cheroot.ssl.builtin module#

A library for integrating Python’s builtin ssl library with Cheroot.

The ssl module must be importable for SSL functionality.

To use this module, set HTTPServer.ssl_adapter to an instance of BuiltinSSLAdapter.

class cheroot.ssl.builtin.BuiltinSSLAdapter(certificate, private_key, certificate_chain=None, ciphers=None)#

Bases: cheroot.ssl.Adapter

Wrapper for integrating Python’s builtin ssl with Cheroot.

CERT_KEY_TO_ENV = {'issuer': 'I_DN', 'notAfter': 'V_END', 'notBefore': 'V_START', 'serialNumber': 'M_SERIAL', 'subject': 'S_DN', 'subjectAltName': 'SAN', 'version': 'M_VERSION'}#
CERT_KEY_TO_LDAP_CODE = {'commonName': 'CN', 'countryName': 'C', 'description': 'D', 'emailAddress': 'Email', 'givenName': 'G', 'initials': 'I', 'localityName': 'L', 'organizationName': 'O', 'organizationalUnitName': 'OU', 'stateOrProvinceName': 'ST', 'surname': 'S', 'title': 'T', 'userid': 'UID'}#
_abc_impl = <_abc._abc_data object>#
_make_env_cert_dict(env_prefix, parsed_cert)#

Return a dict of WSGI environment variables for a certificate.

E.g. SSL_CLIENT_M_VERSION, SSL_CLIENT_M_SERIAL, etc. See https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#envvars.

_make_env_dn_dict(env_prefix, cert_value)#

Return a dict of WSGI environment variables for a certificate DN.

E.g. SSL_CLIENT_S_DN_CN, SSL_CLIENT_S_DN_C, etc. See SSL_CLIENT_S_DN_x509 at https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#envvars.

_make_env_san_dict(env_prefix, cert_value)#

Return a dict of WSGI environment variables for a certificate DN.

E.g. SSL_CLIENT_SAN_Email_0, SSL_CLIENT_SAN_DNS_0, etc. See SSL_CLIENT_SAN_* at https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#envvars.

bind(sock)#

Wrap and return the given socket.

certificate = None#

The file name of the server SSL certificate.

certificate_chain = None#

The file name of the certificate chain file.

ciphers = None#

The ciphers list of SSL.

property context#

SSLContext that will be used to wrap sockets.

get_environ(sock)#

Create WSGI environ entries to be merged into each request.

makefile(sock, mode='r', bufsize=8192)#

Return socket file object.

private_key = None#

The file name of the server’s private key file.

wrap(sock)#

Wrap and return the given socket, plus WSGI environ entries.

cheroot.ssl.builtin._assert_ssl_exc_contains(exc, *msgs)#

Check whether SSL exception contains either of messages provided.

cheroot.ssl.builtin._loopback_for_cert(certificate, private_key, certificate_chain)#

Create a loopback connection to parse a cert with a private key.

cheroot.ssl.builtin._loopback_for_cert_thread(context, server)#

Wrap a socket in ssl and perform the server-side handshake.

cheroot.ssl.builtin._parse_cert(certificate, private_key, certificate_chain)#

Parse a certificate.

cheroot.ssl.builtin._sni_callback(sock, sni, context)#

Handle the SNI callback to tag the socket with the SNI.