cheroot.ssl.pyopenssl module¶
A library for integrating pyOpenSSL with Cheroot.
The OpenSSL
module must be importable
for SSL/TLS/HTTPS functionality.
You can obtain it from here.
To use this module, set HTTPServer.ssl_adapter
to an instance of
ssl.Adapter
.
There are two ways to use TLS:
Method One¶
ssl_adapter.context
: an instance ofSSL.Context
.
If this is not None, it is assumed to be an SSL.Context
instance, and will be passed to
SSL.Connection
on bind().
The developer is responsible for forming a valid Context
object. This
approach is to be preferred for more flexibility, e.g. if the cert and
key are streams instead of files, or need decryption, or
SSL.SSLv3_METHOD
is desired instead of the default SSL.SSLv23_METHOD
, etc. Consult
the pyOpenSSL documentation for
complete options.
Method Two (shortcut)¶
ssl_adapter.certificate
: the file name of the server’s TLS certificate.
ssl_adapter.private_key
: the file name of the server’s private key file.
Both are None
by default. If ssl_adapter.context
is None
,
but .private_key
and .certificate
are both given and valid, they
will be read, and the context will be automatically created from them.
- class cheroot.ssl.pyopenssl.SSLConnection(*args)¶
Bases:
object
A thread-safe wrapper for an
SSL.Connection
.- Parameters
args (tuple) – the arguments to create the wrapped
SSL.Connection(*args)
- accept(*args)¶
- bind(*args)¶
- close(*args)¶
- connect(*args)¶
- connect_ex(*args)¶
- property family¶
- fileno(*args)¶
- get_app_data(*args)¶
- get_cipher_list(*args)¶
- get_context(*args)¶
- get_peer_certificate(*args)¶
- getpeername(*args)¶
- getsockname(*args)¶
- getsockopt(*args)¶
- gettimeout(*args)¶
- listen(*args)¶
- makefile(*args)¶
- pending(*args)¶
- read(*args)¶
- recv(*args)¶
- renegotiate(*args)¶
- send(*args)¶
- sendall(*args)¶
- set_accept_state(*args)¶
- set_app_data(*args)¶
- set_connect_state(*args)¶
- setblocking(*args)¶
- setsockopt(*args)¶
- settimeout(*args)¶
- shutdown(*args)¶
- sock_shutdown(*args)¶
- state_string(*args)¶
- want_read(*args)¶
- want_write(*args)¶
- write(*args)¶
- class cheroot.ssl.pyopenssl.SSLConnectionProxyMeta(name, bases, nmspc)¶
Bases:
object
Metaclass for generating a bunch of proxy methods.
- class cheroot.ssl.pyopenssl.SSLFileobjectMixin¶
Bases:
object
Base mixin for a TLS socket stream.
- _safe_call(is_reader, call, *args, **kwargs)¶
Wrap the given call with TLS error-trapping.
is_reader: if False EOF errors will be raised. If True, EOF errors will return “” (to emulate normal sockets).
- readline(size=- 1)¶
Receive message of a size from the socket.
Matches the following interface: https://docs.python.org/3/library/io.html#io.IOBase.readline
- recv(size)¶
Receive message of a size from the socket.
- send(*args, **kwargs)¶
Send some part of message to the socket.
- sendall(*args, **kwargs)¶
Send whole message to the socket.
- ssl_retry = 0.01¶
- ssl_timeout = 3¶
- class cheroot.ssl.pyopenssl.SSLFileobjectStreamReader(sock, mode='r', bufsize=8192)¶
Bases:
cheroot.ssl.pyopenssl.SSLFileobjectMixin
,cheroot.makefile.StreamReader
SSL file object attached to a socket object.
- _abc_impl = <_abc._abc_data object>¶
- class cheroot.ssl.pyopenssl.SSLFileobjectStreamWriter(sock, mode='w', bufsize=8192)¶
Bases:
cheroot.ssl.pyopenssl.SSLFileobjectMixin
,cheroot.makefile.StreamWriter
SSL file object attached to a socket object.
- _abc_impl = <_abc._abc_data object>¶
- class cheroot.ssl.pyopenssl.pyOpenSSLAdapter(certificate, private_key, certificate_chain=None, ciphers=None)¶
Bases:
cheroot.ssl.Adapter
A wrapper for integrating pyOpenSSL with Cheroot.
- _abc_impl = <_abc._abc_data object>¶
- bind(sock)¶
Wrap and return the given socket.
- certificate = None¶
The file name of the server’s TLS certificate.
- certificate_chain = None¶
Optional. The file name of CA’s intermediate certificate bundle.
This is needed for cheaper “chained root” TLS certificates, and should be left as
None
if not required.
- ciphers = None¶
The ciphers list of TLS.
- context = None¶
An instance of
SSL.Context
.
- get_context()¶
Return an
SSL.Context
from self attributes.Ref:
SSL.Context
- get_environ()¶
Return WSGI environ entries to be merged into each request.
- makefile(sock, mode='r', bufsize=- 1)¶
Return socket file object.
- private_key = None¶
The file name of the server’s private key file.
- wrap(sock)¶
Wrap and return the given socket, plus WSGI environ entries.