Back to index

python3.2  3.2.2
Classes | Functions | Variables
ssl Namespace Reference

Classes

class  CertificateError
class  SSLContext
class  SSLSocket

Functions

def _dnsname_to_pat
def match_hostname
def wrap_socket
def cert_time_to_seconds
def DER_cert_to_PEM_cert
def PEM_cert_to_DER_cert
def get_server_certificate
def get_protocol_name

Variables

dictionary _PROTOCOL_NAMES
string PEM_HEADER = "-----BEGIN CERTIFICATE-----"
string PEM_FOOTER = "-----END CERTIFICATE-----"

Class Documentation

class ssl::CertificateError

Definition at line 102 of file ssl.py.


Function Documentation

def ssl._dnsname_to_pat (   dn) [private]

Definition at line 106 of file ssl.py.

00106 
00107 def _dnsname_to_pat(dn):
00108     pats = []
00109     for frag in dn.split(r'.'):
00110         if frag == '*':
00111             # When '*' is a fragment by itself, it matches a non-empty dotless
00112             # fragment.
00113             pats.append('[^.]+')
00114         else:
00115             # Otherwise, '*' matches any dotless fragment.
00116             frag = re.escape(frag)
00117             pats.append(frag.replace(r'\*', '[^.]*'))
00118     return re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
00119 

Here is the call graph for this function:

Here is the caller graph for this function:

def ssl.cert_time_to_seconds (   cert_time)
Takes a date-time string in standard ASN1_print form
("MON DAY 24HOUR:MINUTE:SEC YEAR TIMEZONE") and return
a Python time value in seconds past the epoch.

Definition at line 517 of file ssl.py.

00517 
00518 def cert_time_to_seconds(cert_time):
00519     """Takes a date-time string in standard ASN1_print form
00520     ("MON DAY 24HOUR:MINUTE:SEC YEAR TIMEZONE") and return
00521     a Python time value in seconds past the epoch."""
00522 
00523     import time
00524     return time.mktime(time.strptime(cert_time, "%b %d %H:%M:%S %Y GMT"))

Here is the caller graph for this function:

def ssl.DER_cert_to_PEM_cert (   der_cert_bytes)
Takes a certificate in binary DER format and returns the
PEM version of it as a string.

Definition at line 528 of file ssl.py.

00528 
00529 def DER_cert_to_PEM_cert(der_cert_bytes):
00530     """Takes a certificate in binary DER format and returns the
00531     PEM version of it as a string."""
00532 
00533     f = str(base64.standard_b64encode(der_cert_bytes), 'ASCII', 'strict')
00534     return (PEM_HEADER + '\n' +
00535             textwrap.fill(f, 64) + '\n' +
00536             PEM_FOOTER + '\n')

Here is the call graph for this function:

Here is the caller graph for this function:

def ssl.get_protocol_name (   protocol_code)

Definition at line 568 of file ssl.py.

00568 
00569 def get_protocol_name(protocol_code):
00570     return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')

Here is the caller graph for this function:

def ssl.get_server_certificate (   addr,
  ssl_version = PROTOCOL_SSLv3,
  ca_certs = None 
)
Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
If 'ssl_version' is specified, use it in the connection attempt.

Definition at line 550 of file ssl.py.

00550 
00551 def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
00552     """Retrieve the certificate from the server at the specified address,
00553     and return it as a PEM-encoded string.
00554     If 'ca_certs' is specified, validate the server cert against it.
00555     If 'ssl_version' is specified, use it in the connection attempt."""
00556 
00557     host, port = addr
00558     if (ca_certs is not None):
00559         cert_reqs = CERT_REQUIRED
00560     else:
00561         cert_reqs = CERT_NONE
00562     s = wrap_socket(socket(), ssl_version=ssl_version,
00563                     cert_reqs=cert_reqs, ca_certs=ca_certs)
00564     s.connect(addr)
00565     dercert = s.getpeercert(True)
00566     s.close()
00567     return DER_cert_to_PEM_cert(dercert)

Here is the call graph for this function:

Here is the caller graph for this function:

def ssl.match_hostname (   cert,
  hostname 
)
Verify that *cert* (in decoded format as returned by
SSLSocket.getpeercert()) matches the *hostname*.  RFC 2818 rules
are mostly followed, but IP addresses are not accepted for *hostname*.

