cheroot.ssl.pyopenssl module

A library for integrating pyOpenSSL with Cheroot.

The OpenSSL module must be importable for SSL/TLS/HTTPS functionality. You can obtain it from here.

To use this module, set HTTPServer.ssl_adapter to an instance of ssl.Adapter. There are two ways to use TLS:

Method One

If this is not None, it is assumed to be an SSL.Context instance, and will be passed to SSL.Connection on bind(). The developer is responsible for forming a valid Context object. This approach is to be preferred for more flexibility, e.g. if the cert and key are streams instead of files, or need decryption, or SSL.SSLv3_METHOD is desired instead of the default SSL.SSLv23_METHOD, etc. Consult the pyOpenSSL documentation for complete options.

Method Two (shortcut)

Both are None by default. If ssl_adapter.context is None, but .private_key and .certificate are both given and valid, they will be read, and the context will be automatically created from them.

class cheroot.ssl.pyopenssl.SSLConnection(*args)

Bases: object

A thread-safe wrapper for an SSL.Connection.

Parameters

args (tuple) – the arguments to create the wrapped SSL.Connection(*args)

accept(*args)
bind(*args)
close(*args)
connect(*args)
connect_ex(*args)
property family
fileno(*args)
get_app_data(*args)
get_cipher_list(*args)
get_context(*args)
get_peer_certificate(*args)
getpeername(*args)
getsockname(*args)
getsockopt(*args)
gettimeout(*args)
listen(*args)
makefile(*args)
pending(*args)
read(*args)
recv(*args)
renegotiate(*args)
send(*args)
sendall(*args)
set_accept_state(*args)
set_app_data(*args)
set_connect_state(*args)
setblocking(*args)
setsockopt(*args)
settimeout(*args)
shutdown(*args)
sock_shutdown(*args)
state_string(*args)
want_read(*args)
want_write(*args)
write(*args)
class cheroot.ssl.pyopenssl.SSLConnectionProxyMeta(name, bases, nmspc)

Bases: object

Metaclass for generating a bunch of proxy methods.

class cheroot.ssl.pyopenssl.SSLFileobjectMixin

Bases: object

Base mixin for a TLS socket stream.

_safe_call(is_reader, call, *args, **kwargs)

Wrap the given call with TLS error-trapping.

is_reader: if False EOF errors will be raised. If True, EOF errors will return “” (to emulate normal sockets).

readline(size=- 1)

Receive message of a size from the socket.

Matches the following interface: https://docs.python.org/3/library/io.html#io.IOBase.readline

recv(size)

Receive message of a size from the socket.

send(*args, **kwargs)

Send some part of message to the socket.

sendall(*args, **kwargs)

Send whole message to the socket.

ssl_retry = 0.01
ssl_timeout = 3
class cheroot.ssl.pyopenssl.SSLFileobjectStreamReader(sock, mode='r', bufsize=8192)

Bases: cheroot.ssl.pyopenssl.SSLFileobjectMixin, cheroot.makefile.StreamReader

SSL file object attached to a socket object.

_abc_impl = <_abc._abc_data object>
class cheroot.ssl.pyopenssl.SSLFileobjectStreamWriter(sock, mode='w', bufsize=8192)

Bases: cheroot.ssl.pyopenssl.SSLFileobjectMixin, cheroot.makefile.StreamWriter

SSL file object attached to a socket object.

_abc_impl = <_abc._abc_data object>
class cheroot.ssl.pyopenssl.pyOpenSSLAdapter(certificate, private_key, certificate_chain=None, ciphers=None)

Bases: cheroot.ssl.Adapter

A wrapper for integrating pyOpenSSL with Cheroot.

_abc_impl = <_abc._abc_data object>
bind(sock)

Wrap and return the given socket.

certificate = None

The file name of the server’s TLS certificate.

certificate_chain = None

Optional. The file name of CA’s intermediate certificate bundle.

This is needed for cheaper “chained root” TLS certificates, and should be left as None if not required.

ciphers = None

The ciphers list of TLS.

context = None

An instance of SSL.Context.

get_context()

Return an SSL.Context from self attributes.

Ref: SSL.Context

get_environ()

Return WSGI environ entries to be merged into each request.

makefile(sock, mode='r', bufsize=- 1)

Return socket file object.

private_key = None

The file name of the server’s private key file.

wrap(sock)

Wrap and return the given socket, plus WSGI environ entries.