Show More
| @@ -36,6 +36,74 b' except AttributeError:' | |||||
| 36 | OP_NO_SSLv2 = 0x1000000 |
|
36 | OP_NO_SSLv2 = 0x1000000 | |
| 37 | OP_NO_SSLv3 = 0x2000000 |
|
37 | OP_NO_SSLv3 = 0x2000000 | |
| 38 |
|
38 | |||
|
|
39 | try: | |||
|
|
40 | # ssl.SSLContext was added in 2.7.9 and presence indicates modern | |||
|
|
41 | # SSL/TLS features are available. | |||
|
|
42 | SSLContext = ssl.SSLContext | |||
|
|
43 | modernssl = True | |||
|
|
44 | except AttributeError: | |||
|
|
45 | modernssl = False | |||
|
|
46 | ||||
|
|
47 | # We implement SSLContext using the interface from the standard library. | |||
|
|
48 | class SSLContext(object): | |||
|
|
49 | # ssl.wrap_socket gained the "ciphers" named argument in 2.7. | |||
|
|
50 | _supportsciphers = sys.version_info >= (2, 7) | |||
|
|
51 | ||||
|
|
52 | def __init__(self, protocol): | |||
|
|
53 | # From the public interface of SSLContext | |||
|
|
54 | self.protocol = protocol | |||
|
|
55 | self.check_hostname = False | |||
|
|
56 | self.options = 0 | |||
|
|
57 | self.verify_mode = ssl.CERT_NONE | |||
|
|
58 | ||||
|
|
59 | # Used by our implementation. | |||
|
|
60 | self._certfile = None | |||
|
|
61 | self._keyfile = None | |||
|
|
62 | self._certpassword = None | |||
|
|
63 | self._cacerts = None | |||
|
|
64 | self._ciphers = None | |||
|
|
65 | ||||
|
|
66 | def load_cert_chain(self, certfile, keyfile=None, password=None): | |||
|
|
67 | self._certfile = certfile | |||
|
|
68 | self._keyfile = keyfile | |||
|
|
69 | self._certpassword = password | |||
|
|
70 | ||||
|
|
71 | def load_default_certs(self, purpose=None): | |||
|
|
72 | pass | |||
|
|
73 | ||||
|
|
74 | def load_verify_locations(self, cafile=None, capath=None, cadata=None): | |||
|
|
75 | if capath: | |||
|
|
76 | raise error.Abort('capath not supported') | |||
|
|
77 | if cadata: | |||
|
|
78 | raise error.Abort('cadata not supported') | |||
|
|
79 | ||||
|
|
80 | self._cacerts = cafile | |||
|
|
81 | ||||
|
|
82 | def set_ciphers(self, ciphers): | |||
|
|
83 | if not self._supportsciphers: | |||
|
|
84 | raise error.Abort('setting ciphers not supported') | |||
|
|
85 | ||||
|
|
86 | self._ciphers = ciphers | |||
|
|
87 | ||||
|
|
88 | def wrap_socket(self, socket, server_hostname=None, server_side=False): | |||
|
|
89 | # server_hostname is unique to SSLContext.wrap_socket and is used | |||
|
|
90 | # for SNI in that context. So there's nothing for us to do with it | |||
|
|
91 | # in this legacy code since we don't support SNI. | |||
|
|
92 | ||||
|
|
93 | args = { | |||
|
|
94 | 'keyfile': self._keyfile, | |||
|
|
95 | 'certfile': self._certfile, | |||
|
|
96 | 'server_side': server_side, | |||
|
|
97 | 'cert_reqs': self.verify_mode, | |||
|
|
98 | 'ssl_version': self.protocol, | |||
|
|
99 | 'ca_certs': self._cacerts, | |||
|
|
100 | } | |||
|
|
101 | ||||
|
|
102 | if self._supportsciphers: | |||
|
|
103 | args['ciphers'] = self._ciphers | |||
|
|
104 | ||||
|
|
105 | return ssl.wrap_socket(socket, **args) | |||
|
|
106 | ||||
| 39 | _canloaddefaultcerts = False |
|
107 | _canloaddefaultcerts = False | |
| 40 | try: |
|
108 | try: | |
| 41 | # ssl.SSLContext was added in 2.7.9 and presence indicates modern |
|
109 | # ssl.SSLContext was added in 2.7.9 and presence indicates modern | |
General Comments 0
You need to be logged in to leave comments.
Login now