本文整理汇总了Python中ssl.CERT_REQUIRED属性的典型用法代码示例。如果您正苦于以下问题:Python ssl.CERT_REQUIRED属性的具体用法?Python ssl.CERT_REQUIRED怎么用?Python ssl.CERT_REQUIRED使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类ssl的用法示例。
在下文中一共展示了ssl.CERT_REQUIRED属性的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: resolve_cert_reqs
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def resolve_cert_reqs(candidate):
"""
Resolves the argument to a numeric constant, which can be passed to
the wrap_socket function/method from the ssl module.
Defaults to :data:`ssl.CERT_NONE`.
If given a string it is assumed to be the name of the constant in the
:mod:`ssl` module or its abbrevation.
(So you can specify `REQUIRED` instead of `CERT_REQUIRED`.
If it's neither `None` nor a string we assume it is already the numeric
constant which can directly be passed to wrap_socket.
"""
if candidate is None:
return CERT_NONE
if isinstance(candidate, str):
res = getattr(ssl, candidate, None)
if res is None:
res = getattr(ssl, 'CERT_' + candidate)
return res
return candidate 示例2: set_cert
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def set_cert(self, key_file=None, cert_file=None,
cert_reqs=None, ca_certs=None,
assert_hostname=None, assert_fingerprint=None,
ca_cert_dir=None):
"""
This method should only be called once, before the connection is used.
"""
# If cert_reqs is not provided, we can try to guess. If the user gave
# us a cert database, we assume they want to use it: otherwise, if
# they gave us an SSL Context object we should use whatever is set for
# it.
if cert_reqs is None:
if ca_certs or ca_cert_dir:
cert_reqs = 'CERT_REQUIRED'
elif self.ssl_context is not None:
cert_reqs = self.ssl_context.verify_mode
self.key_file = key_file
self.cert_file = cert_file
self.cert_reqs = cert_reqs
self.assert_hostname = assert_hostname
self.assert_fingerprint = assert_fingerprint
self.ca_certs = ca_certs and os.path.expanduser(ca_certs)
self.ca_cert_dir = ca_cert_dir and os.path.expanduser(ca_cert_dir) 示例3: resolve_cert_reqs
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def resolve_cert_reqs(candidate):
"""
Resolves the argument to a numeric constant, which can be passed to
the wrap_socket function/method from the ssl module.
Defaults to :data:`ssl.CERT_NONE`.
If given a string it is assumed to be the name of the constant in the
:mod:`ssl` module or its abbreviation.
(So you can specify `REQUIRED` instead of `CERT_REQUIRED`.
If it's neither `None` nor a string we assume it is already the numeric
constant which can directly be passed to wrap_socket.
"""
if candidate is None:
return CERT_NONE
if isinstance(candidate, str):
res = getattr(ssl, candidate, None)
if res is None:
res = getattr(ssl, 'CERT_' + candidate)
return res
return candidate 示例4: urlopen
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, **_3to2kwargs):
if 'cadefault' in _3to2kwargs: cadefault = _3to2kwargs['cadefault']; del _3to2kwargs['cadefault']
else: cadefault = False
if 'capath' in _3to2kwargs: capath = _3to2kwargs['capath']; del _3to2kwargs['capath']
else: capath = None
if 'cafile' in _3to2kwargs: cafile = _3to2kwargs['cafile']; del _3to2kwargs['cafile']
else: cafile = None
global _opener
if cafile or capath or cadefault:
if not _have_ssl:
raise ValueError('SSL support not available')
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.options |= ssl.OP_NO_SSLv2
context.verify_mode = ssl.CERT_REQUIRED
if cafile or capath:
context.load_verify_locations(cafile, capath)
else:
context.set_default_verify_paths()
https_handler = HTTPSHandler(context=context, check_hostname=True)
opener = build_opener(https_handler)
elif _opener is None:
_opener = opener = build_opener()
else:
opener = _opener
return opener.open(url, data, timeout) 示例5: resolve_cert_reqs
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def resolve_cert_reqs(candidate):
"""
Resolves the argument to a numeric constant, which can be passed to
the wrap_socket function/method from the ssl module.
Defaults to :data:`ssl.CERT_NONE`.
If given a string it is assumed to be the name of the constant in the
:mod:`ssl` module or its abbreviation.
(So you can specify `REQUIRED` instead of `CERT_REQUIRED`.
If it's neither `None` nor a string we assume it is already the numeric
constant which can directly be passed to wrap_socket.
