gevent._ssl3
– SSL wrapper for socket objects on Python 3¶For the documentation, refer to ssl
module manual.
This module implements cooperative SSL socket wrappers.
SSLContext
(protocol)¶Bases: ssl.SSLContext
wrap_socket
(sock, server_side=False, do_handshake_on_connect=True, suppress_ragged_eofs=True, server_hostname=None)¶SSLSocket
(sock=None, keyfile=None, certfile=None, server_side=False, cert_reqs=0, ssl_version=2, ca_certs=None, do_handshake_on_connect=True, family=2, type=1, proto=0, fileno=None, suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, server_hostname=None, _context=None)¶Bases: gevent._socket2.socket
dup
()¶read
(len=1024, buffer=None)¶Read up to LEN bytes and return them. Return zero-length string on EOF.
write
(data)¶Write DATA to the underlying SSL channel. Returns number of bytes of DATA actually transmitted.
getpeercert
(binary_form=False)¶Returns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.
selected_npn_protocol
()¶cipher
()¶compression
()¶send
(data, flags=0, timeout=<object object>)¶sendto
(data, flags_or_addr, addr=None)¶sendmsg
(*args, **kwargs)¶sendall
(data, flags=0)¶recv
(buflen=1024, flags=0)¶recv_into
(buffer, nbytes=None, flags=0)¶recvfrom
(buflen=1024, flags=0)¶recvfrom_into
(buffer, nbytes=None, flags=0)¶recvmsg
(*args, **kwargs)¶recvmsg_into
(*args, **kwargs)¶pending
()¶shutdown
(how)¶unwrap
()¶do_handshake
()¶Perform a TLS/SSL handshake.
connect
(addr)¶Connects to remote ADDR, and then wraps the connection in an SSL channel.
connect_ex
(addr)¶Connects to remote ADDR, and then wraps the connection in an SSL channel.
accept
()¶Accepts a new connection from a remote client, and returns a tuple containing that new connection wrapped with a server-side SSL channel, and the address of the remote client.
get_channel_binding
(cb_type='tls-unique')¶Get channel binding data for current connection. Raise ValueError if the requested cb_type is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake).
wrap_socket
(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=0, ssl_version=2, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None)¶get_server_certificate
(addr, ssl_version=2, ca_certs=None)¶Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If ‘ca_certs’ is specified, validate the server cert against it. If ‘ssl_version’ is specified, use it in the connection attempt.
CertificateError
¶Bases: exceptions.ValueError
DER_cert_to_PEM_cert
(der_cert_bytes)¶Takes a certificate in binary DER format and returns the PEM version of it as a string.
DefaultVerifyPaths
(cafile, capath, openssl_cafile_env, openssl_cafile, openssl_capath_env, openssl_capath)¶Bases: tuple
cafile
¶Alias for field number 0
capath
¶Alias for field number 1
openssl_cafile
¶Alias for field number 3
openssl_cafile_env
¶Alias for field number 2
openssl_capath
¶Alias for field number 5
openssl_capath_env
¶Alias for field number 4
PEM_cert_to_DER_cert
(pem_cert_string)¶Takes a certificate in ASCII PEM format and returns the DER-encoded version of it as a byte sequence
Purpose
¶Bases: ssl._ASN1Object
SSLContext purpose flags with X509v3 Extended Key Usage objects
CLIENT_AUTH
= _ASN1Object(nid=130, shortname='clientAuth', longname='TLS Web Client Authentication', oid='1.3.6.1.5.5.7.3.2')¶SERVER_AUTH
= _ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1')¶RAND_add
(string, entropy)¶Mix string into the OpenSSL PRNG state. entropy (a float) is a lower bound on the entropy contained in string. See RFC 1750.
RAND_egd
(path) → bytes¶Queries the entropy gather daemon (EGD) on the socket named by ‘path’. Returns number of bytes read. Raises SSLError if connection to EGD fails or if it does not provide enough data to seed PRNG.
RAND_status
() → 0 or 1¶Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not. It is necessary to seed the PRNG with RAND_add() on some platforms before using the ssl() function.
SSLEOFError
¶Bases: ssl.SSLError
SSL/TLS connection terminated abruptly.
SSLError
¶Bases: socket.error
An error occurred in the SSL implementation.
SSLSyscallError
¶Bases: ssl.SSLError
System error when attempting SSL operation.
SSLWantReadError
¶Bases: ssl.SSLError
Non-blocking SSL socket needs to read more data before the requested operation can be completed.
SSLWantWriteError
¶Bases: ssl.SSLError
Non-blocking SSL socket needs to write more data before the requested operation can be completed.
SSLZeroReturnError
¶Bases: ssl.SSLError
SSL/TLS session closed cleanly.
cert_time_to_seconds
(cert_time)¶Return the time in seconds since the Epoch, given the timestring
representing the “notBefore” or “notAfter” date from a certificate
in "%b %d %H:%M:%S %Y %Z"
strptime format (C locale).
“notBefore” or “notAfter” dates must use UTC (RFC 5280).
Month is one of: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec UTC should be specified as GMT (see ASN1_TIME_print())
closing
(thing)¶Bases: object
Context to automatically close something at the end of a block.
Code like this:
- with closing(<module>.open(<arguments>)) as f:
- <block>
is equivalent to this:
f = <module>.open(<arguments>) try:
<block>
- finally:
- f.close()
create_connection
(address, timeout=<object object>, source_address=None)¶Connect to address and return the socket object.
Convenience function. Connect to address (a 2-tuple (host,
port)
) and return the socket object. Passing the optional
timeout parameter will set the timeout on the socket instance
before attempting to connect. If no timeout is supplied, the
global default timeout setting returned by getdefaulttimeout()
is used. If source_address is set it must be a tuple of (host, port)
for the socket to bind as a source address before making the connection.
An host of ‘’ or port 0 tells the OS to use the default.
create_default_context
(purpose=_ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1'), cafile=None, capath=None, cadata=None)¶Create a SSLContext object with default settings.
get_default_verify_paths
()¶Return paths to default cafile and capath.
get_protocol_name
(protocol_code)¶match_hostname
(cert, hostname)¶Verify that cert (in decoded format as returned by SSLSocket.getpeercert()) matches the hostname. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for hostname.
CertificateError is raised on failure. On success, the function returns nothing.
namedtuple
(typename, field_names, verbose=False, rename=False)¶Returns a new subclass of tuple with named fields.
>>> Point = namedtuple('Point', ['x', 'y'])
>>> Point.__doc__ # docstring for the new class
'Point(x, y)'
>>> p = Point(11, y=22) # instantiate with positional args or keywords
>>> p[0] + p[1] # indexable like a plain tuple
33
>>> x, y = p # unpack like a regular tuple
>>> x, y
(11, 22)
>>> p.x + p.y # fields also accessable by name
33
>>> d = p._asdict() # convert to a dictionary
>>> d['x']
11
>>> Point(**d) # convert from a dictionary
Point(x=11, y=22)
>>> p._replace(x=100) # _replace() is like str.replace() but targets named fields
Point(x=100, y=22)
socket_error
¶alias of error
sslwrap_simple
(sock, keyfile=None, certfile=None)¶A replacement for the old socket.ssl function. Designed for compability with Python 2.5 and earlier. Will disappear in Python 3.0.
Next page: gevent._sslgte279
– SSL wrapper for socket objects on Python 2.7.9 and above