cheroot.ssl.pyopenssl module#
A library for integrating pyOpenSSL with Cheroot.
The OpenSSL
module must be importable
for SSL/TLS/HTTPS functionality.
You can obtain it from here.
To use this module, set HTTPServer.ssl_adapter
to an instance of
ssl.Adapter
.
There are two ways to use TLS:
Method One#
ssl_adapter.context
: an instance ofSSL.Context
.
If this is not None, it is assumed to be an SSL.Context
instance, and will be passed to
SSL.Connection
on bind().
The developer is responsible for forming a valid Context
object. This
approach is to be preferred for more flexibility, e.g. if the cert and
key are streams instead of files, or need decryption, or
SSL.SSLv3_METHOD
is desired instead of the default SSL.SSLv23_METHOD
, etc. Consult
the pyOpenSSL documentation for
complete options.
Method Two (shortcut)#
ssl_adapter.certificate
: the file name of the server’s TLS certificate.
ssl_adapter.private_key
: the file name of the server’s private key file.
Both are None
by default. If ssl_adapter.context
is None
,
but .private_key
and .certificate
are both given and valid, they
will be read, and the context will be automatically created from them.
- class cheroot.ssl.pyopenssl.SSLConnection(*args)#
Bases:
object
A thread-safe wrapper for an
SSL.Connection
.- Parameters:
args (tuple) – the arguments to create the wrapped
SSL.Connection(*args)
- accept(*args)#
- bind(*args)#
- close(*args)#
- connect(*args)#
- connect_ex(*args)#
- property family#
- fileno(*args)#
- get_app_data(*args)#
- get_cipher_list(*args)#
- get_context(*args)#
- get_peer_certificate(*args)#
- getpeername(*args)#
- getsockname(*args)#
- getsockopt(*args)#
- gettimeout(*args)#
- listen(*args)#
- makefile(*args)#
- pending(*args)#
- read(*args)#
- recv(*args)#
- renegotiate(*args)#
- send(*args)#
- sendall(*args)#
- set_accept_state(*args)#
- set_app_data(*args)#
- set_connect_state(*args)#
- setblocking(*args)#
- setsockopt(*args)#
- settimeout(*args)#
- shutdown(*args)#
- sock_shutdown(*args)#
- state_string(*args)#
- want_read(*args)#
- want_write(*args)#
- write(*args)#
- class cheroot.ssl.pyopenssl.SSLConnectionProxyMeta(name, bases, nmspc)#
Bases:
object
Metaclass for generating a bunch of proxy methods.
- class cheroot.ssl.pyopenssl.SSLFileobjectMixin#
Bases:
object
Base mixin for a TLS socket stream.
- _safe_call(is_reader, call, *args, **kwargs)#
Wrap the given call with TLS error-trapping.
is_reader: if False EOF errors will be raised. If True, EOF errors will return “” (to emulate normal sockets).
- readline(size=-1)#
Receive message of a size from the socket.
Matches the following interface: https://docs.python.org/3/library/io.html#io.IOBase.readline
- recv(size)#
Receive message of a size from the socket.
- send(*args, **kwargs)#
Send some part of message to the socket.
- sendall(*args, **kwargs)#
Send whole message to the socket.
- ssl_retry = 0.01#
- ssl_timeout = 3#
- class cheroot.ssl.pyopenssl.SSLFileobjectStreamReader(sock, mode='r', bufsize=8192)#
Bases:
SSLFileobjectMixin
,StreamReader
SSL file object attached to a socket object.
- _abc_impl = <_abc._abc_data object>#
- class cheroot.ssl.pyopenssl.SSLFileobjectStreamWriter(sock, mode='w', bufsize=8192)#
Bases:
SSLFileobjectMixin
,StreamWriter
SSL file object attached to a socket object.
- _abc_impl = <_abc._abc_data object>#
- class cheroot.ssl.pyopenssl.pyOpenSSLAdapter(certificate, private_key, certificate_chain=None, ciphers=None)#
Bases:
Adapter
A wrapper for integrating pyOpenSSL with Cheroot.
- _abc_impl = <_abc._abc_data object>#
- bind(sock)#
Wrap and return the given socket.
- certificate = None#
The file name of the server’s TLS certificate.
- certificate_chain = None#
Optional. The file name of CA’s intermediate certificate bundle.
This is needed for cheaper “chained root” TLS certificates, and should be left as
None
if not required.
- ciphers = None#
The ciphers list of TLS.
- context = None#
An instance of
SSL.Context
.
- get_context()#
Return an
SSL.Context
from self attributes.Ref:
SSL.Context
- get_environ()#
Return WSGI environ entries to be merged into each request.
- makefile(sock, mode='r', bufsize=-1)#
Return socket file object.
- private_key = None#
The file name of the server’s private key file.
- wrap(sock)#
Wrap and return the given socket, plus WSGI environ entries.