CertificateError is raised on failure. On success, the function
returns nothing.

Definition at line 120 of file ssl.py.

00120 
00121 def match_hostname(cert, hostname):
00122     """Verify that *cert* (in decoded format as returned by
00123     SSLSocket.getpeercert()) matches the *hostname*.  RFC 2818 rules
00124     are mostly followed, but IP addresses are not accepted for *hostname*.
00125 
00126     CertificateError is raised on failure. On success, the function
00127     returns nothing.
00128     """
00129     if not cert:
00130         raise ValueError("empty or no certificate")
00131     dnsnames = []
00132     san = cert.get('subjectAltName', ())
00133     for key, value in san:
00134         if key == 'DNS':
00135             if _dnsname_to_pat(value).match(hostname):
00136                 return
00137             dnsnames.append(value)
00138     if not dnsnames:
00139         # The subject is only checked when there is no dNSName entry
00140         # in subjectAltName
00141         for sub in cert.get('subject', ()):
00142             for key, value in sub:
00143                 # XXX according to RFC 2818, the most specific Common Name
00144                 # must be used.
00145                 if key == 'commonName':
00146                     if _dnsname_to_pat(value).match(hostname):
00147                         return
00148                     dnsnames.append(value)
00149     if len(dnsnames) > 1:
00150         raise CertificateError("hostname %r "
00151             "doesn't match either of %s"
00152             % (hostname, ', '.join(map(repr, dnsnames))))
00153     elif len(dnsnames) == 1:
00154         raise CertificateError("hostname %r "
00155             "doesn't match %r"
00156             % (hostname, dnsnames[0]))
00157     else:
00158         raise CertificateError("no appropriate commonName or "
00159             "subjectAltName fields were found")
00160 

Here is the call graph for this function:

Here is the caller graph for this function:

def ssl.PEM_cert_to_DER_cert (   pem_cert_string)
Takes a certificate in ASCII PEM format and returns the
DER-encoded version of it as a byte sequence

Definition at line 537 of file ssl.py.

00537 
00538 def PEM_cert_to_DER_cert(pem_cert_string):
00539     """Takes a certificate in ASCII PEM format and returns the
00540     DER-encoded version of it as a byte sequence"""
00541 
00542     if not pem_cert_string.startswith(PEM_HEADER):
00543         raise ValueError("Invalid PEM encoding; must start with %s"
00544                          % PEM_HEADER)
00545     if not pem_cert_string.strip().endswith(PEM_FOOTER):
00546         raise ValueError("Invalid PEM encoding; must end with %s"
00547                          % PEM_FOOTER)
00548     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
00549     return base64.decodebytes(d.encode('ASCII', 'strict'))

Here is the call graph for this function:

Here is the caller graph for this function:

def ssl.wrap_socket (   sock,
  keyfile = None,
  certfile = None,
  server_side = False,
  cert_reqs = CERT_NONE,
  ssl_version = PROTOCOL_SSLv23,
  ca_certs = None,
  do_handshake_on_connect = True,
  suppress_ragged_eofs = True,
  ciphers = None 
)

Definition at line 506 of file ssl.py.

00506 
00507                 suppress_ragged_eofs=True, ciphers=None):
00508 
00509     return SSLSocket(sock=sock, keyfile=keyfile, certfile=certfile,
00510                      server_side=server_side, cert_reqs=cert_reqs,
00511                      ssl_version=ssl_version, ca_certs=ca_certs,
00512                      do_handshake_on_connect=do_handshake_on_connect,
00513                      suppress_ragged_eofs=suppress_ragged_eofs,
00514                      ciphers=ciphers)
00515 
00516 # some utility functions

Here is the caller graph for this function:


Variable Documentation

Initial value:
00001 {
00002     PROTOCOL_TLSv1: "TLSv1",
00003     PROTOCOL_SSLv23: "SSLv23",
00004     PROTOCOL_SSLv3: "SSLv3",
00005 }

Definition at line 82 of file ssl.py.

string ssl.PEM_FOOTER = "-----END CERTIFICATE-----"

Definition at line 526 of file ssl.py.

string ssl.PEM_HEADER = "-----BEGIN CERTIFICATE-----"

Definition at line 525 of file ssl.py.