本文整理汇总了Python中OpenSSL.SSL.Context方法的典型用法代码示例。如果您正苦于以下问题:Python SSL.Context方法的具体用法?Python SSL.Context怎么用?Python SSL.Context使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OpenSSL.SSL的用法示例。
在下文中一共展示了SSL.Context方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _auto_ssl_context
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def _auto_ssl_context():
import OpenSSL, time, random
pkey = OpenSSL.crypto.PKey()
pkey.generate_key(OpenSSL.crypto.TYPE_RSA, 768)
cert = OpenSSL.crypto.X509()
cert.set_serial_number(random.randint(0, sys.maxint))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
cert.get_subject().CN = '*'
cert.get_subject().O = 'Dummy Certificate'
cert.get_issuer().CN = 'Untrusted Authority'
cert.get_issuer().O = 'Self-Signed'
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.use_privatekey(pkey)
ctx.use_certificate(cert)
return ctx 示例2: get_ssl_context
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def get_ssl_context(cls):
if cls.ssl_context is None:
if cls.certfile is None:
raise ValueError("at least certfile must be specified")
cls.ssl_context = SSL.Context(cls.ssl_protocol)
if cls.ssl_protocol != SSL.SSLv2_METHOD:
cls.ssl_context.set_options(SSL.OP_NO_SSLv2)
else:
warnings.warn("SSLv2 protocol is insecure", RuntimeWarning)
cls.ssl_context.use_certificate_chain_file(cls.certfile)
if not cls.keyfile:
cls.keyfile = cls.certfile
cls.ssl_context.use_privatekey_file(cls.keyfile)
return cls.ssl_context
# --- overridden methods 示例3: __init__
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def __init__(self, hostname, ctx):
"""
Initialize L{ClientTLSOptions}.
@param hostname: The hostname to verify as input by a human.
@type hostname: L{unicode}
@param ctx: an L{OpenSSL.SSL.Context} to use for new connections.
@type ctx: L{OpenSSL.SSL.Context}.
"""
self._ctx = ctx
self._hostname = hostname
self._hostnameBytes = _idnaBytes(hostname)
self._hostnameASCII = self._hostnameBytes.decode("ascii")
ctx.set_info_callback(
_tolerateErrors(self._identityVerifyingInfoCallback)
) 示例4: _identityVerifyingInfoCallback
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def _identityVerifyingInfoCallback(self, connection, where, ret):
"""
U{info_callback
<http://pythonhosted.org/pyOpenSSL/api/ssl.html#OpenSSL.SSL.Context.set_info_callback>
} for pyOpenSSL that verifies the hostname in the presented certificate
matches the one passed to this L{ClientTLSOptions}.
@param connection: the connection which is handshaking.
@type connection: L{OpenSSL.SSL.Connection}
@param where: flags indicating progress through a TLS handshake.
@type where: L{int}
@param ret: ignored
@type ret: ignored
"""
if where & SSL.SSL_CB_HANDSHAKE_START:
connection.set_tlsext_host_name(self._hostnameBytes)
elif where & SSL.SSL_CB_HANDSHAKE_DONE:
try:
verifyHostname(connection, self._hostnameASCII)
except VerificationError:
f = Failure()
transport = connection.get_app_data()
transport.failVerification(f) 示例5: __init__
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def __init__(self, privateKeyFileName, certificateFileName,
sslmethod=SSL.SSLv23_METHOD, _contextFactory=SSL.Context):
"""
@param privateKeyFileName: Name of a file containing a private key
@param certificateFileName: Name of a file containing a certificate
@param sslmethod: The SSL method to use
"""
self.privateKeyFileName = privateKeyFileName
self.certificateFileName = certificateFileName
self.sslmethod = sslmethod
self._contextFactory = _contextFactory
# Create a context object right now. This is to force validation of
# the given parameters so that errors are detected earlier rather
# than later.
self.cacheContext() 示例6: test_extraChainFilesAreAddedIfSupplied
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def test_extraChainFilesAreAddedIfSupplied(self):
"""
If C{extraCertChain} is set and all prerequisites are met, the
specified chain certificates are added to C{Context}s that get
created.
"""
opts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
extraCertChain=self.extraCertChain,
)
opts._contextFactory = FakeContext
ctx = opts.getContext()
self.assertEqual(self.sKey, ctx._privateKey)
self.assertEqual(self.sCert, ctx._certificate)
self.assertEqual(self.extraCertChain, ctx._extraCertChain) 示例7: test_doesNotSwallowOtherSSLErrors
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def test_doesNotSwallowOtherSSLErrors(self):
"""
Only no cipher matches get swallowed, every other SSL error gets
propagated.
"""
def raiser(_):
# Unfortunately, there seems to be no way to trigger a real SSL
# error artificially.
raise SSL.Error([['', '', '']])
ctx = FakeContext(SSL.SSLv23_METHOD)
ctx.set_cipher_list = raiser
self.patch(sslverify.SSL, 'Context', lambda _: ctx)
self.assertRaises(
SSL.Error,
sslverify._expandCipherString, u'ALL', SSL.SSLv23_METHOD, 0
) 示例8: start_tls_server
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def start_tls_server(test, port, context_factory):
"""
Start a TLS server on the given port.
:param test: The test this is being run in.
:param int port: Port to listen on.
:param context_factory: Context factory to use.
:return: ``Deferred`` that fires when port is open to connections.
