当前位置: 首页>>代码示例>>Python>>正文


Python SSLContext.load_cert_chain方法代码示例

本文整理汇总了Python中ssl.SSLContext.load_cert_chain方法的典型用法代码示例。如果您正苦于以下问题:Python SSLContext.load_cert_chain方法的具体用法?Python SSLContext.load_cert_chain怎么用?Python SSLContext.load_cert_chain使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在ssl.SSLContext的用法示例。


在下文中一共展示了SSLContext.load_cert_chain方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: ssl_wrap_socket

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
    def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None,
                        ca_certs=None, server_hostname=None,
                        ssl_version=None):
        """
        All arguments except `server_hostname` have the same meaning as for
        :func:`ssl.wrap_socket`

        :param server_hostname:
            Hostname of the expected certificate
        """
        context = SSLContext(ssl_version)
        context.verify_mode = cert_reqs

        # Disable TLS compression to migitate CRIME attack (issue #309)
        OP_NO_COMPRESSION = 0x20000
        context.options |= OP_NO_COMPRESSION

        if ca_certs:
            try:
                context.load_verify_locations(ca_certs)
            # Py32 raises IOError
            # Py33 raises FileNotFoundError
            except Exception as e:  # Reraise as SSLError
                raise SSLError(e)
        if certfile:
            # FIXME: This block needs a test.
            context.load_cert_chain(certfile, keyfile)
        if HAS_SNI:  # Platform-specific: OpenSSL with enabled SNI
            return context.wrap_socket(sock, server_hostname=server_hostname)
        return context.wrap_socket(sock)
开发者ID:2625668714,项目名称:PocHunter,代码行数:32,代码来源:ssl_.py

示例2: get_ssl_context

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
 def get_ssl_context(*args):
     """Create and return an SSLContext object."""
     certfile, keyfile, passphrase, ca_certs, cert_reqs, crlfile = args
     # Note PROTOCOL_SSLv23 is about the most misleading name imaginable.
     # This configures the server and client to negotiate the
     # highest protocol version they both support. A very good thing.
     ctx = SSLContext(ssl.PROTOCOL_SSLv23)
     if hasattr(ctx, "options"):
         # Explicitly disable SSLv2 and SSLv3. Note that up to
         # date versions of MongoDB 2.4 and above already do this,
         # python disables SSLv2 by default in >= 2.7.7 and >= 3.3.4
         # and SSLv3 in >= 3.4.3. There is no way for us to do this
         # explicitly for python 2.6 or 2.7 before 2.7.9.
         ctx.options |= getattr(ssl, "OP_NO_SSLv2", 0)
         ctx.options |= getattr(ssl, "OP_NO_SSLv3", 0)
     if certfile is not None:
         if passphrase is not None:
             vi = sys.version_info
             # Since python just added a new parameter to an existing method
             # this seems to be about the best we can do.
             if (vi[0] == 2 and vi < (2, 7, 9) or
                     vi[0] == 3 and vi < (3, 3)):
                 raise ConfigurationError(
                     "Support for ssl_pem_passphrase requires "
                     "python 2.7.9+ (pypy 2.5.1+) or 3.3+")
             ctx.load_cert_chain(certfile, keyfile, passphrase)
         else:
             ctx.load_cert_chain(certfile, keyfile)
     if crlfile is not None:
         if not hasattr(ctx, "verify_flags"):
             raise ConfigurationError(
                 "Support for ssl_crlfile requires "
                 "python 2.7.9+ (pypy 2.5.1+) or  3.4+")
         # Match the server's behavior.
         ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF
         ctx.load_verify_locations(crlfile)
     if ca_certs is not None:
         ctx.load_verify_locations(ca_certs)
     elif cert_reqs != ssl.CERT_NONE:
         # CPython >= 2.7.9 or >= 3.4.0, pypy >= 2.5.1
         if hasattr(ctx, "load_default_certs"):
             ctx.load_default_certs()
         # Python >= 3.2.0, useless on Windows.
         elif (sys.platform != "win32" and
               hasattr(ctx, "set_default_verify_paths")):
             ctx.set_default_verify_paths()
         elif sys.platform == "win32" and HAVE_WINCERTSTORE:
             with _WINCERTSLOCK:
                 if _WINCERTS is None:
                     _load_wincerts()
             ctx.load_verify_locations(_WINCERTS.name)
         elif HAVE_CERTIFI:
             ctx.load_verify_locations(certifi.where())
         else:
             raise ConfigurationError(
                 "`ssl_cert_reqs` is not ssl.CERT_NONE and no system "
                 "CA certificates could be loaded. `ssl_ca_certs` is "
                 "required.")
     ctx.verify_mode = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs
     return ctx
开发者ID:adamchainz,项目名称:mongo-python-driver,代码行数:62,代码来源:ssl_support.py

