectStreamWriter(sock, mode='w', bufsize=8192)#

Bases: SSLFileobjectMixin, StreamWriter

SSL file object attached to a socket object.

_abc_impl = <_abc._abc_data object>#
class cheroot.ssl.pyopenssl.pyOpenSSLAdapter(certificate, private_key, certificate_chain=None, ciphers=None)#

Bases: Adapter

A wrapper for integrating pyOpenSSL with Cheroot.

_abc_impl = <_abc._abc_data object>#
bind(sock)#

Wrap and return the given socket.

certificate = None#

The file name of the server’s TLS certificate.

certificate_chain = None#

Optional. The file name of CA’s intermediate certificate bundle.

This is needed for cheaper “chained root” TLS certificates, and should be left as None if not required.

ciphers = None#

The ciphers list of TLS.

context = None#

An instance of SSL.Context.

get_context()#

Return an SSL.Context from self attributes.

Ref: SSL.Context

get_environ()#

Return WSGI environ entries to be merged into each request.

makefile(sock, mode='r', bufsize=-1)#

Return socket file object.

private_key = None#

The file name of the server’s private key file.

wrap(sock)#

Wrap and return the given socket, plus WSGI environ entries.