cheroot.ssl.pyopenssl module#
A library for integrating pyOpenSSL with Cheroot.
The OpenSSL module must be importable
for SSL/TLS/HTTPS functionality.
You can obtain it from here.
To use this module, set HTTPServer.ssl_adapter to an instance of
ssl.Adapter.
There are two ways to use TLS:
Method One#
ssl_adapter.context: an instance ofSSL.Context.
If this is not None, it is assumed to be an SSL.Context instance, and will be passed to
SSL.Connection on bind().
The developer is responsible for forming a valid Context object. This
approach is to be preferred for more flexibility, e.g. if the cert and
key are streams instead of files, or need decryption, or
SSL.SSLv3_METHOD
is desired instead of the default SSL.SSLv23_METHOD, etc. Consult
the pyOpenSSL documentation for
complete options.
Method Two (shortcut)#
ssl_adapter.certificate: the file name of the server’s TLS certificate.
ssl_adapter.private_key: the file name of the server’s private key file.
Both are None by default. If ssl_adapter.context is None,
but .private_key and .certificate are both given and valid, they
will be read, and the context will be automatically created from them.
- class cheroot.ssl.pyopenssl.SSLConnection(*args)#
Bases:
objectA thread-safe wrapper for an
SSL.Connection.- Parameters:
args (tuple) – the arguments to create the wrapped
SSL.Connection(*args)
- accept(*args)#
- bind(*args)#
- close(*args)#
- connect(*args)#
- connect_ex(*args)#
- property family#
- fileno(*args)#
- get_app_data(*args)#
- get_cipher_list(*args)#
- get_context(*args)#
- get_peer_certificate(*args)#
- getpeername(*args)#
- getsockname(*args)#
- getsockopt(*args)#
- gettimeout(*args)#
- listen(*args)#
- makefile(*args)#
- pending(*args)#
- read(*args)#
- recv(*args)#
- renegotiate(*args)#
- send(*args)#
- sendall(*args)#
- set_accept_state(*args)#
- set_app_data(*args)#
- set_connect_state(*args)#
- setblocking(*args)#
- setsockopt(*args)#
- settimeout(*args)#
- shutdown(*args)#
- sock_shutdown(*args)#
- state_string(*args)#
- want_read(*args)#
- want_write(*args)#
- write(*args)#
- class cheroot.ssl.pyopenssl.SSLConnectionProxyMeta(name, bases, nmspc)#
Bases:
objectMetaclass for generating a bunch of proxy methods.
- class cheroot.ssl.pyopenssl.SSLFileobjectMixin#
Bases:
objectBase mixin for a TLS socket stream.
- _safe_call(is_reader, call, *args, **kwargs)#
Wrap the given call with TLS error-trapping.
is_reader: if False EOF errors will be raised. If True, EOF errors will return “” (to emulate normal sockets).
- readline(size=-1)#
Receive message of a size from the socket.
Matches the following interface: https://docs.python.org/3/library/io.html#io.IOBase.readline
- recv(size)#
Receive message of a size from the socket.
- send(*args, **kwargs)#
Send some part of message to the socket.
- sendall(*args, **kwargs)#
Send whole message to the socket.
- ssl_retry = 0.01#
- ssl_timeout = 3#
- class cheroot.ssl.pyopenssl.SSLFileobjectStreamReader(sock, mode='r', bufsize=8192)#
Bases:
SSLFileobjectMixin,StreamReaderSSL file object attached to a socket object.
- _abc_impl = <_abc._abc_data object>#
- class cheroot.ssl.pyopenssl.SSLFileobjectStreamWriter(sock, mode='w', bufsize=8192)#
Bases:
SSLFileobjectMixin,StreamWriterSSL file object attached to a socket object.
- _abc_impl = <_abc._abc_data object>#
- cheroot.ssl.pyopenssl._morph_syscall_to_connection_error(method_name, /)#
Handle
OpenSSL.SSL.SysCallErrorin a wrapped method.This context manager catches and re-raises SSL system call errors with appropriate exception types.
- Yields:
None: Execution continues within the context block.
- class cheroot.ssl.pyopenssl.pyOpenSSLAdapter(certificate, private_key, certificate_chain=None, ciphers=None)#
Bases:
AdapterA wrapper for integrating pyOpenSSL.
- _abc_impl = <_abc._abc_data object>#
- bind(sock)#
Wrap and return the given socket.
- certificate = None#
The file name of the server’s TLS certificate.
- certificate_chain = None#
Optional. The file name of CA’s intermediate certificate bundle.
This is needed for cheaper “chained root” TLS certificates, and should be left as
Noneif not required.
- ciphers = None#
The ciphers list of TLS.
- context = None#
An instance of
SSL.Context.
- get_context()#
Return an
SSL.Contextfrom self attributes.Ref:
SSL.Context
- get_environ()#
Return WSGI environ entries to be merged into each request.
- makefile(sock, mode='r', bufsize=-1)#
Return socket file object.
- private_key = None#
The file name of the server’s private key file.
- wrap(sock)#
Wrap and return the given socket, plus WSGI environ entries.