示例3: ssl_wrap_socket

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
    def ssl_wrap_socket(
        sock, keyfile=None, certfile=None, cert_reqs=None, ca_certs=None, server_hostname=None, ssl_version=None
    ):
        """
        All arguments except `server_hostname` have the same meaning as for
        :func:`ssl.wrap_socket`

        :param server_hostname:
            Hostname of the expected certificate
        """
        context = SSLContext(ssl_version)
        context.verify_mode = cert_reqs
        if ca_certs:
            try:
                context.load_verify_locations(ca_certs)
            # Py32 raises IOError
            # Py33 raises FileNotFoundError
            except Exception:  # Reraise as SSLError
                e = sys.exc_info()[1]
                raise SSLError(e)
        if certfile:
            # FIXME: This block needs a test.
            context.load_cert_chain(certfile, keyfile)
        if HAS_SNI:  # Platform-specific: OpenSSL with enabled SNI
            return context.wrap_socket(sock, server_hostname=server_hostname)
        return context.wrap_socket(sock)
开发者ID:ryfx,项目名称:modrana,代码行数:28,代码来源:util.py

示例4: sslContext

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
def sslContext(trustStore: str, keyStore: str) -> SSLContext:
    sslContext = SSLContext(PROTOCOL_TLSv1_2)
    sslContext.verify_mode = CERT_REQUIRED
    storePath = "../../certificates/"
    sslContext.load_verify_locations(storePath + trustStore)
    sslContext.load_cert_chain(storePath + keyStore, password="KeyPass")
    sslContext.set_ciphers("AES128-SHA")
    return sslContext
开发者ID:sushicutta,项目名称:yass,代码行数:10,代码来源:socket_client.py

示例5: __init__

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
    def __init__(self, server_address, HandlerClass, dir):
        super().__init__(server_address, HandlerClass, bind_and_activate=False)
        ctx = SSLContext(PROTOCOL_TLSv1)
        ctx.load_cert_chain(join(dir, 'server-cert.pem'), join(dir, 'server-key.pem'))
#        ctx.load_verify_locations(join(dir, 'ca-cert.pem'))
        self.socket = ctx.wrap_socket(self.socket, server_side=True)
        self.server_bind()
        self.server_activate()
开发者ID:andrewcooke,项目名称:n3,代码行数:10,代码来源:web.py

示例6: get_ssl_context

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
 def get_ssl_context(*args):
     """Create and return an SSLContext object."""
     certfile, keyfile, ca_certs, cert_reqs = args
     ctx = SSLContext(ssl.PROTOCOL_SSLv23)
     if certfile is not None:
         ctx.load_cert_chain(certfile, keyfile)
     if ca_certs is not None:
         ctx.load_verify_locations(ca_certs)
     if cert_reqs is not None:
         ctx.verify_mode = cert_reqs
     return ctx
开发者ID:llvtt,项目名称:mongo-python-driver,代码行数:13,代码来源:ssl_support.py

示例7: ssl_wrap_socket

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
    def ssl_wrap_socket(sock, keyfile = None, certfile = None, cert_reqs = None, ca_certs = None, server_hostname = None, ssl_version = None):
        context = SSLContext(ssl_version)
        context.verify_mode = cert_reqs
        OP_NO_COMPRESSION = 131072
        context.options |= OP_NO_COMPRESSION
        if ca_certs:
            try:
                context.load_verify_locations(ca_certs)
            except Exception as e:
                raise SSLError(e)

        if certfile:
            context.load_cert_chain(certfile, keyfile)
        if HAS_SNI:
            return context.wrap_socket(sock, server_hostname=server_hostname)
        return context.wrap_socket(sock)
开发者ID:connoryang,项目名称:dec-eve-serenity,代码行数:18,代码来源:util.py

示例8: create_server

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
def create_server(
        callback=None,
        host='127.0.0.1',
        port=8000,
        ssl=None,
        loop=None,
        **kargs
        ):
    """
    This is a function to assist in the creation of a growler HTTP server.

