def f(*args, **kwargs): try: s = socket.socket(socket.AF_INET) _ssl.sslwrap(s._sock, 0, None, None, ssl.CERT_NONE, ssl.PROTOCOL_SSLv2, None, None) except ssl.SSLError as e: if ( ssl.OPENSSL_VERSION_INFO == (0, 9, 8, 15, 15) and platform.linux_distribution() == ("debian", "squeeze/sid", "") and "Invalid SSL protocol variant specified" in str(e) ): raise unittest.SkipTest("Patched Ubuntu OpenSSL breaks behaviour") return func(*args, **kwargs)
def test_SSLType_server(self): #--Positive s = socket.socket(socket.AF_INET) s.connect((SSL_URL, SSL_PORT)) ssl_s = real_ssl.sslwrap(s._sock, False) self.assertEqual(ssl_s.server(), '') #http://ironpython.codeplex.com/WorkItem/View.aspx?WorkItemId=24281 ssl_s.do_handshake() if is_cli: #Incompat, but a good one at that self.assertTrue("Returns a string that describes the issuer of the server's certificate" in ssl_s.issuer.__doc__) else: self.assertEqual(ssl_s.server.__doc__, None) server = ssl_s.server() #If we can get the server once, we should be able to do it again self.assertEqual(server, ssl_s.server()) self.assertTrue(SSL_SERVER in server) #--Negative self.assertRaisesMessage(TypeError, "server() takes no arguments (1 given)", ssl_s.server, None) self.assertRaisesMessage(TypeError, "server() takes no arguments (1 given)", ssl_s.server, 1) self.assertRaisesMessage(TypeError, "server() takes no arguments (2 given)", ssl_s.server, 3.14, "abc") #Cleanup ssl_s.shutdown() s.close()
def wrap_bio(ctx, incoming, outgoing, server_side=False, server_hostname=None): """Create a new SSL protocol instance from a context and a BIO pair.""" if hasattr(ctx, 'wrap_bio'): # Python 3.5 return ctx.wrap_bio(incoming, outgoing, server_side, server_hostname) # Allocate a single global dummy socket to wrap on Python < 3.5 global _sock if _sock is None: _sock = get_dummy_socket() if hasattr(ctx, '_wrap_socket'): # Python 2.7.9+, Python 3.x sslobj = ctx._wrap_socket(_sock, server_side, server_hostname) else: # Python 2.7.x, x <= 8 # # We need to do some magic to support anonymous DH authentication. Anon # DH doesn't need a certfile and a keyfile, but the Python 2.x # _ssl.sslwrap raises an exception if these are absent for server side # sockets. So the workaround is to create the socket as a client-side # socket and then flip it afterwards if needed. sslobj = _ssl.sslwrap(_sock, False, *ctx._ssl_args) if ctx._dh_params: _sslcompat.load_dh_params(sslobj, ctx._dh_params) if server_side: _sslcompat.set_accept_state(sslobj) _sslcompat.set_options(sslobj, ctx._options) if server_hostname: _sslcompat.set_tlsext_host_name(server_hostname) _sslcompat.set_bio(sslobj, incoming, outgoing) pyobj = SSLObject(sslobj, ctx, server_side, server_hostname) return pyobj
def __init__(self, sock, keyfile = None, certfile = None, server_side = False, cert_reqs = CERT_NONE, ssl_version = PROTOCOL_SSLv23, ca_certs = None, do_handshake_on_connect = True, suppress_ragged_eofs = True, ciphers = None): socket.__init__(self, _sock=sock._sock) for attr in _delegate_methods: try: delattr(self, attr) except AttributeError: pass if certfile and not keyfile: keyfile = certfile try: socket.getpeername(self) except socket_error as e: if e.errno != errno.ENOTCONN: raise self._sslobj = None else: self._sslobj = _ssl.sslwrap(self._sock, server_side, keyfile, certfile, cert_reqs, ssl_version, ca_certs, ciphers) if do_handshake_on_connect: self.do_handshake() self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.ca_certs = ca_certs self.ciphers = ciphers self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs self._makefile_refs = 0
def test_SSLType_issuer(): #--Positive s = socket.socket(socket.AF_INET) s.connect((SSL_URL, SSL_PORT)) ssl_s = real_ssl.sslwrap(s._sock, False) AreEqual(ssl_s.issuer( ), '') #http://ironpython.codeplex.com/WorkItem/View.aspx?WorkItemId=24281 ssl_s.do_handshake() if is_cpython: AreEqual(ssl_s.issuer.__doc__, None) else: #Incompat, but a good one at that Assert( "Returns a string that describes the issuer of the server's certificate" in ssl_s.issuer.__doc__) issuer = ssl_s.issuer() #If we can get the issuer once, we should be able to do it again AreEqual(issuer, ssl_s.issuer()) Assert(SSL_ISSUER in issuer) #--Negative AssertErrorWithMessage(TypeError, "issuer() takes no arguments (1 given)", ssl_s.issuer, None) AssertErrorWithMessage(TypeError, "issuer() takes no arguments (1 given)", ssl_s.issuer, 1) AssertErrorWithMessage(TypeError, "issuer() takes no arguments (2 given)", ssl_s.issuer, 3.14, "abc") #Cleanup if is_cpython: pass #ssl_s.shutdown() #Too slow s.close()
