def connect(self, addr):
"""Connects to remote ADDR, and then wraps the connection in
an SSL channel."""
# Here we assume that the socket is client-side, and not
# connected at the time of the call. We connect it, then wrap it.
if self._sslobj:
raise ValueError("attempt to connect already-connected SSLSocket!")
socket.connect(self, addr)
self._sslobj = _forge_ssl.sslwrap(self._sock, False, self.keyfile,
self.certfile, self.cert_reqs,
self.ssl_version,
self.sess_cache_mode,
self.sess_id_ctx, self.ca_certs)
if self.do_handshake_on_connect:
self.do_handshake()
def connect(self, addr):
"""Connects to remote ADDR, and then wraps the connection in
an SSL channel."""
# Here we assume that the socket is client-side, and not
# connected at the time of the call. We connect it, then wrap it.
if self._sslobj:
raise ValueError("attempt to connect already-connected SSLSocket!")
socket.connect(self, addr)
self._sslobj = _forge_ssl.sslwrap(self._sock, False,
self.keyfile, self.certfile,
self.cert_reqs, self.ssl_version,
self.sess_cache_mode,
self.sess_id_ctx,
self.ca_certs)
if self.do_handshake_on_connect:
self.do_handshake()
def sslwrap_simple(sock, keyfile=None, certfile=None):
"""A replacement for the old socket.ssl function. Designed
for compability with Python 2.5 and earlier. Will disappear in
Python 3.0."""
if hasattr(sock, "_sock"):
sock = sock._sock
ssl_sock = _forge_ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE,
PROTOCOL_SSLv23, SESS_CACHE_SERVER, None,
None)
try:
sock.getpeername()
except:
# no, no connection yet
pass
else:
# yes, do the handshake
ssl_sock.do_handshake()
return ssl_sock
def sslwrap_simple(sock, keyfile=None, certfile=None):
"""A replacement for the old socket.ssl function. Designed
for compability with Python 2.5 and earlier. Will disappear in
Python 3.0."""
if hasattr(sock, "_sock"):
sock = sock._sock
ssl_sock = _forge_ssl.sslwrap(sock, 0, keyfile, certfile,
CERT_NONE, PROTOCOL_SSLv23,
SESS_CACHE_SERVER, None, None)
try:
sock.getpeername()
except:
# no, no connection yet
pass
else:
# yes, do the handshake
ssl_sock.do_handshake()
return ssl_sock
class SSLSocket(socket):
"""This class implements a subtype of socket.socket that wraps
the underlying OS socket in an SSL context when necessary, and
provides read and write methods over that channel."""
def __init__(self,
parent_socket,
sock,
keyfile=None,
certfile=None,
server_side=False,
cert_reqs=CERT_NONE,
ssl_version=PROTOCOL_SSLv23,
sess_cache_mode=SESS_CACHE_SERVER,
sess_id_ctx=None,
ca_certs=None,
do_handshake_on_connect=True,
suppress_ragged_eofs=True):
socket.__init__(self, _sock=sock._sock)
# The initializer for socket overrides the methods send(), recv(), etc.
# in the instancce, which we don't need -- but we want to provide the
# methods defined in SSLSocket.
for attr in _delegate_methods:
try:
delattr(self, attr)
except AttributeError:
pass
if certfile and not keyfile:
keyfile = certfile
create = True
connected = False
if not server_side:
# see if it's connected
try:
socket.getpeername(self)
connected = True
except socket_error, e:
if e.errno != errno.ENOTCONN:
raise
# no, no connection yet
self._sslobj = None
create = False
if create:
# yes, create the SSL object
if parent_socket == None:
self._sslobj = _forge_ssl.sslwrap(self._sock, server_side,
keyfile, certfile, cert_reqs,
ssl_version, sess_cache_mode,
sess_id_ctx, ca_certs)
else:
self._sslobj = parent_socket._sslobj.wrap_accepted(self._sock)
if connected and do_handshake_on_connect:
self.do_handshake()
self.keyfile = keyfile
self.certfile = certfile
self.cert_reqs = cert_reqs
self.ssl_version = ssl_version
self.sess_cache_mode = sess_cache_mode
self.sess_id_ctx = sess_id_ctx
self.ca_certs = ca_certs
self.do_handshake_on_connect = do_handshake_on_connect
self.suppress_ragged_eofs = suppress_ragged_eofs
self._makefile_refs = 0