    @param host str: hostname or ip address on which to bind
    @param port: the port on which the server will listen
    @param ssl ssl.SSLContext: The SSLContext for using TLS over the connection
    @param loop asyncio.BaseEventLoop: The event loop to
    @param kargs: Extra parameters passed to the HTTPServer instance created.
                  If there is an ssl parameter passed to this function, kargs
                  will require the value 'key' to be present, and an optional
                  'cert' parameter to pass to load_cert_chain.
    @return An HTTPServer instance
    """

    loop = asyncio.get_event_loop() if loop is None else loop

    if ssl:
        sslctx = SSLContext(ssl.PROTOCOL_SSLv23)
        key = kargs.pop('key')
        try:
            sslctx.load_cert_chain(certfile=kargs.pop('cert'), keyfile=key)
        except KeyError:
            sslctx.load_cert_chain(certfile=key)
    else:
        sslctx = None

    # What do I use as a 'callback' here?
    srv = HTTPServer(cb=callback,
                     loop=loop,
                     ssl=sslctx,
                     host=host,
                     port=port,
                     **kargs
                     )
    return srv
开发者ID:akubera,项目名称:Growler,代码行数:45,代码来源:server.py

示例9: get_ssl_context

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
 def get_ssl_context(*args):
     """Create and return an SSLContext object."""
     certfile, keyfile, ca_certs, cert_reqs = args
     # Note PROTOCOL_SSLv23 is about the most misleading name imaginable.
     # This configures the server and client to negotiate the
     # highest protocol version they both support. A very good thing.
     ctx = SSLContext(ssl.PROTOCOL_SSLv23)
     if hasattr(ctx, "options"):
         # Explicitly disable SSLv2 and SSLv3. Note that up to
         # date versions of MongoDB 2.4 and above already do this,
         # python disables SSLv2 by default in >= 2.7.7 and >= 3.3.4
         # and SSLv3 in >= 3.4.3. There is no way for us to do this
         # explicitly for python 2.6 or 2.7 before 2.7.9.
         ctx.options |= getattr(ssl, "OP_NO_SSLv2", 0)
         ctx.options |= getattr(ssl, "OP_NO_SSLv3", 0)
     if certfile is not None:
         ctx.load_cert_chain(certfile, keyfile)
     if ca_certs is not None:
         ctx.load_verify_locations(ca_certs)
     elif cert_reqs != ssl.CERT_NONE:
         # CPython >= 2.7.9 or >= 3.4.0, pypy >= 2.5.1
         if hasattr(ctx, "load_default_certs"):
             ctx.load_default_certs()
         # Python >= 3.2.0, useless on Windows.
         elif (sys.platform != "win32" and
               hasattr(ctx, "set_default_verify_paths")):
             ctx.set_default_verify_paths()
         elif sys.platform == "win32" and HAVE_WINCERTSTORE:
             with _WINCERTSLOCK:
                 if _WINCERTS is None:
                     _load_wincerts()
             ctx.load_verify_locations(_WINCERTS.name)
         elif HAVE_CERTIFI:
             ctx.load_verify_locations(certifi.where())
         else:
             raise ConfigurationError(
                 "`ssl_cert_reqs` is not ssl.CERT_NONE and no system "
                 "CA certificates could be loaded. `ssl_ca_certs` is "
                 "required.")
     ctx.verify_mode = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs
     return ctx
开发者ID:Alpus,项目名称:Eth,代码行数:43,代码来源:ssl_support.py

示例10: ssl_wrap_socket

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None,
                    ca_certs=None, server_hostname=None,
                    ssl_version=None):
    context = SSLContext(ssl_version)
    context.verify_mode = cert_reqs

    if ca_certs:
        try:
            context.load_verify_locations(ca_certs)
        # Py32 raises IOError   
        # Py33 raises FileNotFoundError
        except Exception as e:  # Reraise as SSLError
            raise SSLError(e)

    if certfile:
        # FIXME: This block needs a test.
        context.load_cert_chain(certfile, keyfile)

    if HAS_SNI:  # Platform-specific: OpenSSL with enabled SNI
        return (context, context.wrap_socket(sock, server_hostname=server_hostname))

    return (context, context.wrap_socket(sock))
开发者ID:GShikari,项目名称:pentesttoolz,代码行数:24,代码来源:sslparser.py