"""
if candidate is None:
return CERT_REQUIRED
if isinstance(candidate, str):
res = getattr(ssl, candidate, None)
if res is None:
res = getattr(ssl, "CERT_" + candidate)
return res
return candidate 示例6: _create_ssl_ctx
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def _create_ssl_ctx(self, sslp):
if isinstance(sslp, ssl.SSLContext):
return sslp
ca = sslp.get('ca')
capath = sslp.get('capath')
hasnoca = ca is None and capath is None
ctx = ssl.create_default_context(cafile=ca, capath=capath)
ctx.check_hostname = not hasnoca and sslp.get('check_hostname', True)
ctx.verify_mode = ssl.CERT_NONE if hasnoca else ssl.CERT_REQUIRED
if 'cert' in sslp:
ctx.load_cert_chain(sslp['cert'], keyfile=sslp.get('key'))
if 'cipher' in sslp:
ctx.set_ciphers(sslp['cipher'])
ctx.options |= ssl.OP_NO_SSLv2
ctx.options |= ssl.OP_NO_SSLv3
return ctx 示例7: testContextAndSock
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def testContextAndSock(self):
cert_dir = "../../certs"
if not os.path.isdir(cert_dir):
cert_dir = "../certs"
if not os.path.isdir(cert_dir):
cert_dir = "./certs"
if not os.path.isdir(cert_dir):
raise IOError("cannot locate test certs directory")
try:
config.SSL = True
config.SSL_REQUIRECLIENTCERT = True
server_ctx = socketutil.get_ssl_context(cert_dir+"/server_cert.pem", cert_dir+"/server_key.pem")
client_ctx = socketutil.get_ssl_context(clientcert=cert_dir+"/client_cert.pem", clientkey=cert_dir+"/client_key.pem")
assert server_ctx.verify_mode == ssl.CERT_REQUIRED
assert client_ctx.verify_mode == ssl.CERT_REQUIRED
assert client_ctx.check_hostname
sock = socketutil.create_socket(sslContext=server_ctx)
try:
assert hasattr(sock, "getpeercert")
finally:
sock.close()
finally:
config.SSL = False 示例8: verify_mode
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def verify_mode(self):
return ssl.CERT_REQUIRED if self._verify else ssl.CERT_NONE 示例9: _mkcontext
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def _mkcontext(self):
certfile = self.config.get('tls_certfile')
keyfile = self.config.get('tls_keyfile')
cafile = self.config.get('tls_cafile')
capath = self.config.get('tls_capath')
if self.config.get('tls_verify_client', False):
verifymode = ssl.CERT_REQUIRED
else:
verifymode = ssl.CERT_NONE
if not certfile:
raise ValueError('tls_certfile is not set.')
logger.info(
"Creating SSLContext for TLS server (cafile: '%s', capath: '%s', "
"verify client: %s).",
cafile, capath, verifymode == ssl.CERT_REQUIRED
)
context = ssl.create_default_context(
ssl.Purpose.CLIENT_AUTH,
cafile=cafile,
capath=capath)
context.verify_mode = verifymode
logger.info(
"Loading cert chain '%s' (keyfile: '%s')", certfile, keyfile)
context.load_cert_chain(certfile, keyfile)
return context 示例10: test_tlserver
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def test_tlserver():
# pylint: disable=protected-access
config = CONFIG.copy()
srv = server.ForkingTLSServer(
LOCALADDR,
server.HTTPRequestHandler,
config,
bind_and_activate=False
)
assert srv.socket
assert srv.socket.family == socket.AF_INET
assert srv._context.verify_mode == ssl.CERT_NONE
config['tls_verify_client'] = True
srv = server.ForkingTLSServer(
LOCALADDR,
server.HTTPRequestHandler,
config,
bind_and_activate=False
)
assert srv._context.verify_mode == ssl.CERT_REQUIRED
config['tls_certfile'] = 'nonexisting/file'
pytest.raises(
IOError,
server.ForkingTLSServer,
LOCALADDR,
server.HTTPRequestHandler,
config,
bind_and_activate=False
) 示例11: set_cert
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def set_cert(
self,
key_file=None,
cert_file=None,
cert_reqs=None,
key_password=None,
ca_certs=None,
assert_hostname=None,
assert_fingerprint=None,
ca_cert_dir=None,
):
"""
This method should only be called once, before the connection is used.
"""
# If cert_reqs is not provided we'll assume CERT_REQUIRED unless we also
# have an SSLContext object in which case we'll use its verify_mode.
if cert_reqs is None:
if self.ssl_context is not None:
cert_reqs = self.ssl_context.verify_mode
else:
cert_reqs = resolve_cert_reqs(None)
self.key_file = key_file
self.cert_file = cert_file
self.cert_reqs = cert_reqs
self.key_password = key_password
self.assert_hostname = assert_hostname
self.assert_fingerprint = assert_fingerprint
self.ca_certs = ca_certs and os.path.expanduser(ca_certs)
self.ca_cert_dir = ca_cert_dir and os.path.expanduser(ca_cert_dir) 示例12: _build_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import CERT_REQUIRED [as 别名]
def _build_ssl_context(
disable_ssl_certificate_validation, ca_certs, cert_file=None, key_file=None,
maximum_version=None, minimum_version=None,
):
if not hasattr(ssl, "SSLContext"):
raise RuntimeError("httplib2 requires Python 3.2+ for ssl.SSLContext")
context = ssl.SSLContext(DEFAULT_TLS_VERSION)
context.verify_mode = (
ssl.CERT_NONE if disable_ssl_certificate_validation else ssl.CERT_REQUIRED
)
# SSLContext.maximum_version and SSLContext.minimum_version are python 3.7+.
# source: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.maximum_version
if maximum_version is not None:
if hasattr(context, "maximum_version"):
context.maximum_version = getattr(ssl.TLSVersion, maximum_version)
else:
raise RuntimeError("setting tls_maximum_version requires Python 3.7 and OpenSSL 1.1 or newer")
if minimum_version is not None:
if hasattr(context, "minimum_version"):
context.minimum_version = getattr(ssl.TLSVersion, minimum_version)
else:
raise RuntimeError("setting tls_minimum_version requires Python 3.7 and OpenSSL 1.1 or newer")
# check_hostname requires python 3.4+
# we will perform the equivalent in HTTPSConnectionWithTimeout.connect() by calling ssl.match_hostname
# if check_hostname is not supported.
if hasattr(context, "check_hostname"):
context.check_hostname = not disable_ssl_certificate_validation
context.load_verify_locations(ca_certs)
if cert_file:
context.load_cert_chain(cert_file, key_file)
return context