mirror of
https://github.com/python/cpython.git
synced 2025-07-25 12:14:38 +00:00
47b49bf6dc
svn+ssh://pythondev@svn.python.org/python/trunk
........
r57771 | thomas.wouters | 2007-08-30 23:54:39 +0200 (Thu, 30 Aug 2007) | 5 lines
Don't lie in __all__ attributes when SSL is not available: only add the SSL
classes when they are actually created.
........
r57620 | walter.doerwald | 2007-08-28 18:38:26 +0200 (Tue, 28 Aug 2007) | 5 lines
Fix title endtag in HTMLCalender.formatyearpage(). Fix documentation for
HTMLCalender.formatyearpage() (there's no themonth parameter).
This fixes issue1046.
........
r57622 | georg.brandl | 2007-08-28 20:54:44 +0200 (Tue, 28 Aug 2007) | 2 lines
Add a crasher for the thread-unsafety of file objects.
........
r57626 | skip.montanaro | 2007-08-29 01:22:52 +0200 (Wed, 29 Aug 2007) | 1 line
fixes 813986
........
r57628 | walter.doerwald | 2007-08-29 01:35:33 +0200 (Wed, 29 Aug 2007) | 2 lines
Fix test output.
........
r57631 | skip.montanaro | 2007-08-29 03:24:11 +0200 (Wed, 29 Aug 2007) | 2 lines
Install pygettext (once the scriptsinstall target is working again).
........
r57633 | skip.montanaro | 2007-08-29 03:33:45 +0200 (Wed, 29 Aug 2007) | 2 lines
Recent items.
........
r57650 | neal.norwitz | 2007-08-29 08:15:33 +0200 (Wed, 29 Aug 2007) | 1 line
Add Bill as a developer
........
r57651 | facundo.batista | 2007-08-29 12:28:28 +0200 (Wed, 29 Aug 2007) | 5 lines
Ignore test failures caused by 'resource temporarily unavailable'
exceptions raised during FailingServerTestCase tests.
[GSoC - Alan McIntyre]
........
r57680 | bill.janssen | 2007-08-30 00:35:05 +0200 (Thu, 30 Aug 2007) | 17 lines
This contains a number of things:
1) Improve the documentation of the SSL module, with a fuller
explanation of certificate usage, another reference, proper
formatting of this and that.
2) Fix Windows bug in ssl.py, and general bug in sslsocket.close().
Remove some unused code from ssl.py. Allow accept() to be called on
sslsocket sockets.
3) Use try-except-else in import of ssl in socket.py. Deprecate use of
socket.ssl().
4) Remove use of socket.ssl() in every library module, except for
test_socket_ssl.py and test_ssl.py.
........
r57714 | georg.brandl | 2007-08-30 12:09:42 +0200 (Thu, 30 Aug 2007) | 2 lines
Stronger urge to convert filenames to str before using them as argument to ZipFile.write().
........
r57716 | georg.brandl | 2007-08-30 12:38:56 +0200 (Thu, 30 Aug 2007) | 2 lines
Patch #1680959: add test suite for pipes module.
........
r57717 | georg.brandl | 2007-08-30 14:32:23 +0200 (Thu, 30 Aug 2007) | 3 lines
* Skip test_pipes on non-POSIX.
* Don't raise TestSkipped within a test function.
........
r57723 | mark.summerfield | 2007-08-30 17:03:03 +0200 (Thu, 30 Aug 2007) | 3 lines
Added more cross-references.
........
r57726 | walter.doerwald | 2007-08-30 17:30:09 +0200 (Thu, 30 Aug 2007) | 2 lines
Rewrap line.
........
r57727 | walter.doerwald | 2007-08-30 17:34:55 +0200 (Thu, 30 Aug 2007) | 2 lines
Set startinpos before calling the error handler.
........
r57730 | bill.janssen | 2007-08-30 19:07:28 +0200 (Thu, 30 Aug 2007) | 3 lines
Added docstrings to methods and functions.
........
r57743 | bill.janssen | 2007-08-30 20:08:06 +0200 (Thu, 30 Aug 2007) | 1 line
added note on new ssl module and deprecation of socket.ssl
........
r57747 | martin.v.loewis | 2007-08-30 20:14:01 +0200 (Thu, 30 Aug 2007) | 1 line
Fix popen usage.
........
r57748 | martin.v.loewis | 2007-08-30 20:15:22 +0200 (Thu, 30 Aug 2007) | 1 line
Fix typo.
........
r57750 | martin.v.loewis | 2007-08-30 20:25:47 +0200 (Thu, 30 Aug 2007) | 1 line
Bug #1746880: Correctly install DLLs into system32 folder on Win64.
........
r57760 | martin.v.loewis | 2007-08-30 21:04:09 +0200 (Thu, 30 Aug 2007) | 1 line
Bug #1709599: Run test_1565150 only if the file system is NTFS.