示例11: ssl_wrap_socket

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
    def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=CERT_NONE,
                        ca_certs=None, server_hostname=None,
                        ssl_version=PROTOCOL_SSLv23):
        """
        All arguments except `server_hostname` have the same meaning as for
        :func:`ssl.wrap_socket`

        :param server_hostname:
            Hostname of the expected certificate
        """
        context = SSLContext(ssl_version)
        context.verify_mode = cert_reqs
        if ca_certs:
            try:
                context.load_verify_locations(ca_certs)
            except TypeError as e:  # Reraise as SSLError
                # FIXME: This block needs a test.
                raise SSLError(e)
        if certfile:
            # FIXME: This block needs a test.
            context.load_cert_chain(certfile, keyfile)
        if HAS_SNI:  # Platform-specific: OpenSSL with enabled SNI
            return context.wrap_socket(sock, server_hostname=server_hostname)
        return context.wrap_socket(sock)
开发者ID:computmaxer,项目名称:boxtrackr,代码行数:26,代码来源:util.py

示例12: get_ssl_context

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
 def get_ssl_context(*args):
     """Create and return an SSLContext object."""
     certfile, keyfile, passphrase, ca_certs, cert_reqs, crlfile = args
     # Note PROTOCOL_SSLv23 is about the most misleading name imaginable.
     # This configures the server and client to negotiate the
     # highest protocol version they both support. A very good thing.
     # PROTOCOL_TLS_CLIENT was added in CPython 3.6, deprecating
     # PROTOCOL_SSLv23.
     ctx = SSLContext(
         getattr(ssl, "PROTOCOL_TLS_CLIENT", ssl.PROTOCOL_SSLv23))
     # SSLContext.check_hostname was added in CPython 2.7.9 and 3.4.
     # PROTOCOL_TLS_CLIENT enables it by default. Using it
     # requires passing server_hostname to wrap_socket, which we already
     # do for SNI support. To support older versions of Python we have to
     # call match_hostname directly, so we disable check_hostname explicitly
     # to avoid calling match_hostname twice.
     if hasattr(ctx, "check_hostname"):
         ctx.check_hostname = False
     if hasattr(ctx, "options"):
         # Explicitly disable SSLv2, SSLv3 and TLS compression. Note that
         # up to date versions of MongoDB 2.4 and above already disable
         # SSLv2 and SSLv3, python disables SSLv2 by default in >= 2.7.7
         # and >= 3.3.4 and SSLv3 in >= 3.4.3. There is no way for us to do
         # any of this explicitly for python 2.6 or 2.7 before 2.7.9.
         ctx.options |= getattr(ssl, "OP_NO_SSLv2", 0)
         ctx.options |= getattr(ssl, "OP_NO_SSLv3", 0)
         # OpenSSL >= 1.0.0
         ctx.options |= getattr(ssl, "OP_NO_COMPRESSION", 0)
     if certfile is not None:
         try:
             if passphrase is not None:
                 vi = sys.version_info
                 # Since python just added a new parameter to an existing method
                 # this seems to be about the best we can do.
                 if (vi[0] == 2 and vi < (2, 7, 9) or
                         vi[0] == 3 and vi < (3, 3)):
                     raise ConfigurationError(
                         "Support for ssl_pem_passphrase requires "
                         "python 2.7.9+ (pypy 2.5.1+) or 3.3+")
                 ctx.load_cert_chain(certfile, keyfile, passphrase)
             else:
                 ctx.load_cert_chain(certfile, keyfile)
         except ssl.SSLError as exc:
             raise ConfigurationError(
                 "Private key doesn't match certificate: %s" % (exc,))
     if crlfile is not None:
         if not hasattr(ctx, "verify_flags"):
             raise ConfigurationError(
                 "Support for ssl_crlfile requires "
                 "python 2.7.9+ (pypy 2.5.1+) or  3.4+")
         # Match the server's behavior.
         ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF
         ctx.load_verify_locations(crlfile)
     if ca_certs is not None:
         ctx.load_verify_locations(ca_certs)
     elif cert_reqs != ssl.CERT_NONE:
         # CPython >= 2.7.9 or >= 3.4.0, pypy >= 2.5.1
         if hasattr(ctx, "load_default_certs"):
             ctx.load_default_certs()
         # Python >= 3.2.0, useless on Windows.
         elif (sys.platform != "win32" and
               hasattr(ctx, "set_default_verify_paths")):
             ctx.set_default_verify_paths()
         elif sys.platform == "win32" and HAVE_WINCERTSTORE:
             with _WINCERTSLOCK:
                 if _WINCERTS is None:
                     _load_wincerts()
             ctx.load_verify_locations(_WINCERTS.name)
         elif HAVE_CERTIFI:
             ctx.load_verify_locations(certifi.where())
         else:
             raise ConfigurationError(
                 "`ssl_cert_reqs` is not ssl.CERT_NONE and no system "
                 "CA certificates could be loaded. `ssl_ca_certs` is "
                 "required.")
     ctx.verify_mode = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs
     return ctx
开发者ID:ramnes,项目名称:mongo-python-driver,代码行数:79,代码来源:ssl_support.py