def connect(self, addr): if self._sslobj: raise ValueError('attempt to connect already-connected SSLSocket!') socket.connect(self, addr) self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs, self.ciphers) if self.do_handshake_on_connect: self.do_handshake()
def test_SSLType_read_and_write(): #--Positive s = socket.socket(socket.AF_INET) s.connect((SSL_URL, SSL_PORT)) ssl_s = real_ssl.sslwrap(s._sock, False) ssl_s.do_handshake() if is_cpython: Assert( "Writes the string s into the SSL object" in ssl_s.write.__doc__) Assert( "Read up to len bytes from the SSL socket" in ssl_s.read.__doc__) else: #Incompat, but we can live with this Assert("Writes the string s through the SSL connection" in ssl_s.write.__doc__) Assert("If n is present, reads up to n bytes from the SSL connection" in ssl_s.read.__doc__) #Write AreEqual(ssl_s.write(SSL_REQUEST), len(SSL_REQUEST)) #Read AreEqual(ssl_s.read(4).lower(), "http") response = ssl_s.read(5000) Assert(SSL_RESPONSE in response) #Cleanup if is_cpython: pass #ssl_s.shutdown() #Too slow s.close()
def test_SSLType_read_and_write(self): #--Positive s = socket.socket(socket.AF_INET) s.connect((SSL_URL, SSL_PORT)) ssl_s = _ssl.sslwrap(s, False) ssl_s.do_handshake() self.assertIn("Writes the string s into the SSL object.", ssl_s.write.__doc__) self.assertIn("Read up to len bytes from the SSL socket.", ssl_s.read.__doc__) #Write self.assertEqual(ssl_s.write(SSL_REQUEST), len(SSL_REQUEST)) #Read self.assertEqual(ssl_s.read(4).lower(), b"http") max_response_length = 5000 response = b'' while len(response) < max_response_length: r = ssl_s.read(max_response_length - len(response)) if not r: break response += r self.assertIn(SSL_RESPONSE, response) #Cleanup ssl_s.shutdown() s.close()
def test_SSLType_issuer(): #--Positive s = socket.socket(socket.AF_INET) s.connect((SSL_URL, SSL_PORT)) ssl_s = real_ssl.sslwrap(s._sock, False) AreEqual(ssl_s.issuer(), '') #http://ironpython.codeplex.com/WorkItem/View.aspx?WorkItemId=24281 ssl_s.do_handshake() if is_cpython: AreEqual(ssl_s.issuer.__doc__, None) else: #Incompat, but a good one at that Assert("Returns a string that describes the issuer of the server's certificate" in ssl_s.issuer.__doc__) issuer = ssl_s.issuer() #If we can get the issuer once, we should be able to do it again AreEqual(issuer, ssl_s.issuer()) Assert(SSL_ISSUER in issuer) #--Negative AssertErrorWithMessage(TypeError, "issuer() takes no arguments (1 given)", ssl_s.issuer, None) AssertErrorWithMessage(TypeError, "issuer() takes no arguments (1 given)", ssl_s.issuer, 1) AssertErrorWithMessage(TypeError, "issuer() takes no arguments (2 given)", ssl_s.issuer, 3.14, "abc") #Cleanup if is_cpython: pass #ssl_s.shutdown() #Too slow s.close()
def test_SSLType_read_and_write(): #--Positive s = socket.socket(socket.AF_INET) s.connect((SSL_URL, SSL_PORT)) ssl_s = real_ssl.sslwrap(s._sock, False) ssl_s.do_handshake() if is_cpython: Assert("Writes the string s into the SSL object" in ssl_s.write.__doc__) Assert("Read up to len bytes from the SSL socket" in ssl_s.read.__doc__) else: #Incompat, but we can live with this Assert("Writes the string s through the SSL connection" in ssl_s.write.__doc__) Assert("If n is present, reads up to n bytes from the SSL connection" in ssl_s.read.__doc__) #Write AreEqual(ssl_s.write(SSL_REQUEST), len(SSL_REQUEST)) #Read AreEqual(ssl_s.read(4).lower(), "http") response = ssl_s.read(5000) Assert(SSL_RESPONSE in response) #Cleanup if is_cpython: pass #ssl_s.shutdown() #Too slow s.close()
def _real_connect(self, addr, return_errno): # Here we assume that the socket is client-side, and not # connected at the time of the call. We connect it, then wrap it. if self._connected: raise ValueError("attempt to connect already-connected SSLSocket!") self._sslobj = _ssl.sslwrap( self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs, self.ciphers, ) try: socket.connect(self, addr) if self.do_handshake_on_connect: self.do_handshake() except socket_error as e: if return_errno: return e.errno else: self._sslobj = None raise e self._connected = True return 0
