本文整理汇总了Python中OpenSSL.SSL.SSLv23_METHOD方法的典型用法代码示例。如果您正苦于以下问题:Python SSL.SSLv23_METHOD方法的具体用法?Python SSL.SSLv23_METHOD怎么用?Python SSL.SSLv23_METHOD使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OpenSSL.SSL的用法示例。
在下文中一共展示了SSL.SSLv23_METHOD方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __init__
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def __init__(self, privateKeyFileName, certificateFileName,
sslmethod=SSL.SSLv23_METHOD, _contextFactory=SSL.Context):
"""
@param privateKeyFileName: Name of a file containing a private key
@param certificateFileName: Name of a file containing a certificate
@param sslmethod: The SSL method to use
"""
self.privateKeyFileName = privateKeyFileName
self.certificateFileName = certificateFileName
self.sslmethod = sslmethod
self._contextFactory = _contextFactory
# Create a context object right now. This is to force validation of
# the given parameters so that errors are detected earlier rather
# than later.
self.cacheContext() 示例2: test_methodIsDeprecated
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_methodIsDeprecated(self):
"""
Passing C{method} to L{sslverify.OpenSSLCertificateOptions} is
deprecated.
"""
sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
method=SSL.SSLv23_METHOD,
)
message = ("Passing method to twisted.internet.ssl.CertificateOptions "
"was deprecated in Twisted 17.1.0. Please use a "
"combination of insecurelyLowerMinimumTo, raiseMinimumTo, "
"and lowerMaximumSecurityTo instead, as Twisted will "
"correctly configure the method.")
warnings = self.flushWarnings([self.test_methodIsDeprecated])
self.assertEqual(1, len(warnings))
self.assertEqual(DeprecationWarning, warnings[0]['category'])
self.assertEqual(message, warnings[0]['message']) 示例3: test_tlsProtocolsNoMethodWithAtLeast
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_tlsProtocolsNoMethodWithAtLeast(self):
"""
Passing C{raiseMinimumTo} along with C{method} to
L{sslverify.OpenSSLCertificateOptions} will cause it to raise an
exception.
"""
with self.assertRaises(TypeError) as e:
sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
method=SSL.SSLv23_METHOD,
raiseMinimumTo=sslverify.TLSVersion.TLSv1_2,
)
# Best error message
self.assertEqual(e.exception.args, ("nope",)) 示例4: test_tlsProtocolsNoMethodWithMinimum
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_tlsProtocolsNoMethodWithMinimum(self):
"""
Passing C{insecurelyLowerMinimumTo} along with C{method} to
L{sslverify.OpenSSLCertificateOptions} will cause it to raise an
exception.
"""
with self.assertRaises(TypeError) as e:
sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
method=SSL.SSLv23_METHOD,
insecurelyLowerMinimumTo=sslverify.TLSVersion.TLSv1_2,
)
# Best error message
self.assertEqual(e.exception.args, ("nope",)) 示例5: test_tlsProtocolsNoMethodWithMaximum
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_tlsProtocolsNoMethodWithMaximum(self):
"""
Passing C{lowerMaximumSecurityTo} along with C{method} to
L{sslverify.OpenSSLCertificateOptions} will cause it to raise an
exception.
"""
with self.assertRaises(TypeError) as e:
sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
method=SSL.SSLv23_METHOD,
lowerMaximumSecurityTo=sslverify.TLSVersion.TLSv1_2,
)
# Best error message
self.assertEqual(e.exception.args, ("nope",)) 示例6: test_doesNotSwallowOtherSSLErrors
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_doesNotSwallowOtherSSLErrors(self):
"""
Only no cipher matches get swallowed, every other SSL error gets
propagated.
"""
def raiser(_):
# Unfortunately, there seems to be no way to trigger a real SSL
# error artificially.
raise SSL.Error([['', '', '']])
ctx = FakeContext(SSL.SSLv23_METHOD)
ctx.set_cipher_list = raiser
self.patch(sslverify.SSL, 'Context', lambda _: ctx)
self.assertRaises(
SSL.Error,
sslverify._expandCipherString, u'ALL', SSL.SSLv23_METHOD, 0
) 示例7: test_tlsProtocolsNoMethodWithAtLeast
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_tlsProtocolsNoMethodWithAtLeast(self):
"""
Passing C{raiseMinimumTo} along with C{method} to
L{sslverify.OpenSSLCertificateOptions} will cause it to raise an
exception.
"""
with self.assertRaises(TypeError) as e:
sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
method=SSL.SSLv23_METHOD,
raiseMinimumTo=sslverify.TLSVersion.TLSv1_2,
)
self.assertIn('method', e.exception.args[0])
self.assertIn('raiseMinimumTo', e.exception.args[0])
self.assertIn('exclusive', e.exception.args[0]) 示例8: test_tlsProtocolsNoMethodWithMinimum
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_tlsProtocolsNoMethodWithMinimum(self):
"""
Passing C{insecurelyLowerMinimumTo} along with C{method} to
L{sslverify.OpenSSLCertificateOptions} will cause it to raise an
exception.
"""
with self.assertRaises(TypeError) as e:
sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
method=SSL.SSLv23_METHOD,
insecurelyLowerMinimumTo=sslverify.TLSVersion.TLSv1_2,
)
self.assertIn('method', e.exception.args[0])
self.assertIn('insecurelyLowerMinimumTo', e.exception.args[0])
self.assertIn('exclusive', e.exception.args[0]) 示例9: test_openSSL102SetECDHAutoRaises
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_openSSL102SetECDHAutoRaises(self):
"""
An exception raised by C{SSL_CTX_set_ecdh_auto} under OpenSSL
1.0.2 is suppressed because ECDH is best-effort.