示例13: put

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
    """
    CASSH add
    """
    pubkey = request.files['file']
    username = request.form['username']
    payload = {}
    payload.update({'realname': current_user['name'], 'password': current_user['password']})
    payload.update({'username': username})
    payload.update({'pubkey': pubkey.read().decode('UTF-8')})
    try:
        req = put(APP.config['CASSH_URL'] + '/client', \
                data=payload, \
                headers=APP.config['HEADERS'], \
                verify=False)
    except ConnectionError:
        return Response('Connection error : %s' % APP.config['CASSH_URL'])
    if 'Error' in req.text:
        return Response(req.text)
    return redirect('/status')

@APP.errorhandler(404)
def page_not_found(_):
    """ Display error page """
    return render_template('404.html'), 404

if __name__ == '__main__':
    CONTEXT = SSLContext(PROTOCOL_TLSv1_2)
    CONTEXT.load_cert_chain(APP.config['SSL_PUB_KEY'], APP.config['SSL_PRIV_KEY'])
    PORT = int(getenv('PORT', APP.config['PORT']))
    APP.run(debug=APP.config['DEBUG'], host='0.0.0.0', port=PORT, ssl_context=CONTEXT)
开发者ID:nbeguier,项目名称:cassh,代码行数:32,代码来源:cassh_web.py

