OpenQuizz
Une application de gestion des contenus pédagogiques
urllib3.util.ssl_ Namespace Reference

Data Structures

class  SSLContext
 

Functions

def assert_fingerprint (cert, fingerprint)
 
def resolve_cert_reqs (candidate)
 
def resolve_ssl_version (candidate)
 
def create_urllib3_context (ssl_version=None, cert_reqs=None, options=None, ciphers=None)
 
def ssl_wrap_socket (sock, keyfile=None, certfile=None, cert_reqs=None, ca_certs=None, server_hostname=None, ssl_version=None, ciphers=None, ssl_context=None, ca_cert_dir=None, key_password=None, ca_cert_data=None, tls_in_tls=False)
 
def is_ipaddress (hostname)
 

Variables

 SSLContext
 
 SSLTransport
 
 HAS_SNI
 
 IS_PYOPENSSL
 
 IS_SECURETRANSPORT
 
 ALPN_PROTOCOLS
 
 HASHFUNC_MAP
 
 PROTOCOL_SSLv23
 
 PROTOCOL_TLS
 
 PROTOCOL_TLS_CLIENT
 
 OP_NO_SSLv2
 
 OP_NO_SSLv3
 
 OP_NO_COMPRESSION
 
 OP_NO_TICKET
 
 DEFAULT_CIPHERS
 

Function Documentation

◆ assert_fingerprint()

def urllib3.util.ssl_.assert_fingerprint (   cert,
  fingerprint 
)
Checks if given fingerprint matches the supplied certificate.

:param cert:
    Certificate as bytes object.
:param fingerprint:
    Fingerprint as string of hexdigits, can be interspersed by colons.

◆ create_urllib3_context()

def urllib3.util.ssl_.create_urllib3_context (   ssl_version = None,
  cert_reqs = None,
  options = None,
  ciphers = None 
)
All arguments have the same meaning as ``ssl_wrap_socket``.

By default, this function does a lot of the same work that
``ssl.create_default_context`` does on Python 3.4+. It:

- Disables SSLv2, SSLv3, and compression
- Sets a restricted set of server ciphers

If you wish to enable SSLv3, you can do::

    from urllib3.util import ssl_
    context = ssl_.create_urllib3_context()
    context.options &= ~ssl_.OP_NO_SSLv3

You can do the same to enable compression (substituting ``COMPRESSION``
for ``SSLv3`` in the last line above).

:param ssl_version:
    The desired protocol version to use. This will default to
    PROTOCOL_SSLv23 which will negotiate the highest protocol that both
    the server and your installation of OpenSSL support.
:param cert_reqs:
    Whether to require the certificate verification. This defaults to
    ``ssl.CERT_REQUIRED``.
:param options:
    Specific OpenSSL options. These default to ``ssl.OP_NO_SSLv2``,
    ``ssl.OP_NO_SSLv3``, ``ssl.OP_NO_COMPRESSION``, and ``ssl.OP_NO_TICKET``.
:param ciphers:
    Which cipher suites to allow the server to select.
:returns:
    Constructed SSLContext object with specified options
:rtype: SSLContext

◆ is_ipaddress()

def urllib3.util.ssl_.is_ipaddress (   hostname)
Detects whether the hostname given is an IPv4 or IPv6 address.
Also detects IPv6 addresses with Zone IDs.

:param str hostname: Hostname to examine.
:return: True if the hostname is an IP address, False otherwise.

◆ resolve_cert_reqs()

def urllib3.util.ssl_.resolve_cert_reqs (   candidate)
Resolves the argument to a numeric constant, which can be passed to
the wrap_socket function/method from the ssl module.
Defaults to :data:`ssl.CERT_REQUIRED`.
If given a string it is assumed to be the name of the constant in the
:mod:`ssl` module or its abbreviation.
(So you can specify `REQUIRED` instead of `CERT_REQUIRED`.
If it's neither `None` nor a string we assume it is already the numeric
constant which can directly be passed to wrap_socket.

◆ resolve_ssl_version()

def urllib3.util.ssl_.resolve_ssl_version (   candidate)
like resolve_cert_reqs

◆ ssl_wrap_socket()

def urllib3.util.ssl_.ssl_wrap_socket (   sock,
  keyfile = None,
  certfile = None,
  cert_reqs = None,
  ca_certs = None,
  server_hostname = None,
  ssl_version = None,
  ciphers = None,
  ssl_context = None,
  ca_cert_dir = None,
  key_password = None,
  ca_cert_data = None,
  tls_in_tls = False 
)
All arguments except for server_hostname, ssl_context, and ca_cert_dir have
the same meaning as they do when using :func:`ssl.wrap_socket`.

:param server_hostname:
    When SNI is supported, the expected hostname of the certificate
:param ssl_context:
    A pre-made :class:`SSLContext` object. If none is provided, one will
    be created using :func:`create_urllib3_context`.
:param ciphers:
    A string of ciphers we wish the client to support.
:param ca_cert_dir:
    A directory containing CA certificates in multiple separate files, as
    supported by OpenSSL's -CApath flag or the capath argument to
    SSLContext.load_verify_locations().
:param key_password:
    Optional password if the keyfile is encrypted.
:param ca_cert_data:
    Optional string containing CA certificates in PEM format suitable for
    passing as the cadata parameter to SSLContext.load_verify_locations()
:param tls_in_tls:
    Use SSLTransport to wrap the existing socket.

Variable Documentation

◆ ALPN_PROTOCOLS

ALPN_PROTOCOLS

◆ DEFAULT_CIPHERS

DEFAULT_CIPHERS

◆ HAS_SNI

HAS_SNI

◆ HASHFUNC_MAP

HASHFUNC_MAP

◆ IS_PYOPENSSL

IS_PYOPENSSL

◆ IS_SECURETRANSPORT

IS_SECURETRANSPORT

◆ OP_NO_COMPRESSION

OP_NO_COMPRESSION

◆ OP_NO_SSLv2

OP_NO_SSLv2

◆ OP_NO_SSLv3

OP_NO_SSLv3

◆ OP_NO_TICKET

OP_NO_TICKET

◆ PROTOCOL_SSLv23

PROTOCOL_SSLv23

◆ PROTOCOL_TLS

PROTOCOL_TLS

◆ PROTOCOL_TLS_CLIENT

PROTOCOL_TLS_CLIENT

◆ SSLContext

◆ SSLTransport