"""
server_endpoint = SSL4ServerEndpoint(reactor, port,
context_factory,
interface='127.0.0.1')
server_factory = WaitForDisconnectsFactory.forProtocol(SendingProtocol)
test.addCleanup(lambda: server_factory.wait_for_disconnects())
d = server_endpoint.listen(server_factory)
d.addCallback(lambda port: test.addCleanup(port.stopListening))
return d 示例9: __init__
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def __init__(self, hostname, ctx):
"""
Initialize L{ClientTLSOptions}.
@param hostname: The hostname to verify as input by a human.
@type hostname: L{unicode}
@param ctx: an L{OpenSSL.SSL.Context} to use for new connections.
@type ctx: L{OpenSSL.SSL.Context}.
"""
self._ctx = ctx
self._hostname = hostname
if isIPAddress(hostname) or isIPv6Address(hostname):
self._hostnameBytes = hostname.encode('ascii')
self._hostnameIsDnsName = False
else:
self._hostnameBytes = _idnaBytes(hostname)
self._hostnameIsDnsName = True
self._hostnameASCII = self._hostnameBytes.decode("ascii")
ctx.set_info_callback(
_tolerateErrors(self._identityVerifyingInfoCallback)
) 示例10: SSL_CTX_set_ecdh_auto
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def SSL_CTX_set_ecdh_auto(self, ctx, value):
"""
Record the context and value under in the C{_state} instance
variable.
@see: L{FakeLibState}
@param ctx: An SSL context.
@type ctx: L{OpenSSL.SSL.Context}
@param value: A boolean value
@type value: L{bool}
"""
self._state.ecdhContexts.append(ctx)
self._state.ecdhValues.append(value)
if self._state.setECDHAutoRaises is not None:
raise self._state.setECDHAutoRaises 示例11: test_openSSL102
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def test_openSSL102(self):
"""
OpenSSL 1.0.2 does not set ECDH curves by default, but
C{SSL_CTX_set_ecdh_auto} requests that a context choose a
secure set curves automatically.
"""
context = SSL.Context(SSL.SSLv23_METHOD)
chooser = sslverify._ChooseDiffieHellmanEllipticCurve(
self.OPENSSL_102,
openSSLlib=self.lib,
openSSLcrypto=self.crypto,
)
chooser.configureECDHCurve(context)
self.assertEqual(self.libState.ecdhContexts, [context._context])
self.assertEqual(self.libState.ecdhValues, [True])
self.assertFalse(self.cryptoState.getEllipticCurveCalls)
self.assertIsNone(self.context._ecCurve) 示例12: test_openSSL102SetECDHAutoRaises
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def test_openSSL102SetECDHAutoRaises(self):
"""
An exception raised by C{SSL_CTX_set_ecdh_auto} under OpenSSL
1.0.2 is suppressed because ECDH is best-effort.
"""
self.libState.setECDHAutoRaises = BaseException
context = SSL.Context(SSL.SSLv23_METHOD)
chooser = sslverify._ChooseDiffieHellmanEllipticCurve(
self.OPENSSL_102,
openSSLlib=self.lib,
openSSLcrypto=self.crypto,
)
chooser.configureECDHCurve(context)
self.assertEqual(self.libState.ecdhContexts, [context._context])
self.assertEqual(self.libState.ecdhValues, [True])
self.assertFalse(self.cryptoState.getEllipticCurveCalls) 示例13: test_openSSL101SetECDHRaises
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def test_openSSL101SetECDHRaises(self):
"""
An exception raised by L{OpenSSL.SSL.Context.set_tmp_ecdh}
under OpenSSL 1.0.1 is suppressed because ECHDE is best-effort.
"""
def set_tmp_ecdh(ctx):
raise BaseException
self.context.set_tmp_ecdh = set_tmp_ecdh
chooser = sslverify._ChooseDiffieHellmanEllipticCurve(
self.OPENSSL_101,
openSSLlib=self.lib,
openSSLcrypto=self.crypto,
)
chooser.configureECDHCurve(self.context)
self.assertFalse(self.libState.ecdhContexts)
self.assertFalse(self.libState.ecdhValues)
self.assertEqual(
self.cryptoState.getEllipticCurveCalls,
[sslverify._defaultCurveName],
) 示例14: wrapClientConnection
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def wrapClientConnection(self, cert='/tmp/impacket.crt'):
# Create a context, we don't really care about the SSL/TLS
# versions used since it is only intended for local use and thus
# doesn't have to be super-secure
ctx = SSL.Context(SSL.SSLv23_METHOD)
try:
ctx.use_privatekey_file(cert)
ctx.use_certificate_file(cert)
except SSL.Error:
LOG.info('SSL requested - generating self-signed certificate in /tmp/impacket.crt')
generateImpacketCert(cert)
ctx.use_privatekey_file(cert)
ctx.use_certificate_file(cert)
sslSocket = SSL.Connection(ctx, self.socksSocket)
sslSocket.set_accept_state()
# Now set this property back to the SSL socket instead of the regular one
self.socksSocket = sslSocket 示例15: send_init_packets
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import Context [as 别名]
def send_init_packets(host):
tpkt = TPKT()
tpdu = TPDU()
rdp_neg = RDP_NEG_REQ()
rdp_neg['Type'] = 1
rdp_neg['requestedProtocols'] = 1
tpdu['VariablePart'] = rdp_neg.getData()
tpdu['Code'] = 0xe0
tpkt['TPDU'] = tpdu.getData()
s = socket.socket()
s.connect((host, 3389))
s.sendall(tpkt.getData())
s.recv(8192)
ctx = SSL.Context(SSL.TLSv1_METHOD)
tls = SSL.Connection(ctx,s)
tls.set_connect_state()
tls.do_handshake()
return tls
# This can be fixed length now buttfuckit