"""
self.libState.setECDHAutoRaises = BaseException
context = SSL.Context(SSL.SSLv23_METHOD)
chooser = sslverify._ChooseDiffieHellmanEllipticCurve(
self.OPENSSL_102,
openSSLlib=self.lib,
openSSLcrypto=self.crypto,
)
chooser.configureECDHCurve(context)
self.assertEqual(self.libState.ecdhContexts, [context._context])
self.assertEqual(self.libState.ecdhValues, [True])
self.assertFalse(self.cryptoState.getEllipticCurveCalls) 示例10: get_context
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def get_context(self):
"""Return an SSL.Context from self attributes."""
# See http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/442473
c = SSL.Context(SSL.SSLv23_METHOD)
c.use_privatekey_file(self.private_key)
if self.certificate_chain:
c.load_verify_locations(self.certificate_chain)
c.use_certificate_file(self.certificate)
return c 示例11: _getCertificateOptions
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def _getCertificateOptions(self, hostname, port):
"""
Return a L{CertificateOptions}.
@param hostname: ignored
@param port: ignored
@return: A new CertificateOptions instance.
@rtype: L{CertificateOptions}
"""
return CertificateOptions(
method=SSL.SSLv23_METHOD,
trustRoot=platformTrust()
) 示例12: protocolNegotiationMechanisms
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def protocolNegotiationMechanisms():
"""
Checks whether your versions of PyOpenSSL and OpenSSL are recent enough to
support protocol negotiation, and if they are, what kind of protocol
negotiation is supported.
@return: A combination of flags from L{ProtocolNegotiationSupport} that
indicate which mechanisms for protocol negotiation are supported.
@rtype: L{constantly.FlagConstant}
"""
support = ProtocolNegotiationSupport.NOSUPPORT
ctx = SSL.Context(SSL.SSLv23_METHOD)
try:
ctx.set_npn_advertise_callback(lambda c: None)
except (AttributeError, NotImplementedError):
pass
else:
support |= ProtocolNegotiationSupport.NPN
try:
ctx.set_alpn_select_callback(lambda c: None)
except (AttributeError, NotImplementedError):
pass
else:
support |= ProtocolNegotiationSupport.ALPN
return support 示例13: fromOpenSSLCipherString
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def fromOpenSSLCipherString(cls, cipherString):
"""
Create a new instance using an OpenSSL cipher string.
@param cipherString: An OpenSSL cipher string that describes what
cipher suites are acceptable.
See the documentation of U{OpenSSL
<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS>} or
U{Apache
<http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite>}
for details.
@type cipherString: L{unicode}
@return: Instance representing C{cipherString}.
@rtype: L{twisted.internet.ssl.AcceptableCiphers}
"""
return cls(_expandCipherString(
nativeString(cipherString),
SSL.SSLv23_METHOD, SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
)
# A secure default.
# Sources for more information on TLS ciphers:
#
# - https://wiki.mozilla.org/Security/Server_Side_TLS
# - https://www.ssllabs.com/projects/best-practices/index.html
# - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
#
# The general intent is:
# - Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE),
# - prefer ECDHE over DHE for better performance,
# - prefer any AES-GCM and ChaCha20 over any AES-CBC for better performance and
# security,
# - prefer AES-GCM to ChaCha20 because AES hardware support is common,
# - disable NULL authentication, MD5 MACs and DSS for security reasons.
# 示例14: test_method
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_method(self):
"""
L{ssl.DefaultOpenSSLContextFactory.getContext} returns an SSL context
which can use SSLv3 or TLSv1 but not SSLv2.
"""
# SSLv23_METHOD allows SSLv2, SSLv3, or TLSv1
self.assertEqual(self.context._method, SSL.SSLv23_METHOD)
# And OP_NO_SSLv2 disables the SSLv2 support.
self.assertTrue(self.context._options & SSL.OP_NO_SSLv2)
# Make sure SSLv3 and TLSv1 aren't disabled though.
self.assertFalse(self.context._options & SSL.OP_NO_SSLv3)
self.assertFalse(self.context._options & SSL.OP_NO_TLSv1) 示例15: test_certificateOptionsSerialization
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import SSLv23_METHOD [as 别名]
def test_certificateOptionsSerialization(self):
"""
Test that __setstate__(__getstate__()) round-trips properly.
"""
firstOpts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
method=SSL.SSLv23_METHOD,
verify=True,
caCerts=[self.sCert],
verifyDepth=2,
requireCertificate=False,
verifyOnce=False,
enableSingleUseKeys=False,
enableSessions=False,
fixBrokenPeers=True,
enableSessionTickets=True)
context = firstOpts.getContext()
self.assertIs(context, firstOpts._context)
self.assertIsNotNone(context)
state = firstOpts.__getstate__()
self.assertNotIn("_context", state)
opts = sslverify.OpenSSLCertificateOptions()
opts.__setstate__(state)
self.assertEqual(opts.privateKey, self.sKey)
self.assertEqual(opts.certificate, self.sCert)
self.assertEqual(opts.method, SSL.SSLv23_METHOD)
self.assertTrue(opts.verify)
self.assertEqual(opts.caCerts, [self.sCert])
self.assertEqual(opts.verifyDepth, 2)
self.assertFalse(opts.requireCertificate)
self.assertFalse(opts.verifyOnce)
self.assertFalse(opts.enableSingleUseKeys)
self.assertFalse(opts.enableSessions)
self.assertTrue(opts.fixBrokenPeers)
self.assertTrue(opts.enableSessionTickets)