OpenQuizz
Une application de gestion des contenus pédagogiques
|
Data Structures | |
class | SSLContext |
Functions | |
def | assert_fingerprint (cert, fingerprint) |
def | resolve_cert_reqs (candidate) |
def | resolve_ssl_version (candidate) |
def | create_urllib3_context (ssl_version=None, cert_reqs=None, options=None, ciphers=None) |
def | ssl_wrap_socket (sock, keyfile=None, certfile=None, cert_reqs=None, ca_certs=None, server_hostname=None, ssl_version=None, ciphers=None, ssl_context=None, ca_cert_dir=None, key_password=None, ca_cert_data=None, tls_in_tls=False) |
def | is_ipaddress (hostname) |
def urllib3.util.ssl_.assert_fingerprint | ( | cert, | |
fingerprint | |||
) |
Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons.
def urllib3.util.ssl_.create_urllib3_context | ( | ssl_version = None , |
|
cert_reqs = None , |
|||
options = None , |
|||
ciphers = None |
|||
) |
All arguments have the same meaning as ``ssl_wrap_socket``. By default, this function does a lot of the same work that ``ssl.create_default_context`` does on Python 3.4+. It: - Disables SSLv2, SSLv3, and compression - Sets a restricted set of server ciphers If you wish to enable SSLv3, you can do:: from urllib3.util import ssl_ context = ssl_.create_urllib3_context() context.options &= ~ssl_.OP_NO_SSLv3 You can do the same to enable compression (substituting ``COMPRESSION`` for ``SSLv3`` in the last line above). :param ssl_version: The desired protocol version to use. This will default to PROTOCOL_SSLv23 which will negotiate the highest protocol that both the server and your installation of OpenSSL support. :param cert_reqs: Whether to require the certificate verification. This defaults to ``ssl.CERT_REQUIRED``. :param options: Specific OpenSSL options. These default to ``ssl.OP_NO_SSLv2``, ``ssl.OP_NO_SSLv3``, ``ssl.OP_NO_COMPRESSION``, and ``ssl.OP_NO_TICKET``. :param ciphers: Which cipher suites to allow the server to select. :returns: Constructed SSLContext object with specified options :rtype: SSLContext
def urllib3.util.ssl_.is_ipaddress | ( | hostname | ) |
Detects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise.
def urllib3.util.ssl_.resolve_cert_reqs | ( | candidate | ) |
Resolves the argument to a numeric constant, which can be passed to the wrap_socket function/method from the ssl module. Defaults to :data:`ssl.CERT_REQUIRED`. If given a string it is assumed to be the name of the constant in the :mod:`ssl` module or its abbreviation. (So you can specify `REQUIRED` instead of `CERT_REQUIRED`. If it's neither `None` nor a string we assume it is already the numeric constant which can directly be passed to wrap_socket.
def urllib3.util.ssl_.resolve_ssl_version | ( | candidate | ) |
like resolve_cert_reqs
def urllib3.util.ssl_.ssl_wrap_socket | ( | sock, | |
keyfile = None , |
|||
certfile = None , |
|||
cert_reqs = None , |
|||
ca_certs = None , |
|||
server_hostname = None , |
|||
ssl_version = None , |
|||
ciphers = None , |
|||
ssl_context = None , |
|||
ca_cert_dir = None , |
|||
key_password = None , |
|||
ca_cert_data = None , |
|||
tls_in_tls = False |
|||
) |
All arguments except for server_hostname, ssl_context, and ca_cert_dir have the same meaning as they do when using :func:`ssl.wrap_socket`. :param server_hostname: When SNI is supported, the expected hostname of the certificate :param ssl_context: A pre-made :class:`SSLContext` object. If none is provided, one will be created using :func:`create_urllib3_context`. :param ciphers: A string of ciphers we wish the client to support. :param ca_cert_dir: A directory containing CA certificates in multiple separate files, as supported by OpenSSL's -CApath flag or the capath argument to SSLContext.load_verify_locations(). :param key_password: Optional password if the keyfile is encrypted. :param ca_cert_data: Optional string containing CA certificates in PEM format suitable for passing as the cadata parameter to SSLContext.load_verify_locations() :param tls_in_tls: Use SSLTransport to wrap the existing socket.
ALPN_PROTOCOLS |
DEFAULT_CIPHERS |
HAS_SNI |
HASHFUNC_MAP |
IS_PYOPENSSL |
IS_SECURETRANSPORT |
OP_NO_COMPRESSION |
OP_NO_SSLv2 |
OP_NO_SSLv3 |
OP_NO_TICKET |
PROTOCOL_SSLv23 |
PROTOCOL_TLS |
PROTOCOL_TLS_CLIENT |