def _createSSLEngine(self, addr, hostname=None, cert_file=None, key_file=None):
trust_managers = [NoVerifyX509TrustManager()]
if self.verify_mode == CERT_REQUIRED:
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
tmf.init(self._trust_store)
trust_managers = [CompositeX509TrustManager(tmf.getTrustManagers())]
context = _JavaSSLContext.getInstance(self._protocol_name)
if self._key_managers is None:
context.init(
_get_openssl_key_manager(
cert_file=cert_file, key_file=key_file).getKeyManagers(),
trust_managers, None)
else:
context.init(
self._key_managers.getKeyManagers(),
trust_managers, None)
if hostname is not None:
engine = context.createSSLEngine(hostname, addr[1])
else:
engine = context.createSSLEngine(*addr)
# apparently this can be used to enforce hostname verification
if hostname is not None and self._check_hostname:
params = engine.getSSLParameters()
params.setEndpointIdentificationAlgorithm('HTTPS')
engine.setSSLParameters(params)
if self._ciphers is not None:
engine.setEnabledCipherSuites(self._ciphers)
return engine
def _createSSLEngine(self, addr, hostname=None, cert_file=None, key_file=None):
trust_managers = [NoVerifyX509TrustManager()]
if self.verify_mode == CERT_REQUIRED:
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
tmf.init(self._trust_store)
trust_managers = [CompositeX509TrustManager(tmf.getTrustManagers())]
context = _JavaSSLContext.getInstance(self._protocol_name)
if self._key_managers is None:
context.init(
_get_openssl_key_manager(
cert_file=cert_file, key_file=key_file).getKeyManagers(),
trust_managers, None)
else:
context.init(
self._key_managers.getKeyManagers(),
trust_managers, None)
# addr could be ipv6, only extract relevant parts
engine = context.createSSLEngine((hostname or addr[0]), addr[1])
# apparently this can be used to enforce hostname verification
if hostname is not None and self._check_hostname:
params = engine.getSSLParameters()
params.setEndpointIdentificationAlgorithm('HTTPS')
engine.setSSLParameters(params)
if self._ciphers is not None:
engine.setEnabledCipherSuites(self._ciphers)
return engine
def __init__(self, protocol):
protocol_name = _PROTOCOL_NAMES[protocol]
if protocol == PROTOCOL_SSLv23: # darjus: at least my Java does not let me use v2
protocol_name = 'SSL'
self.protocol = protocol
self.check_hostname = False
self.options = OP_ALL
self.verify_flags = None
self.verify_mode = CERT_NONE
self._ciphers = None
self._trust_store = KeyStore.getInstance(KeyStore.getDefaultType())
self._trust_store.load(None, None)
self._key_store = KeyStore.getInstance(KeyStore.getDefaultType())
self._key_store.load(None, None)
self._context = _JavaSSLContext.getInstance(protocol_name)
self._key_managers = None
def __init__(self, protocol):
protocol_name = _PROTOCOL_NAMES[protocol]
if protocol == PROTOCOL_SSLv23: # darjus: at least my Java does not let me use v2
protocol_name = 'SSL'
self.protocol = protocol
self.check_hostname = False
self.options = OP_ALL
self.verify_flags = None
self.verify_mode = CERT_NONE
self._ciphers = None
self._trust_store = KeyStore.getInstance(KeyStore.getDefaultType())
self._trust_store.load(None, None)
self._key_store = KeyStore.getInstance(KeyStore.getDefaultType())
self._key_store.load(None, None)
self._context = _JavaSSLContext.getInstance(protocol_name)
self._key_managers = None