def test_async_closed(self): import _ssl, _socket s = _socket.socket() s.settimeout(3) ss = _ssl.sslwrap(s, 0) s.close() exc = raises(_ssl.SSLError, ss.write, "data") assert exc.value.strerror == "Underlying socket has been closed."
def handle_connect(self): self.socket._sslobj = _ssl.sslwrap( self.socket._sock, False, self.socket.keyfile, self.socket.certfile, self.socket.cert_reqs, self.socket.ssl_version, self.socket.ca_certs ) self.socket.getpeername() self._do_handshake()
def test_async_closed(self): import _ssl, _socket, gc s = _socket.socket() s.settimeout(3) ss = _ssl.sslwrap(s, 0) s.close() exc = raises(_ssl.SSLError, ss.write, "data") assert exc.value.strerror == "Underlying socket has been closed." del exc, ss, s gc.collect() # force the destructor() to be called now
def sslwrap_simple (sock, keyfile=None, certfile=None): """A replacement for the old socket.ssl function. Designed for compability with Python 2.5 and earlier. Will disappear in Python 3.0.""" ssl_sock = _ssl.sslwrap(sock._sock, 0, keyfile, certfile, CERT_NONE, PROTOCOL_SSLv23, None) ssl_sock.do_handshake() return ssl_sock
def __init__(self, sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version=PROTOCOL_SSLv23, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None, server_hostname=None): socket.__init__(self, _sock=sock._sock) # The initializer for socket overrides the methods send(), recv(), etc. # in the instancce, which we don't need -- but we want to provide the # methods defined in SSLSocket. for attr in _delegate_methods: try: delattr(self, attr) except AttributeError: pass if ciphers is None and ssl_version != _SSLv2_IF_EXISTS: ciphers = _DEFAULT_CIPHERS if certfile and not keyfile: keyfile = certfile # see if it's connected try: socket.getpeername(self) except socket_error as e: if e.errno != errno.ENOTCONN: raise # no, no connection yet self._connected = False self._sslobj = None else: # yes, create the SSL object self._connected = True self._sslobj = _ssl.sslwrap(self._sock, server_side, keyfile, certfile, cert_reqs, ssl_version, ca_certs, ciphers, server_hostname) if do_handshake_on_connect: self.do_handshake() self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.ca_certs = ca_certs self.ciphers = ciphers self.server_hostname = server_hostname self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs self._makefile_refs = 0
def sslwrap_simple(sock, keyfile=None, certfile=None): if hasattr(sock, '_sock'): sock = sock._sock ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE, PROTOCOL_SSLv23, None) try: sock.getpeername() except socket_error: pass else: ssl_sock.do_handshake() return ssl_sock
def test_sslwrap(self): import _ssl, _socket, sys if sys.platform == "darwin": skip("hangs indefinitely on OSX (also on CPython)") s = _socket.socket() ss = _ssl.sslwrap(s, 0) exc = raises(_socket.error, ss.do_handshake) if sys.platform == "win32": assert exc.value.errno == 2 # Cannot find file (=not a socket) else: assert exc.value.errno == 32 # Broken pipe
def connect(self, addr): """Connects to remote ADDR, and then wraps the connection in an SSL channel.""" if self._sslobj: raise ValueError('attempt to connect already-connected SSLSocket!') socket.connect(self, addr) self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs, self.ciphers) if self.do_handshake_on_connect: self.do_handshake()
def __init__(self, sock=None, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version=PROTOCOL_SSLv23, ca_certs=None, do_handshake_on_connect=True, family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None, suppress_ragged_eofs=True): if sock is not None: socket.__init__(self, family=sock.family, type=sock.type, proto=sock.proto, fileno=_dup(sock.fileno())) sock.close() elif fileno is not None: socket.__init__(self, fileno=fileno) else: socket.__init__(self, family=family, type=type, proto=proto) self._closed = False if certfile and not keyfile: keyfile = certfile # see if it's connected try: socket.getpeername(self) except socket_error: # no, no connection yet self._sslobj = None else: # yes, create the SSL object try: self._sslobj = _ssl.sslwrap(self, server_side, keyfile, certfile, cert_reqs, ssl_version, ca_certs) if do_handshake_on_connect: timeout = self.gettimeout() if timeout == 0.0: # non-blocking raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets") self.do_handshake() except socket_error as x: self.close() raise x self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.ca_certs = ca_certs self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs
def sslwrap_simple(sock, keyfile = None, certfile = None): if hasattr(sock, '_sock'): sock = sock._sock ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE, PROTOCOL_SSLv23, None) try: sock.getpeername() except socket_error: pass else: ssl_sock.do_handshake() return ssl_sock
def __init__(self, sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version=PROTOCOL_SSLv23, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True): socket.__init__(self, _sock=sock._sock) # the initializer for socket trashes the methods (tsk, tsk), so... self.send = lambda data, flags=0: SSLSocket.send(self, data, flags) self.sendto = lambda data, addr, flags=0: SSLSocket.sendto( self, data, addr, flags) self.recv = lambda buflen=1024, flags=0: SSLSocket.recv( self, buflen, flags) self.recvfrom = lambda addr, buflen=1024, flags=0: SSLSocket.recvfrom( self, addr, buflen, flags) self.recv_into = lambda buffer, nbytes=None, flags=0: SSLSocket.recv_into( self, buffer, nbytes, flags) self.recvfrom_into = lambda buffer, nbytes=None, flags=0: SSLSocket.recvfrom_into( self, buffer, nbytes, flags) if certfile and not keyfile: keyfile = certfile # see if it's connected try: socket.getpeername(self) except: # no, no connection yet self._sslobj = None else: # yes, create the SSL object self._sslobj = _ssl.sslwrap(self._sock, server_side, keyfile, certfile, cert_reqs, ssl_version, ca_certs) if do_handshake_on_connect: timeout = self.gettimeout() try: self.settimeout(None) self.do_handshake() finally: self.settimeout(timeout) self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.ca_certs = ca_certs self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs self._makefile_refs = 0
def test_async_closed(self): import _ssl, _socket, sys, gc s = _socket.socket() s.settimeout(3) if sys.version_info < (2, 7, 9): ss = _ssl.sslwrap(s, 0) else: ss = _ssl._SSLContext(_ssl.PROTOCOL_TLS)._wrap_socket(s, 0) s.close() exc = raises(_ssl.SSLError, ss.write, "data") assert exc.value.message == 'Underlying socket has been closed.' del exc, ss, s gc.collect() # force the destructor() to be called now
def test_sslwrap(self): import _ssl, _socket, sys, gc if sys.platform == 'darwin': skip("hangs indefinitely on OSX (also on CPython)") s = _socket.socket() ss = _ssl.sslwrap(s, 0) exc = raises(_socket.error, ss.do_handshake) if sys.platform == 'win32': assert exc.value.errno == 10057 # WSAENOTCONN else: assert exc.value.errno == 32 # Broken pipe del exc, ss, s gc.collect() # force the destructor() to be called now
def test_async_closed(self): import _ssl, _socket, sys, gc s = _socket.socket() s.settimeout(3) if sys.version_info < (2, 7, 9): ss = _ssl.sslwrap(s, 0) else: ss = _ssl._SSLContext(_ssl.PROTOCOL_TLSv1)._wrap_socket(s, 0) s.close() exc = raises(_ssl.SSLError, ss.write, "data") assert exc.value.message == 'Underlying socket has been closed.' del exc, ss, s gc.collect() # force the destructor() to be called now
def test_sslwrap(self): import _ssl, _socket, sys, gc if sys.platform == 'darwin' or 'freebsd' in sys.platform: skip("hangs indefinitely on OSX & FreeBSD (also on CPython)") s = _socket.socket() ss = _ssl.sslwrap(s, 0) exc = raises(_socket.error, ss.do_handshake) if sys.platform == 'win32': assert exc.value.errno == 10057 # WSAENOTCONN else: assert exc.value.errno == 32 # Broken pipe del exc, ss, s gc.collect() # force the destructor() to be called now
def connect(self, addr): """Connects to remote ADDR, and then wraps the connection in an SSL channel.""" # Here we assume that the socket is client-side, and not # connected at the time of the call. We connect it, then wrap it. if self._sslobj: raise ValueError("attempt to connect already-connected SSLSocket!") socket.connect(self, addr) self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs) if self.do_handshake_on_connect: self.do_handshake()