示例14: get_ssl_context

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
 def get_ssl_context(*args):
     """Create and return an SSLContext object."""
     (certfile,
      keyfile,
      passphrase,
      ca_certs,
      cert_reqs,
      crlfile,
      match_hostname) = args
     verify_mode = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs
     # Note PROTOCOL_SSLv23 is about the most misleading name imaginable.
     # This configures the server and client to negotiate the
     # highest protocol version they both support. A very good thing.
     # PROTOCOL_TLS_CLIENT was added in CPython 3.6, deprecating
     # PROTOCOL_SSLv23.
     ctx = SSLContext(
         getattr(ssl, "PROTOCOL_TLS_CLIENT", ssl.PROTOCOL_SSLv23))
     # SSLContext.check_hostname was added in CPython 2.7.9 and 3.4.
     # PROTOCOL_TLS_CLIENT (added in Python 3.6) enables it by default.
     if hasattr(ctx, "check_hostname"):
         if _PY37PLUS and verify_mode != ssl.CERT_NONE:
             # Python 3.7 uses OpenSSL's hostname matching implementation
             # making it the obvious version to start using this with.
             # Python 3.6 might have been a good version, but it suffers
             # from https://bugs.python.org/issue32185.
             # We'll use our bundled match_hostname for older Python
             # versions, which also supports IP address matching
             # with Python < 3.5.
             ctx.check_hostname = match_hostname
         else:
             ctx.check_hostname = False
     if hasattr(ctx, "options"):
         # Explicitly disable SSLv2, SSLv3 and TLS compression. Note that
         # up to date versions of MongoDB 2.4 and above already disable
         # SSLv2 and SSLv3, python disables SSLv2 by default in >= 2.7.7
         # and >= 3.3.4 and SSLv3 in >= 3.4.3. There is no way for us to do
         # any of this explicitly for python 2.7 before 2.7.9.
         ctx.options |= getattr(ssl, "OP_NO_SSLv2", 0)
         ctx.options |= getattr(ssl, "OP_NO_SSLv3", 0)
         # OpenSSL >= 1.0.0
         ctx.options |= getattr(ssl, "OP_NO_COMPRESSION", 0)
         # Python 3.7+ with OpenSSL >= 1.1.0h
         ctx.options |= getattr(ssl, "OP_NO_RENEGOTIATION", 0)
     if certfile is not None:
         try:
             if passphrase is not None:
                 vi = sys.version_info
                 # Since python just added a new parameter to an existing method
                 # this seems to be about the best we can do.
                 if (vi[0] == 2 and vi < (2, 7, 9) or
                         vi[0] == 3 and vi < (3, 3)):
                     raise ConfigurationError(
                         "Support for ssl_pem_passphrase requires "
                         "python 2.7.9+ (pypy 2.5.1+) or 3.3+")
                 ctx.load_cert_chain(certfile, keyfile, passphrase)
             else:
                 ctx.load_cert_chain(certfile, keyfile)
         except ssl.SSLError as exc:
             raise ConfigurationError(
                 "Private key doesn't match certificate: %s" % (exc,))
     if crlfile is not None:
         if not hasattr(ctx, "verify_flags"):
             raise ConfigurationError(
                 "Support for ssl_crlfile requires "
                 "python 2.7.9+ (pypy 2.5.1+) or  3.4+")
         # Match the server's behavior.
         ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF
         ctx.load_verify_locations(crlfile)
     if ca_certs is not None:
         ctx.load_verify_locations(ca_certs)
     elif cert_reqs != ssl.CERT_NONE:
         # CPython >= 2.7.9 or >= 3.4.0, pypy >= 2.5.1
         if hasattr(ctx, "load_default_certs"):
             ctx.load_default_certs()
         # Python >= 3.2.0, useless on Windows.
         elif (sys.platform != "win32" and
               hasattr(ctx, "set_default_verify_paths")):
             ctx.set_default_verify_paths()
         elif sys.platform == "win32" and HAVE_WINCERTSTORE:
             with _WINCERTSLOCK:
                 if _WINCERTS is None:
                     _load_wincerts()
             ctx.load_verify_locations(_WINCERTS.name)
         elif HAVE_CERTIFI:
             ctx.load_verify_locations(certifi.where())
         else:
             raise ConfigurationError(
                 "`ssl_cert_reqs` is not ssl.CERT_NONE and no system "
                 "CA certificates could be loaded. `ssl_ca_certs` is "
                 "required.")
     ctx.verify_mode = verify_mode
     return ctx
开发者ID:ShaneHarvey,项目名称:mongo-python-driver,代码行数:94,代码来源:ssl_support.py

示例15: SSLContext

# 需要导入模块: from ssl import SSLContext [as 别名]
# 或者: from ssl.SSLContext import load_cert_chain [as 别名]
from threading import Thread


# Pypy compatability
try:
    from ssl import PROTOCOL_TLSv1_2 as PROTOCOL_TLSv1
except ImportError:
    from ssl import PROTOCOL_TLSv1 as PROTOCOL_TLSv1

run_http = config["insecure"]["enabled"]
run_https = config["secure"]["enabled"]

if run_https:
    context = SSLContext(PROTOCOL_TLSv1)
    context.load_cert_chain(
        config["secure"]["cert"],
        config["secure"]["key"]
    )

if run_http and run_https:
    if config["debug"]:
        raise Warning("Cannot run in debug mode with both https and http enabled due to flask limitations.")
    Thread(
        target=app.run,
        kwargs={
            "host": config["server"]["address"],
            "port": config["secure"]["port"],
            "debug": config["debug"],
            "ssl_context": context
        }
    ).start()
    Thread(
开发者ID:FroopleXP,项目名称:BitOrb,代码行数:34,代码来源:runserver.py


注:本文中的ssl.SSLContext.load_cert_chain方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。