mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-08 16:11:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 16

Issue #28025: Convert all ssl module constants to IntEnum and IntFlags.

Browse source
This commit is contained in:
Christian Heimes 2016-09-10 00:19:35 +02:00
parent 0c6ab35f3e
commit 3aeacad561
3 changed files with 115 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

51
Doc/library/ssl.rst
View file

@ -515,6 +515,10 @@ Certificate handling
Constants Constants
^^^^^^^^^ ^^^^^^^^^
All constants are now :class:`enum.IntEnum` or :class:`enum.IntFlag` collections.
.. versionadded:: 3.6
.. data:: CERT_NONE .. data:: CERT_NONE
Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs`` Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs``
@ -548,6 +552,12 @@ Constants
be passed, either to :meth:`SSLContext.load_verify_locations` or as a be passed, either to :meth:`SSLContext.load_verify_locations` or as a
value of the ``ca_certs`` parameter to :func:`wrap_socket`. value of the ``ca_certs`` parameter to :func:`wrap_socket`.
.. class:: VerifyMode
:class:`enum.IntEnum` collection of CERT_* constants.
.. versionadded:: 3.6
.. data:: VERIFY_DEFAULT .. data:: VERIFY_DEFAULT
Possible value for :attr:`SSLContext.verify_flags`. In this mode, certificate Possible value for :attr:`SSLContext.verify_flags`. In this mode, certificate
@ -588,6 +598,12 @@ Constants
.. versionadded:: 3.4.4 .. versionadded:: 3.4.4
.. class:: VerifyFlags
:class:`enum.IntFlag` collection of VERIFY_* constants.
.. versionadded:: 3.6
.. data:: PROTOCOL_TLS .. data:: PROTOCOL_TLS
Selects the highest protocol version that both the client and server support. Selects the highest protocol version that both the client and server support.
@ -757,6 +773,12 @@ Constants
.. versionadded:: 3.3 .. versionadded:: 3.3
.. class:: Options
:class:`enum.IntFlag` collection of OP_* constants.
.. versionadded:: 3.6
.. data:: HAS_ALPN .. data:: HAS_ALPN
Whether the OpenSSL library has built-in support for the *Application-Layer Whether the OpenSSL library has built-in support for the *Application-Layer
@ -839,6 +861,12 @@ Constants
.. versionadded:: 3.4 .. versionadded:: 3.4
.. class:: AlertDescription
:class:`enum.IntEnum` collection of ALERT_DESCRIPTION_* constants.
.. versionadded:: 3.6
.. data:: Purpose.SERVER_AUTH .. data:: Purpose.SERVER_AUTH
Option for :func:`create_default_context` and Option for :func:`create_default_context` and
@ -857,6 +885,12 @@ Constants
.. versionadded:: 3.4 .. versionadded:: 3.4
.. class:: SSLErrorNumber
:class:`enum.IntEnum` collection of SSL_ERROR_* constants.
.. versionadded:: 3.6
SSL Sockets SSL Sockets
----------- -----------
@ -1540,6 +1574,12 @@ to speed up repeated connections from the same clients.
to set options, not to clear them. Attempting to clear an option to set options, not to clear them. Attempting to clear an option
(by resetting the corresponding bits) will raise a ``ValueError``. (by resetting the corresponding bits) will raise a ``ValueError``.
.. versionchanged:: 3.6
:attr:`SSLContext.options` returns :class:`Options` flags:
>>> ssl.create_default_context().options
<Options.OP_ALL|OP_NO_SSLv3|OP_NO_SSLv2|OP_NO_COMPRESSION: 2197947391>
.. attribute:: SSLContext.protocol .. attribute:: SSLContext.protocol
The protocol version chosen when constructing the context. This attribute The protocol version chosen when constructing the context. This attribute
@ -1554,12 +1594,23 @@ to speed up repeated connections from the same clients.
.. versionadded:: 3.4 .. versionadded:: 3.4
.. versionchanged:: 3.6
:attr:`SSLContext.verify_flags` returns :class:`VerifyFlags` flags:
>>> ssl.create_default_context().verify_flags
<VerifyFlags.VERIFY_X509_TRUSTED_FIRST: 32768>
.. attribute:: SSLContext.verify_mode .. attribute:: SSLContext.verify_mode
Whether to try to verify other peers' certificates and how to behave Whether to try to verify other peers' certificates and how to behave
if verification fails. This attribute must be one of if verification fails. This attribute must be one of
:data:`CERT_NONE`, :data:`CERT_OPTIONAL` or :data:`CERT_REQUIRED`. :data:`CERT_NONE`, :data:`CERT_OPTIONAL` or :data:`CERT_REQUIRED`.
.. versionchanged:: 3.6
:attr:`SSLContext.verify_mode` returns :class:`VerifyMode` enum:
>>> ssl.create_default_context().verify_mode
<VerifyMode.CERT_REQUIRED: 2>
.. index:: single: certificates .. index:: single: certificates