def __init__(self, sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version=PROTOCOL_SSLv23, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None): if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM: raise NotImplementedError('only stream sockets are supported') socket.__init__(self, _sock=sock._sock) for attr in _delegate_methods: try: delattr(self, attr) except AttributeError: pass if ciphers is None and ssl_version != _SSLv2_IF_EXISTS: ciphers = _DEFAULT_CIPHERS if certfile and not keyfile: keyfile = certfile try: socket.getpeername(self) except socket_error as e: if e.errno != errno.ENOTCONN: raise self._connected = False self._sslobj = None else: self._connected = True self._sslobj = _ssl.sslwrap(self._sock, server_side, keyfile, certfile, cert_reqs, ssl_version, ca_certs, ciphers) if do_handshake_on_connect: self.do_handshake() self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.ca_certs = ca_certs self.ciphers = ciphers self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs self._makefile_refs = 0 return
def sslwrap_simple(sock, keyfile = None, certfile = None): """A replacement for the old socket.ssl function. Designed for compability with Python 2.5 and earlier. Will disappear in Python 3.0.""" if hasattr(sock, '_sock'): sock = sock._sock ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE, PROTOCOL_SSLv23, None) try: sock.getpeername() except socket_error: pass else: ssl_sock.do_handshake() return ssl_sock
def _connect(self, address, timeout): if self._connected: raise ValueError("attempt to connect already-connected SSLSocket!") self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs, self.ciphers) err = super(SSLSocket, self).connect_ex(address) if err: return err try: if self.do_handshake_on_connect: self.do_handshake(timeout) except socket.error, exc: return exc.args[0]
def sslwrap_simple(sock, keyfile=None, certfile=None): """A replacement for the old socket.ssl function. Designed for compability with Python 2.5 and earlier. Will disappear in Python 3.0.""" if hasattr(sock, '_sock'): sock = sock._sock ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE, PROTOCOL_SSLv23, None) try: sock.getpeername() except socket_error: pass else: ssl_sock.do_handshake() return ssl_sock
def _real_connect(self, addr, return_errno): if self._connected: raise ValueError('attempt to connect already-connected SSLSocket!') self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs, self.ciphers, self.ca_certs_string) try: socket.connect(self, addr) if self.do_handshake_on_connect: self.do_handshake() except socket_error as e: if return_errno: return e.errno self._sslobj = None raise e self._connected = True return 0
def test_SSLType_ssl(self): ''' Should be essentially the same as _ssl.sslwrap. It's not though and will simply be tested as implemented for the time being. ssl(PythonSocket.socket sock, [DefaultParameterValue(null)] string keyfile, [DefaultParameterValue(null)] string certfile) ''' #--Positive #sock s = socket.socket(socket.AF_INET) s.connect((SSL_URL, SSL_PORT)) ssl_s = real_ssl.sslwrap(s._sock, False) ssl_s.shutdown() s.close()
def test_sslwrap(self): import _ssl, _socket, sys, gc if sys.platform == 'darwin' or 'freebsd' in sys.platform: skip("hangs indefinitely on OSX & FreeBSD (also on CPython)") s = _socket.socket() if sys.version_info < (2, 7, 9): ss = _ssl.sslwrap(s, 0) else: ctx = _ssl._SSLContext(_ssl.PROTOCOL_TLSv1) ss = ctx._wrap_socket(s, 0) assert ss.context is ctx exc = raises(_socket.error, ss.do_handshake) if sys.platform == 'win32': assert exc.value.errno == 10057 # WSAENOTCONN else: assert exc.value.errno == 32 # Broken pipe del exc, ss, s gc.collect() # force the destructor() to be called now
