def __init__(self, sock=None, sslVersion=SSLV23, sslVerify=SSL_VERIFY_PEER, sslVerifyLocations=None):
# A Python socket handles transmission of the data
self._sock = sock
self._handshakeDone = False
# OpenSSL objects
# SSL_CTX
self._sslCtx = SSL_CTX(sslVersion)
self._sslCtx.set_verify(sslVerify)
if sslVerifyLocations:
self._sslCtx.load_verify_locations(sslVerifyLocations)
# SSL
self._ssl = SSL(self._sslCtx)
self._ssl.set_connect_state()
# Specific servers do not reply to a client hello that is bigger than 255 bytes
# See http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest
# So we make the default cipher list smaller (to make the client hello smaller)
if sslVersion != SSLV2: # This makes SSLv2 fail
self._ssl.set_cipher_list('HIGH:-aNULL:-eNULL:-3DES:-SRP:-PSK:-CAMELLIA')
else:
# Handshake workaround for SSL2 + IIS 7
self.do_handshake = self.do_ssl2_iis_handshake
# BIOs
self._internalBio = BIO()
self._networkBio = BIO()
# http://www.openssl.org/docs/crypto/BIO_s_bio.html
BIO.make_bio_pair(self._internalBio, self._networkBio)
self._ssl.set_bio(self._internalBio)
def __init__(self,
sock=None,
ssl_version=SSLV23,
ssl_verify=SSL_VERIFY_PEER,
ssl_verify_locations=None,
client_certchain_file=None,
client_key_file=None,
client_key_type=SSL_FILETYPE_PEM,
client_key_password='',
ignore_client_authentication_requests=False):
# A Python socket handles transmission of the data
self._sock = sock
self._is_handshake_completed = False
self._client_CA_list = []
# OpenSSL objects
# SSL_CTX
self._ssl_ctx = SSL_CTX(ssl_version)
self._ssl_ctx.set_verify(ssl_verify)
if ssl_verify_locations:
self._ssl_ctx.load_verify_locations(ssl_verify_locations)
if client_certchain_file is not None:
self._use_private_key(client_certchain_file, client_key_file,
client_key_type, client_key_password)
if ignore_client_authentication_requests:
if client_certchain_file:
raise ValueError(
'Cannot enable both client_certchain_file and ignore_client_authentication_requests'
)
self._ssl_ctx.set_client_cert_cb_NULL()
# SSL
self._ssl = SSL(self._ssl_ctx)
self._ssl.set_connect_state()
# Specific servers do not reply to a client hello that is bigger than 255 bytes
# See http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest
# So we make the default cipher list smaller (to make the client hello smaller)
if ssl_version != SSLV2: # This makes SSLv2 fail
self._ssl.set_cipher_list(
'HIGH:-aNULL:-eNULL:-3DES:-SRP:-PSK:-CAMELLIA')
else:
# Handshake workaround for SSL2 + IIS 7
self.do_handshake = self.do_ssl2_iis_handshake
# BIOs
self._internal_bio = BIO()
self._network_bio = BIO()
# http://www.openssl.org/docs/crypto/BIO_s_bio.html
BIO.make_bio_pair(self._internal_bio, self._network_bio)
self._ssl.set_bio(self._internal_bio)