80
Lib/ssl.py
View file

@ -94,7 +94,7 @@ import re
import sys import sys
import os import os
from collections import namedtuple from collections import namedtuple
from enum import Enum as _Enum, IntEnum as _IntEnum from enum import Enum as _Enum, IntEnum as _IntEnum, IntFlag as _IntFlag
import _ssl # if we can't import it, let the error propagate import _ssl # if we can't import it, let the error propagate
@ -104,7 +104,6 @@ from _ssl import (
SSLError, SSLZeroReturnError, SSLWantReadError, SSLWantWriteError, SSLError, SSLZeroReturnError, SSLWantReadError, SSLWantWriteError,
SSLSyscallError, SSLEOFError, SSLSyscallError, SSLEOFError,
) )
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
try: try:
@ -113,32 +112,47 @@ except ImportError:
# LibreSSL does not provide RAND_egd # LibreSSL does not provide RAND_egd
pass pass
def _import_symbols(prefix):
for n in dir(_ssl):
if n.startswith(prefix):
globals()[n] = getattr(_ssl, n)
_import_symbols('OP_')
_import_symbols('ALERT_DESCRIPTION_')
_import_symbols('SSL_ERROR_')
_import_symbols('VERIFY_')
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN
from _ssl import _OPENSSL_API_VERSION from _ssl import _OPENSSL_API_VERSION
_IntEnum._convert( _IntEnum._convert(
'_SSLMethod', __name__, '_SSLMethod', __name__,
lambda name: name.startswith('PROTOCOL_') and name != 'PROTOCOL_SSLv23', lambda name: name.startswith('PROTOCOL_') and name != 'PROTOCOL_SSLv23',
source=_ssl) source=_ssl)
_IntFlag._convert(
'Options', __name__,
lambda name: name.startswith('OP_'),
source=_ssl)
_IntEnum._convert(
'AlertDescription', __name__,
lambda name: name.startswith('ALERT_DESCRIPTION_'),
source=_ssl)
_IntEnum._convert(
'SSLErrorNumber', __name__,
lambda name: name.startswith('SSL_ERROR_'),
source=_ssl)
_IntFlag._convert(
'VerifyFlags', __name__,
lambda name: name.startswith('VERIFY_'),
source=_ssl)
_IntEnum._convert(
'VerifyMode', __name__,
lambda name: name.startswith('CERT_'),
source=_ssl)
PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_TLS PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_TLS
_PROTOCOL_NAMES = {value: name for name, value in _SSLMethod.__members__.items()} _PROTOCOL_NAMES = {value: name for name, value in _SSLMethod.__members__.items()}
try: _SSLv2_IF_EXISTS = getattr(_SSLMethod, 'PROTOCOL_SSLv2', None)
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2
except NameError:
_SSLv2_IF_EXISTS = None
if sys.platform == "win32": if sys.platform == "win32":
from _ssl import enum_certificates, enum_crls from _ssl import enum_certificates, enum_crls
@ -434,6 +448,34 @@ class SSLContext(_SSLContext):
self._load_windows_store_certs(storename, purpose) self._load_windows_store_certs(storename, purpose)
self.set_default_verify_paths() self.set_default_verify_paths()
@property
def options(self):
return Options(super().options)
@options.setter
def options(self, value):
super(SSLContext, SSLContext).options.__set__(self, value)
@property
def verify_flags(self):
return VerifyFlags(super().verify_flags)
@verify_flags.setter
def verify_flags(self, value):
super(SSLContext, SSLContext).verify_flags.__set__(self, value)
@property
def verify_mode(self):
value = super().verify_mode
try:
return VerifyMode(value)
except ValueError:
return value
@verify_mode.setter
def verify_mode(self, value):
super(SSLContext, SSLContext).verify_mode.__set__(self, value)
def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
capath=None, cadata=None): capath=None, cadata=None):

3
Misc/NEWS
View file

@ -122,6 +122,9 @@ Core and Builtins
Library Library
------- -------
- Issue #28025: Convert all ssl module constants to IntEnum and IntFlags.
SSLContext properties now return flags and enums.
- Issue #433028: Added support of modifier spans in regular expressions. - Issue #433028: Added support of modifier spans in regular expressions.
- Issue #24594: Validates persist parameter when opening MSI database - Issue #24594: Validates persist parameter when opening MSI database