def _do_handshake(self): """Performs the SSL handshake.""" if self.sock._sslobj is None: # FIXME This wrapping is ugly as it is using SSL internal stuff. It # is really necessary? if PY2: self.sock._sslobj = _ssl.sslwrap(self.sock._sock, False, self.sock.keyfile, self.sock.certfile, self.sock.cert_reqs, self.sock.ssl_version, self.sock.ca_certs) else: self.sock._sslobj = self.sock.context._wrap_socket( self.sock, False, self.sock.server_hostname) if self._ssl_event is not None: self._ssl_event.succeed() self._ssl_event = None try: self.sock.do_handshake() except ssl.SSLError as err: if err.args[0] == ssl.SSL_ERROR_WANT_READ: self._ssl_handshake_read() return elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE: self._ssl_handshake_write() return else: raise except SocketError as e: pass # Handshake has completed. Resume normal operation. self._ready_read = self._do_read self._ready_write = self._do_write self._try_read = self._do_read self._try_write = self._do_write if self._reader is not None: self._try_read() if self._writer is not None: self._try_write()
def _real_connect(self, addr, return_errno): if self._connected: raise ValueError('attempt to connect already-connected SSLSocket!') self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs, self.ciphers) try: socket.connect(self, addr) if self.do_handshake_on_connect: self.do_handshake() except socket_error as e: if return_errno: return e.errno self._sslobj = None raise e self._connected = True return 0
def __init__(self, sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version=PROTOCOL_SSLv23, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True): socket.__init__(self, _sock=sock._sock) # the initializer for socket trashes the methods (tsk, tsk), so... self.send = lambda data, flags=0: SSLSocket.send(self, data, flags) self.sendto = lambda data, addr, flags=0: SSLSocket.sendto(self, data, addr, flags) self.recv = lambda buflen=1024, flags=0: SSLSocket.recv(self, buflen, flags) self.recvfrom = lambda addr, buflen=1024, flags=0: SSLSocket.recvfrom(self, addr, buflen, flags) self.recv_into = lambda buffer, nbytes=None, flags=0: SSLSocket.recv_into(self, buffer, nbytes, flags) self.recvfrom_into = lambda buffer, nbytes=None, flags=0: SSLSocket.recvfrom_into(self, buffer, nbytes, flags) if certfile and not keyfile: keyfile = certfile # see if it's connected try: socket.getpeername(self) except: # no, no connection yet self._sslobj = None else: # yes, create the SSL object self._sslobj = _ssl.sslwrap(self._sock, server_side, keyfile, certfile, cert_reqs, ssl_version, ca_certs) if do_handshake_on_connect: timeout = self.gettimeout() try: if timeout == 0: self.settimeout(None) self.do_handshake() finally: self.settimeout(timeout) self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.ca_certs = ca_certs self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs self._makefile_refs = 0
def _real_connect(self, addr, return_errno): if self._connected: raise ValueError('attempt to connect already-connected SSLSocket!') self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs, self.ciphers) try: if return_errno: rc = socket.connect_ex(self, addr) else: rc = None socket.connect(self, addr) if not rc: if self.do_handshake_on_connect: self.do_handshake() self._connected = True return rc except socket_error: self._sslobj = None raise return
def ssl_real_connect(self, addr, return_errno): if isinstance(addr, basestring): addr = (addr, 443) if LOGGER.isEnabledFor(logging.DEBUG): LOGGER.debug("vpn ssl connect %s:%s" % addr) if self._connected: raise ValueError('attempt to connect already-connected SSLSocket!') try: socket.socket.connect(self, addr) self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs, self.ciphers) if self.do_handshake_on_connect: self.do_handshake() except socket.error as e: if return_errno: return e.errno self._sslobj = None raise e self._connected = True return 0
def sslwrap_simple (sock, keyfile=None, certfile=None): """A replacement for the old socket.ssl function. Designed for compability with Python 2.5 and earlier. Will disappear in Python 3.0.""" if hasattr(sock, "_sock"): sock = sock._sock ssl_sock = _ssl.sslwrap(sock, keyfile, certfile) try: sock.getpeername() except socket_error: # no, no connection yet pass else: # yes, do the handshake ssl_sock.do_handshake() return ssl_sock
def _real_connect(self, addr, return_errno): # Here we assume that the socket is client-side, and not # connected at the time of the call. We connect it, then wrap it. if self._connected: raise ValueError("attempt to connect already-connected SSLSocket!") self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.ca_certs, self.ciphers) try: socket.connect(self, addr) if self.do_handshake_on_connect: self.do_handshake() except socket_error as e: if return_errno: return e.errno else: self._sslobj = None raise e self._connected = True return 0
