diff options
author | Bill Janssen <janssen@parc.com> | 2007-12-05 03:38:10 (GMT) |
---|---|---|
committer | Bill Janssen <janssen@parc.com> | 2007-12-05 03:38:10 (GMT) |
commit | 48dc27c04088c1c048b6b05076b9d36228a5e287 (patch) | |
tree | afeb94ee621d00193984a39941a0c627cb4e924a /Doc | |
parent | a37d4c693a024154093b36a612810c3bd72d9254 (diff) | |
download | cpython-48dc27c04088c1c048b6b05076b9d36228a5e287.zip cpython-48dc27c04088c1c048b6b05076b9d36228a5e287.tar.gz cpython-48dc27c04088c1c048b6b05076b9d36228a5e287.tar.bz2 |
most recent changes to SSL module to support non-blocking sockets properly
Diffstat (limited to 'Doc')
-rw-r--r-- | Doc/library/ssl.rst | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index d700229..5675baa 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -51,7 +51,7 @@ Functions, Constants, and Exceptions network connection. This error is a subtype of :exc:`socket.error`, which in turn is a subtype of :exc:`IOError`. -.. function:: wrap_socket (sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version={see docs}, ca_certs=None) +.. function:: wrap_socket (sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version={see docs}, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True) Takes an instance ``sock`` of :class:`socket.socket`, and returns an instance of :class:`ssl.SSLSocket`, a subtype of :class:`socket.socket`, which wraps the underlying socket in an SSL context. @@ -118,6 +118,18 @@ Functions, Constants, and Exceptions `*` In some older versions of OpenSSL (for instance, 0.9.7l on OS X 10.4), an SSLv2 client could not connect to an SSLv23 server. + The parameter ``do_handshake_on_connect`` specifies whether to do the SSL + handshake automatically after doing a :meth:`socket.connect`, or whether the + application program will call it explicitly, by invoking the :meth:`SSLSocket.do_handshake` + method. Calling :meth:`SSLSocket.do_handshake` explicitly gives the program control over + the blocking behavior of the socket I/O involved in the handshake. + + The parameter ``suppress_ragged_eofs`` specifies how the :meth:`SSLSocket.read` + method should signal unexpected EOF from the other end of the connection. If specified + as :const:`True` (the default), it returns a normal EOF in response to unexpected + EOF errors raised from the underlying socket; if :const:`False`, it will raise + the exceptions back the caller. + .. function:: RAND_status() Returns True if the SSL pseudo-random number generator has been @@ -231,15 +243,41 @@ Functions, Constants, and Exceptions SSLSocket Objects ----------------- -.. method:: SSLSocket.read([nbytes=1024]) +.. method:: SSLSocket.read(nbytes=1024, buffer=None) Reads up to ``nbytes`` bytes from the SSL-encrypted channel and returns them. + If the ``buffer`` is specified, it will attempt to read into the buffer + the minimum of the size of the buffer and ``nbytes``, if that is specified. + If no buffer is specified, an immutable buffer is allocated and returned + with the data read from the socket. .. method:: SSLSocket.write(data) Writes the ``data`` to the other side of the connection, using the SSL channel to encrypt. Returns the number of bytes written. +.. method:: SSLSocket.do_handshake() + + Performs the SSL setup handshake. If the socket is non-blocking, + this method may raise :exc:`SSLError` with the value of the exception + instance's ``args[0]`` + being either :const:`SSL_ERROR_WANT_READ` or + :const:`SSL_ERROR_WANT_WRITE`, and should be called again until + it stops raising those exceptions. Here's an example of how to do + that:: + + while True: + try: + sock.do_handshake() + break + except ssl.SSLError as err: + if err.args[0] == ssl.SSL_ERROR_WANT_READ: + select.select([sock], [], []) + elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE: + select.select([], [sock], []) + else: + raise + .. method:: SSLSocket.getpeercert(binary_form=False) If there is no certificate for the peer on the other end of the |