cheroot.ssl.pyopenssl
module¶
A library for integrating pyOpenSSL with Cheroot.
The OpenSSL
module must be importable
for SSL/TLS/HTTPS functionality.
You can obtain it from here.
To use this module, set HTTPServer.ssl_adapter
to an instance of
ssl.Adapter
.
There are two ways to use TLS:
Method One¶
ssl_adapter.context
: an instance ofSSL.Context
.
If this is not None, it is assumed to be an SSL.Context
instance, and will be passed to
SSL.Connection
on bind().
The developer is responsible for forming a valid Context
object. This
approach is to be preferred for more flexibility, e.g. if the cert and
key are streams instead of files, or need decryption, or
SSL.SSLv3_METHOD
is desired instead of the default SSL.SSLv23_METHOD
, etc. Consult
the pyOpenSSL documentation for
complete options.
Method Two (shortcut)¶
ssl_adapter.certificate
: the file name of the server’s TLS certificate.
ssl_adapter.private_key
: the file name of the server’s private key file.
Both are None
by default. If ssl_adapter.context
is None
,
but .private_key
and .certificate
are both given and valid, they
will be read, and the context will be automatically created from them.
-
class
cheroot.ssl.pyopenssl.
SSLConnection
(*args)¶ Bases:
object
A thread-safe wrapper for an
SSL.Connection
.- Parameters
args (tuple) – the arguments to create the wrapped
SSL.Connection(*args)
-
accept
(*args)¶
-
bind
(*args)¶
-
close
(*args)¶
-
connect
(*args)¶
-
connect_ex
(*args)¶
-
property
family
¶
-
fileno
(*args)¶
-
get_app_data
(*args)¶
-
get_cipher_list
(*args)¶
-
get_context
(*args)¶
-
get_peer_certificate
(*args)¶
-
getpeername
(*args)¶
-
getsockname
(*args)¶
-
getsockopt
(*args)¶
-
gettimeout
(*args)¶
-
listen
(*args)¶
-
makefile
(*args)¶
-
pending
(*args)¶
-
read
(*args)¶
-
recv
(*args)¶
-
renegotiate
(*args)¶
-
send
(*args)¶
-
sendall
(*args)¶
-
set_accept_state
(*args)¶
-
set_app_data
(*args)¶
-
set_connect_state
(*args)¶
-
setblocking
(*args)¶
-
setsockopt
(*args)¶
-
settimeout
(*args)¶
-
shutdown
(*args)¶
-
sock_shutdown
(*args)¶
-
state_string
(*args)¶
-
want_read
(*args)¶
-
want_write
(*args)¶
-
write
(*args)¶
-
class
cheroot.ssl.pyopenssl.
SSLConnectionProxyMeta
(name, bases, nmspc)¶ Bases:
object
Metaclass for generating a bunch of proxy methods.
-
class
cheroot.ssl.pyopenssl.
SSLFileobjectMixin
¶ Bases:
object
Base mixin for a TLS socket stream.
-
readline
(size=- 1)¶ Receive message of a size from the socket.
Matches the following interface: https://docs.python.org/3/library/io.html#io.IOBase.readline
-
recv
(size)¶ Receive message of a size from the socket.
-
send
(*args, **kwargs)¶ Send some part of message to the socket.
-
sendall
(*args, **kwargs)¶ Send whole message to the socket.
-
ssl_retry
= 0.01¶
-
ssl_timeout
= 3¶
-
-
class
cheroot.ssl.pyopenssl.
SSLFileobjectStreamReader
(sock, mode='r', bufsize=8192)¶ Bases:
cheroot.ssl.pyopenssl.SSLFileobjectMixin
,cheroot.makefile.StreamReader
SSL file object attached to a socket object.
-
class
cheroot.ssl.pyopenssl.
SSLFileobjectStreamWriter
(sock, mode='w', bufsize=8192)¶ Bases:
cheroot.ssl.pyopenssl.SSLFileobjectMixin
,cheroot.makefile.StreamWriter
SSL file object attached to a socket object.
-
class
cheroot.ssl.pyopenssl.
pyOpenSSLAdapter
(certificate, private_key, certificate_chain=None, ciphers=None)¶ Bases:
cheroot.ssl.Adapter
A wrapper for integrating pyOpenSSL with Cheroot.
-
bind
(sock)¶ Wrap and return the given socket.
-
certificate
= None¶ The file name of the server’s TLS certificate.
-
certificate_chain
= None¶ Optional. The file name of CA’s intermediate certificate bundle.
This is needed for cheaper “chained root” TLS certificates, and should be left as
None
if not required.
-
ciphers
= None¶ The ciphers list of TLS.
-
context
= None¶ An instance of
SSL.Context
.
-
get_context
()¶ Return an
SSL.Context
from self attributes.Ref:
SSL.Context
-
get_environ
()¶ Return WSGI environ entries to be merged into each request.
-
makefile
(sock, mode='r', bufsize=- 1)¶ Return socket file object.
-
private_key
= None¶ The file name of the server’s private key file.
-
wrap
(sock)¶ Wrap and return the given socket, plus WSGI environ entries.
-