cheroot.ssl.pyopenssl module#
A library for integrating pyOpenSSL with Cheroot.
The OpenSSL module must be importable
for SSL/TLS/HTTPS functionality.
You can obtain it from here.
To use this module, set HTTPServer.ssl_adapter to an instance of
ssl.Adapter.
There are two ways to use TLS:
Method One#
ssl_adapter.context: an instance ofSSL.Context.
If this is not None, it is assumed to be an SSL.Context instance, and will be passed to
SSL.Connection on bind().
The developer is responsible for forming a valid Context object. This
approach is to be preferred for more flexibility, e.g. if the cert and
key are streams instead of files, or need decryption, or
SSL.SSLv3_METHOD
is desired instead of the default SSL.SSLv23_METHOD, etc. Consult
the pyOpenSSL documentation for
complete options.
Method Two (shortcut)#
ssl_adapter.certificate: the file name of the server’s TLS certificate.
ssl_adapter.private_key: the file name of the server’s private key file.
Both are None by default. If ssl_adapter.context is None,
but .private_key and .certificate are both given and valid, they
will be read, and the context will be automatically created from them.
- class cheroot.ssl.pyopenssl.SSLConnection(*args)#
Bases:
objectA compatibility wrapper around pyOpenSSL’s SSL.Connection.
This class exists primarily to ensure the standard Python socket method ` shutdown(how=None)` is available for interface compatibility..
- shutdown(how=None)#
Shutdown the SSL connection.
how: Ignored. PyOpenSSL’s shutdown() method does not accept any arguments. Present here for interface compatibility with Python socket.shutdown(how).
- class cheroot.ssl.pyopenssl.SSLFileobjectMixin#
Bases:
objectBase mixin for a TLS socket stream.
- _safe_call(is_reader, call, *args, **kwargs)#
Wrap the given call with TLS error-trapping.
is_reader: if False EOF errors will be raised. If True, EOF errors will return “” (to emulate normal sockets).
- readline(size=-1)#
Receive message of a size from the socket.
Matches the following interface: https://docs.python.org/3/library/io.html#io.IOBase.readline
- recv(size)#
Receive message of a size from the socket.
- send(*args, **kwargs)#
Send some part of message to the socket.
- sendall(*args, **kwargs)#
Send whole message to the socket.
- ssl_retry = 0.01#
- ssl_timeout = 3#
- class cheroot.ssl.pyopenssl.SSLFileobjectStreamReader(sock, mode='r', bufsize=8192)#
Bases:
SSLFileobjectMixin,StreamReaderSSL file object attached to a socket object.
- _abc_impl = <_abc._abc_data object>#
- class cheroot.ssl.pyopenssl.SSLFileobjectStreamWriter(sock, mode='w', bufsize=8192)#
Bases:
SSLFileobjectMixin,StreamWriterSSL file object attached to a socket object.
- _abc_impl = <_abc._abc_data object>#
- class cheroot.ssl.pyopenssl.pyOpenSSLAdapter(certificate, private_key, certificate_chain=None, ciphers=None, *, private_key_password=None)#
Bases:
AdapterA wrapper for integrating pyOpenSSL.
- _abc_impl = <_abc._abc_data object>#
- _password_callback(password_max_length, _verify_twice, password, /)#
Pass a passphrase to password protected private key.
- bind(sock)#
Wrap and return the given socket.
- certificate = None#
The file name of the server’s TLS certificate.
- certificate_chain = None#
Optional. The file name of CA’s intermediate certificate bundle.
This is needed for cheaper “chained root” TLS certificates, and should be left as
Noneif not required.
- ciphers = None#
The ciphers list of TLS.
- context = None#
An instance of
SSL.Context.
- get_context()#
Return an
SSL.Contextfrom self attributes.Ref:
SSL.Context
- get_environ()#
Return WSGI environ entries to be merged into each request.
- makefile(sock, mode='r', bufsize=-1)#
Return socket file object.
- private_key = None#
The file name of the server’s private key file.
- private_key_password = None#
Optional passphrase for password protected private key.
- wrap(sock)#
Wrap and return the given socket, plus WSGI environ entries.