........
r57762 | martin.v.loewis | 2007-08-30 22:10:57 +0200 (Thu, 30 Aug 2007) | 2 lines
Bump autoconf minimum version to 2.61.
........
r57764 | lars.gustaebel | 2007-08-30 22:24:31 +0200 (Thu, 30 Aug 2007) | 2 lines
Warn about possible risks when extracting untrusted archives.
........
r57769 | thomas.wouters | 2007-08-30 23:01:17 +0200 (Thu, 30 Aug 2007) | 7 lines
Somewhat-preliminary slice-object and extended slicing support for ctypes.
The exact behaviour of omitted and negative indices for the Pointer type may
need a closer look (especially as it's subtly different from simple slices)
but there's time yet before 2.6, and not enough before 3.0a1 :-)
........
240 lines
7.7 KiB
Python
240 lines
7.7 KiB
Python
# Wrapper module for _ssl, providing some additional facilities
|
|
# implemented in Python. Written by Bill Janssen.
|
|
|
|
raise ImportError("ssl.py is temporarily out of order")
|
|
|
|
"""\
|
|
This module provides some more Pythonic support for SSL.
|
|
|
|
Object types:
|
|
|
|
sslsocket -- subtype of socket.socket which does SSL over the socket
|
|
|
|
Exceptions:
|
|
|
|
sslerror -- exception raised for I/O errors
|
|
|
|
Functions:
|
|
|
|
cert_time_to_seconds -- convert time string used for certificate
|
|
notBefore and notAfter functions to integer
|
|
seconds past the Epoch (the time values
|
|
returned from time.time())
|
|
|
|
fetch_server_certificate (HOST, PORT) -- fetch the certificate provided
|
|
by the server running on HOST at port PORT. No
|
|
validation of the certificate is performed.
|
|
|
|
Integer constants:
|
|
|
|
SSL_ERROR_ZERO_RETURN
|
|
SSL_ERROR_WANT_READ
|
|
SSL_ERROR_WANT_WRITE
|
|
SSL_ERROR_WANT_X509_LOOKUP
|
|
SSL_ERROR_SYSCALL
|
|
SSL_ERROR_SSL
|
|
SSL_ERROR_WANT_CONNECT
|
|
|
|
SSL_ERROR_EOF
|
|
SSL_ERROR_INVALID_ERROR_CODE
|
|
|
|
The following group define certificate requirements that one side is
|
|
allowing/requiring from the other side:
|
|
|
|
CERT_NONE - no certificates from the other side are required (or will
|
|
be looked at if provided)
|
|
CERT_OPTIONAL - certificates are not required, but if provided will be
|
|
validated, and if validation fails, the connection will
|
|
also fail
|
|
CERT_REQUIRED - certificates are required, and will be validated, and
|
|
if validation fails, the connection will also fail
|
|
|
|
The following constants identify various SSL protocol variants:
|
|
|
|
PROTOCOL_SSLv2
|
|
PROTOCOL_SSLv3
|
|
PROTOCOL_SSLv23
|
|
PROTOCOL_TLSv1
|
|
"""
|
|
|
|
import os, sys
|
|
|
|
import _ssl # if we can't import it, let the error propagate
|
|
from _ssl import sslerror
|
|
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
|
from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
|
from _ssl import \
|
|
SSL_ERROR_ZERO_RETURN, \
|
|
SSL_ERROR_WANT_READ, \
|
|
SSL_ERROR_WANT_WRITE, \
|
|
SSL_ERROR_WANT_X509_LOOKUP, \
|
|
SSL_ERROR_SYSCALL, \
|
|
SSL_ERROR_SSL, \
|
|
SSL_ERROR_WANT_CONNECT, \
|
|
SSL_ERROR_EOF, \
|
|
SSL_ERROR_INVALID_ERROR_CODE
|
|
|
|
from socket import socket
|
|
from socket import getnameinfo as _getnameinfo
|
|
|
|
|
|
class sslsocket (socket):
|
|
|
|
"""This class implements a subtype of socket.socket that wraps
|
|
the underlying OS socket in an SSL context when necessary, and
|
|
provides read and write methods over that channel."""
|
|
|
|
def __init__(self, sock, keyfile=None, certfile=None,
|
|
server_side=False, cert_reqs=CERT_NONE,
|
|
ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
|
socket.__init__(self, _sock=sock._sock)
|
|
if certfile and not keyfile:
|
|
keyfile = certfile
|
|
# see if it's connected
|
|
try:
|
|
socket.getpeername(self)
|
|
except:
|
|
# no, no connection yet
|
|
self._sslobj = None
|
|
else:
|
|
# yes, create the SSL object
|
|
self._sslobj = _ssl.sslwrap(self._sock, server_side,
|
|
keyfile, certfile,
|
|
cert_reqs, ssl_version, ca_certs)
|
|
self.keyfile = keyfile
|
|
self.certfile = certfile
|
|
self.cert_reqs = cert_reqs
|
|
self.ssl_version = ssl_version
|
|
self.ca_certs = ca_certs
|
|
|
|
def read(self, len=1024):
|
|
|
|
"""Read up to LEN bytes and return them.
