本文整理汇总了Python中ssl.VERIFY_CRL_CHECK_LEAF属性的典型用法代码示例。如果您正苦于以下问题:Python ssl.VERIFY_CRL_CHECK_LEAF属性的具体用法?Python ssl.VERIFY_CRL_CHECK_LEAF怎么用?Python ssl.VERIFY_CRL_CHECK_LEAF使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类ssl的用法示例。
在下文中一共展示了ssl.VERIFY_CRL_CHECK_LEAF属性的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: create_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import VERIFY_CRL_CHECK_LEAF [as 别名]
def create_ssl_context(config):
# taken from conn.py, as it adds a lot more logic to the context configuration than the initial version
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) # pylint: disable=no-member
ssl_context.options |= ssl.OP_NO_SSLv2 # pylint: disable=no-member
ssl_context.options |= ssl.OP_NO_SSLv3 # pylint: disable=no-member
ssl_context.verify_mode = ssl.CERT_OPTIONAL
if config.get('ssl_check_hostname'):
ssl_context.check_hostname = True
if config['ssl_cafile']:
ssl_context.load_verify_locations(config['ssl_cafile'])
ssl_context.verify_mode = ssl.CERT_REQUIRED
if config['ssl_certfile'] and config['ssl_keyfile']:
ssl_context.load_cert_chain(
certfile=config['ssl_certfile'], keyfile=config['ssl_keyfile'], password=config.get('ssl_password')
)
if config.get('ssl_crlfile'):
if not hasattr(ssl, 'VERIFY_CRL_CHECK_LEAF'):
raise RuntimeError('This version of Python does not support ssl_crlfile!')
ssl_context.load_verify_locations(config['ssl_crlfile'])
# pylint: disable=no-member
ssl_context.verify_flags |= ssl.VERIFY_CRL_CHECK_LEAF
if config.get('ssl_ciphers'):
ssl_context.set_ciphers(config['ssl_ciphers'])
return ssl_context 示例2: generate_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import VERIFY_CRL_CHECK_LEAF [as 别名]
def generate_ssl_context(ssl_check_hostname,
ssl_cafile,
ssl_certfile,
ssl_keyfile,
ssl_password,
ssl_crlfile,
ssl_supported_protocols,
ssl_ciphers):
"""
Generate SSLContext for kafka client.
"""
log.debug('Configuring default SSL Context')
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ssl_context.options |= ssl.OP_NO_SSLv2
ssl_context.options |= ssl.OP_NO_SSLv3
ssl_context.verify_mode = ssl.CERT_OPTIONAL
if ssl_supported_protocols:
if 'TLSv1' not in ssl_supported_protocols:
ssl_context.options |= ssl.OP_NO_TLSv1
if 'TLSv1.1' not in ssl_supported_protocols:
ssl_context.options |= ssl.OP_NO_TLSv1_1
if 'TLSv1.2' not in ssl_supported_protocols:
ssl_context.options |= ssl.OP_NO_TLSv1_2
if ssl_check_hostname:
ssl_context.check_hostname = True
if ssl_cafile:
log.info('Loading SSL CA from %s', ssl_cafile)
ssl_context.load_verify_locations(ssl_cafile)
ssl_context.verify_mode = ssl.CERT_REQUIRED
else:
log.info('Loading system default SSL CAs from %s',
ssl.get_default_verify_paths())
ssl_context.load_default_certs()
if ssl_certfile and ssl_keyfile:
log.info('Loading SSL Cert from %s', ssl_certfile)
log.info('Loading SSL Key from %s', ssl_keyfile)
ssl_context.load_cert_chain(
certfile=ssl_certfile,
keyfile=ssl_keyfile,
password=ssl_password)
if ssl_crlfile:
if not hasattr(ssl, 'VERIFY_CRL_CHECK_LEAF'):
raise RuntimeError('This version of Python does not'
' support ssl_crlfile!')
log.info('Loading SSL CRL from %s', ssl_crlfile)
ssl_context.load_verify_locations(ssl_crlfile)
ssl_context.verify_flags |= ssl.VERIFY_CRL_CHECK_LEAF
if ssl_ciphers:
log.info('Setting SSL Ciphers: %s', ssl_ciphers)
ssl_context.set_ciphers(ssl_ciphers)
return ssl_context