diff options
author | Christian Heimes <christian@python.org> | 2016-09-05 21:19:05 (GMT) |
---|---|---|
committer | Christian Heimes <christian@python.org> | 2016-09-05 21:19:05 (GMT) |
commit | 598894ff48e9c1171cb2ec1c798235826a75c7e0 (patch) | |
tree | 8f94a9879770bf268cb8245702324de867490202 /Lib/ssl.py | |
parent | b3b7a5a16b4e3c5bdd8d378d95e0645ab16a9547 (diff) | |
download | cpython-598894ff48e9c1171cb2ec1c798235826a75c7e0.zip cpython-598894ff48e9c1171cb2ec1c798235826a75c7e0.tar.gz cpython-598894ff48e9c1171cb2ec1c798235826a75c7e0.tar.bz2 |
Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.
Diffstat (limited to 'Lib/ssl.py')
-rw-r--r-- | Lib/ssl.py | 18 |
1 files changed, 10 insertions, 8 deletions
@@ -51,6 +51,7 @@ The following constants identify various SSL protocol variants: PROTOCOL_SSLv2 PROTOCOL_SSLv3 PROTOCOL_SSLv23 +PROTOCOL_TLS PROTOCOL_TLSv1 PROTOCOL_TLSv1_1 PROTOCOL_TLSv1_2 @@ -128,9 +129,10 @@ from _ssl import _OPENSSL_API_VERSION _IntEnum._convert( '_SSLMethod', __name__, - lambda name: name.startswith('PROTOCOL_'), + lambda name: name.startswith('PROTOCOL_') and name != 'PROTOCOL_SSLv23', source=_ssl) +PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_TLS _PROTOCOL_NAMES = {value: name for name, value in _SSLMethod.__members__.items()} try: @@ -357,13 +359,13 @@ class SSLContext(_SSLContext): __slots__ = ('protocol', '__weakref__') _windows_cert_stores = ("CA", "ROOT") - def __new__(cls, protocol, *args, **kwargs): + def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs): self = _SSLContext.__new__(cls, protocol) if protocol != _SSLv2_IF_EXISTS: self.set_ciphers(_DEFAULT_CIPHERS) return self - def __init__(self, protocol): + def __init__(self, protocol=PROTOCOL_TLS): self.protocol = protocol def wrap_socket(self, sock, server_side=False, @@ -438,7 +440,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, if not isinstance(purpose, _ASN1Object): raise TypeError(purpose) - context = SSLContext(PROTOCOL_SSLv23) + context = SSLContext(PROTOCOL_TLS) # SSLv2 considered harmful. context.options |= OP_NO_SSLv2 @@ -475,7 +477,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, context.load_default_certs(purpose) return context -def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None, +def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=None, check_hostname=False, purpose=Purpose.SERVER_AUTH, certfile=None, keyfile=None, cafile=None, capath=None, cadata=None): @@ -666,7 +668,7 @@ class SSLSocket(socket): def __init__(self, sock=None, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, - ssl_version=PROTOCOL_SSLv23, ca_certs=None, + ssl_version=PROTOCOL_TLS, ca_certs=None, do_handshake_on_connect=True, family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None, suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, @@ -1056,7 +1058,7 @@ class SSLSocket(socket): def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, - ssl_version=PROTOCOL_SSLv23, ca_certs=None, + ssl_version=PROTOCOL_TLS, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None): @@ -1125,7 +1127,7 @@ def PEM_cert_to_DER_cert(pem_cert_string): d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] return base64.decodebytes(d.encode('ASCII', 'strict')) -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): +def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None): """Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If 'ca_certs' is specified, validate the server cert against it. |