|
|
Return zero-length string on EOF."""
|
|
|
|
return self._sslobj.read(len)
|
|
|
|
def write(self, data):
|
|
|
|
"""Write DATA to the underlying SSL channel. Returns
|
|
number of bytes of DATA actually transmitted."""
|
|
|
|
return self._sslobj.write(data)
|
|
|
|
def getpeercert(self):
|
|
|
|
"""Returns a formatted version of the data in the
|
|
certificate provided by the other end of the SSL channel.
|
|
Return None if no certificate was provided, {} if a
|
|
certificate was provided, but not validated."""
|
|
|
|
return self._sslobj.peer_certificate()
|
|
|
|
def send (self, data, flags=0):
|
|
if self._sslobj:
|
|
if flags != 0:
|
|
raise ValueError(
|
|
"non-zero flags not allowed in calls to send() on %s" %
|
|
self.__class__)
|
|
return self._sslobj.write(data)
|
|
else:
|
|
return socket.send(self, data, flags)
|
|
|
|
def send_to (self, data, addr, flags=0):
|
|
if self._sslobj:
|
|
raise ValueError("send_to not allowed on instances of %s" %
|
|
self.__class__)
|
|
else:
|
|
return socket.send_to(self, data, addr, flags)
|
|
|
|
def sendall (self, data, flags=0):
|
|
if self._sslobj:
|
|
if flags != 0:
|
|
raise ValueError(
|
|
"non-zero flags not allowed in calls to sendall() on %s" %
|
|
self.__class__)
|
|
return self._sslobj.write(data)
|
|
else:
|
|
return socket.sendall(self, data, flags)
|
|
|
|
def recv (self, buflen=1024, flags=0):
|
|
if self._sslobj:
|
|
if flags != 0:
|
|
raise ValueError(
|
|
"non-zero flags not allowed in calls to sendall() on %s" %
|
|
self.__class__)
|
|
return self._sslobj.read(data, buflen)
|
|
else:
|
|
return socket.recv(self, buflen, flags)
|
|
|
|
def recv_from (self, addr, buflen=1024, flags=0):
|
|
if self._sslobj:
|
|
raise ValueError("recv_from not allowed on instances of %s" %
|
|
self.__class__)
|
|
else:
|
|
return socket.recv_from(self, addr, buflen, flags)
|
|
|
|
def ssl_shutdown(self):
|
|
|
|
"""Shuts down the SSL channel over this socket (if active),
|
|
without closing the socket connection."""
|
|
|
|
if self._sslobj:
|
|
self._sslobj.shutdown()
|
|
self._sslobj = None
|
|
|
|
def shutdown(self, how):
|
|
self.ssl_shutdown()
|
|
socket.shutdown(self, how)
|
|
|
|
def close(self):
|
|
self.ssl_shutdown()
|
|
socket.close(self)
|
|
|
|
def connect(self, addr):
|
|
|
|
"""Connects to remote ADDR, and then wraps the connection in
|
|
an SSL channel."""
|
|
|
|
# Here we assume that the socket is client-side, and not
|
|
# connected at the time of the call. We connect it, then wrap it.
|
|
if self._sslobj:
|
|
raise ValueError("attempt to connect already-connected sslsocket!")
|
|
socket.connect(self, addr)
|
|
self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile,
|
|
self.cert_reqs, self.ssl_version,
|
|
self.ca_certs)
|
|
|
|
def accept(self):
|
|
|
|
"""Accepts a new connection from a remote client, and returns
|
|
a tuple containing that new connection wrapped with a server-side
|
|
SSL channel, and the address of the remote client."""
|
|
|
|
newsock, addr = socket.accept(self)
|
|
return (sslsocket(newsock, True, self.keyfile, self.certfile,
|
|
self.cert_reqs, self.ssl_version,
|
|
self.ca_certs), addr)
|
|
|
|
|
|
# some utility functions
|
|
|
|
def cert_time_to_seconds(cert_time):
|
|
|
|
"""Takes a date-time string in standard ASN1_print form
|
|
("MON DAY 24HOUR:MINUTE:SEC YEAR TIMEZONE") and return
|
|
a Python time value in seconds past the epoch."""
|
|
|
|
import time
|
|
return time.mktime(time.strptime(cert_time, "%b %d %H:%M:%S %Y GMT"))
|
|
|
|
# a replacement for the old socket.ssl function
|
|
|
|
def sslwrap_simple (sock, keyfile=None, certfile=None):
|
|
|
|
"""A replacement for the old socket.ssl function. Designed
|
|
for compability with Python 2.5 and earlier. Will disappear in
|
|
Python 3.0."""
|
|
|
|
return _ssl.sslwrap(sock._sock, 0, keyfile, certfile, CERT_NONE,
|
|
PROTOCOL_SSLv23, None)
|