def connect(self, addr): """Connects to remote ADDR, and then wraps the connection in an SSL channel.""" # Here we assume that the socket is client-side, and not # connected at the time of the call. We connect it, then wrap it. if self._sslobj: raise ValueError("attempt to connect already-connected SSLSocket!") socket.connect(self, addr) self._sslobj = _forge_ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, self.sess_cache_mode, self.sess_id_ctx, self.ca_certs) if self.do_handshake_on_connect: self.do_handshake()
def sslwrap_simple(sock, keyfile=None, certfile=None): """A replacement for the old socket.ssl function. Designed for compability with Python 2.5 and earlier. Will disappear in Python 3.0.""" if hasattr(sock, "_sock"): sock = sock._sock ssl_sock = _forge_ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE, PROTOCOL_SSLv23, SESS_CACHE_SERVER, None, None) try: sock.getpeername() except: # no, no connection yet pass else: # yes, do the handshake ssl_sock.do_handshake() return ssl_sock
class SSLSocket(socket): """This class implements a subtype of socket.socket that wraps the underlying OS socket in an SSL context when necessary, and provides read and write methods over that channel.""" def __init__(self, parent_socket, sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version=PROTOCOL_SSLv23, sess_cache_mode=SESS_CACHE_SERVER, sess_id_ctx=None, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True): socket.__init__(self, _sock=sock._sock) # The initializer for socket overrides the methods send(), recv(), etc. # in the instancce, which we don't need -- but we want to provide the # methods defined in SSLSocket. for attr in _delegate_methods: try: delattr(self, attr) except AttributeError: pass if certfile and not keyfile: keyfile = certfile create = True connected = False if not server_side: # see if it's connected try: socket.getpeername(self) connected = True except socket_error, e: if e.errno != errno.ENOTCONN: raise # no, no connection yet self._sslobj = None create = False if create: # yes, create the SSL object if parent_socket == None: self._sslobj = _forge_ssl.sslwrap(self._sock, server_side, keyfile, certfile, cert_reqs, ssl_version, sess_cache_mode, sess_id_ctx, ca_certs) else: self._sslobj = parent_socket._sslobj.wrap_accepted(self._sock) if connected and do_handshake_on_connect: self.do_handshake() self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs self.ssl_version = ssl_version self.sess_cache_mode = sess_cache_mode self.sess_id_ctx = sess_id_ctx self.ca_certs = ca_certs self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs self._makefile_refs = 0