def test_SSLType_read_and_write(self): #--Positive s = socket.socket(socket.AF_INET) s.connect((SSL_URL, SSL_PORT)) ssl_s = real_ssl.sslwrap(s._sock, False) ssl_s.do_handshake() self.assertTrue("Writes the string s into the SSL object." in ssl_s.write.__doc__) self.assertTrue("Read up to len bytes from the SSL socket." in ssl_s.read.__doc__) #Write self.assertEqual(ssl_s.write(SSL_REQUEST), len(SSL_REQUEST)) #Read self.assertEqual(ssl_s.read(4).lower(), "http") response = ssl_s.read(5000) self.assertTrue(SSL_RESPONSE in response) #Cleanup ssl_s.shutdown() s.close()
def __init__(self, sock, keyfile = None, certfile = None, server_side = False, cert_reqs = CERT_NONE, ssl_version = PROTOCOL_SSLv23, ca_certs = None, do_handshake_on_connect = True, suppress_ragged_eofs = True, ciphers = None): if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM: raise NotImplementedError('only stream sockets are supported') socket.__init__(self, _sock=sock._sock) for attr in _delegate_methods: try: delattr(self, attr) except AttributeError: pass if ciphers is None and ssl_version != _SSLv2_IF_EXISTS: ciphers = _DEFAULT_CIPHERS if certfile and not keyfile: keyfile = certfile try: socket.getpeername(self) except socket_error as e: if e.errno != errno.ENOTCONN: raise self._connected = False self._sslobj = None else: self._connected = True self._sslobj = _ssl.sslwrap(self._sock, server_side, keyfile, certfile, cert_reqs, ssl_version, ca_certs, ciphers) if do_handshake_on_connect: self.do_handshake() self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.ca_certs = ca_certs self.ciphers = ciphers self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs self._makefile_refs = 0 return
def sslwrap_simple(sock, keyfile=None, certfile=None): """A replacement for the old socket.ssl function. Designed for compability with Python 2.5 and earlier. Will disappear in Python 3.0.""" if hasattr(sock, "_sock"): sock = sock._sock ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE, PROTOCOL_SSLv23, None) try: sock.getpeername() except socket_error: # no, no connection yet pass else: # yes, do the handshake ssl_sock.do_handshake() return ssl_sock #defined for libcloud.base line: #class SSLError(IOError) : pass
def __init__(self, sock=None, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version=PROTOCOL_SSLv23, ca_certs=None, do_handshake_on_connect=True, family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None, suppress_ragged_eofs=True): if sock is not None: socket.__init__(self, family=sock.family, type=sock.type, proto=sock.proto, fileno=_dup(sock.fileno())) sock.close() elif fileno is not None: socket.__init__(self, fileno=fileno) else: socket.__init__(self, family=family, type=type, proto=proto) self._closed = False if certfile and not keyfile: keyfile = certfile # see if it's connected try: socket.getpeername(self) except socket_error: # no, no connection yet self._sslobj = None else: # yes, create the SSL object try: self._sslobj = _ssl.sslwrap(self, server_side, keyfile, certfile, cert_reqs, ssl_version, ca_certs) if do_handshake_on_connect: timeout = self.gettimeout() if timeout == 0.0: # non-blocking raise ValueError( "do_handshake_on_connect should not be specified for non-blocking sockets" ) self.do_handshake() except socket_error as x: self.close() raise x self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.ca_certs = ca_certs self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs
pass if certfile and not keyfile: keyfile = certfile # see if it's connected try: socket.getpeername(self) except socket_error, e: if e.errno != errno.ENOTCONN: raise # no, no connection yet self._sslobj = None else: # yes, create the SSL object self._sslobj = _ssl.sslwrap(self._sock, server_side, keyfile, certfile, cert_reqs, ssl_version, ca_certs) if do_handshake_on_connect: self.do_handshake() self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.ca_certs = ca_certs self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs self._makefile_refs = 0 def read(self, len=1024): """Read up to LEN bytes and return them. Return zero-length string on EOF."""