本文整理汇总了Python中ssl.html方法的典型用法代码示例。如果您正苦于以下问题:Python ssl.html方法的具体用法?Python ssl.html怎么用?Python ssl.html使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ssl的用法示例。
在下文中一共展示了ssl.html方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_ssl_certificate
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import html [as 别名]
def get_ssl_certificate(self, binary_form=False):
"""Returns the client's SSL certificate, if any.
To use client certificates, the HTTPServer must have been constructed
with cert_reqs set in ssl_options, e.g.::
server = HTTPServer(app,
ssl_options=dict(
certfile="foo.crt",
keyfile="foo.key",
cert_reqs=ssl.CERT_REQUIRED,
ca_certs="cacert.crt"))
By default, the return value is a dictionary (or None, if no
client certificate is present). If ``binary_form`` is true, a
DER-encoded form of the certificate is returned instead. See
SSLSocket.getpeercert() in the standard library for more
details.
http://docs.python.org/library/ssl.html#sslsocket-objects
"""
try:
return self.connection.stream.socket.getpeercert(
binary_form=binary_form)
except ssl.SSLError:
return None 示例2: set_cert_credentials_provider
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import html [as 别名]
def set_cert_credentials_provider(self, cert_credentials_provider):
# History issue from Yun SDK where AR9331 embedded Linux only have Python 2.7.3
# pre-installed. In this version, TLSv1_2 is not even an option.
# SSLv23 is a work-around which selects the highest TLS version between the client
# and service. If user installs opensslv1.0.1+, this option will work fine for Mutual
# Auth.
# Note that we cannot force TLSv1.2 for Mutual Auth. in Python 2.7.3 and TLS support
# in Python only starts from Python2.7.
# See also: https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_SSLv23
if self._use_wss:
ca_path = cert_credentials_provider.get_ca_path()
self._paho_client.tls_set(ca_certs=ca_path, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_SSLv23)
else:
ca_path = cert_credentials_provider.get_ca_path()
cert_path = cert_credentials_provider.get_cert_path()
key_path = cert_credentials_provider.get_key_path()
self._paho_client.tls_set(ca_certs=ca_path,certfile=cert_path, keyfile=key_path,
cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_SSLv23) 示例3: get_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import html [as 别名]
def get_ssl_context(path):
'''Construct SSLContext object'''
# Best practice according to http://docs.python.org/3/library/ssl.html#protocol-versions
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.options |= ssl.OP_NO_SSLv2
context.verify_mode = ssl.CERT_REQUIRED
if path is None:
log.debug('Reading default CA certificates.')
context.set_default_verify_paths()
elif os.path.isfile(path):
log.debug('Reading CA certificates from file %s', path)
context.load_verify_locations(cafile=path)
else:
log.debug('Reading CA certificates from directory %s', path)
context.load_verify_locations(capath=path)
return context 示例4: _build_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import html [as 别名]
def _build_ssl_context(
disable_ssl_certificate_validation, ca_certs, cert_file=None, key_file=None,
maximum_version=None, minimum_version=None,
):
if not hasattr(ssl, "SSLContext"):
raise RuntimeError("httplib2 requires Python 3.2+ for ssl.SSLContext")
context = ssl.SSLContext(DEFAULT_TLS_VERSION)
context.verify_mode = (
ssl.CERT_NONE if disable_ssl_certificate_validation else ssl.CERT_REQUIRED
)
# SSLContext.maximum_version and SSLContext.minimum_version are python 3.7+.
# source: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.maximum_version
if maximum_version is not None:
if hasattr(context, "maximum_version"):
context.maximum_version = getattr(ssl.TLSVersion, maximum_version)
else:
raise RuntimeError("setting tls_maximum_version requires Python 3.7 and OpenSSL 1.1 or newer")
if minimum_version is not None:
if hasattr(context, "minimum_version"):
context.minimum_version = getattr(ssl.TLSVersion, minimum_version)
else:
raise RuntimeError("setting tls_minimum_version requires Python 3.7 and OpenSSL 1.1 or newer")
# check_hostname requires python 3.4+
# we will perform the equivalent in HTTPSConnectionWithTimeout.connect() by calling ssl.match_hostname
# if check_hostname is not supported.
if hasattr(context, "check_hostname"):
context.check_hostname = not disable_ssl_certificate_validation
context.load_verify_locations(ca_certs)
if cert_file:
context.load_cert_chain(cert_file, key_file)
return context 示例5: create_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import html [as 别名]
def create_ssl_context(**kwargs):
"""
A helper function around creating an SSL context
https://docs.python.org/3/library/ssl.html#context-creation
Accepts kwargs in the same manner as `create_default_context`.
"""
ctx = ssl.create_default_context(**kwargs)
return ctx 示例6: tls_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import html [as 别名]
def tls_context(self):
if self._tls_context is None:
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext
# https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS
self._tls_context = ssl.SSLContext(protocol=PROTOCOL_TLS_CLIENT)
# Run our own validation later on if need be
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname
#
# IMPORTANT: This must be set before verify_mode in Python 3.7+, see:
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname
self._tls_context.check_hostname = False
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.verify_mode
self._tls_context.verify_mode = ssl.CERT_REQUIRED if self._validate_cert else ssl.CERT_NONE
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations
if self._cafile or self._capath: # no cov
self._tls_context.load_verify_locations(self._cafile, self._capath, None)
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_default_certs
else:
self._tls_context.load_default_certs(ssl.Purpose.SERVER_AUTH)
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain
if self._cert: # no cov
self._tls_context.load_cert_chain(self._cert, keyfile=self._private_key)
# https://docs.python.org/3/library/ssl.html#ssl.create_default_context
if 'SSLv3' in self._allowed_versions: # no cov
self._tls_context.options &= ~ssl.OP_NO_SSLv3
return self._tls_context 示例7: check_remote
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import html [as 别名]
def check_remote(self, instance):
if not self._server:
raise ConfigurationError('You must specify `server` in your configuration file.')
try:
sock = self.create_connection()
except Exception as e:
self.service_check(self.SERVICE_CHECK_CAN_CONNECT, self.CRITICAL, tags=self._tags, message=str(e))
return
else:
self.service_check(self.SERVICE_CHECK_CAN_CONNECT, self.OK, tags=self._tags)
# Get the cert & TLS version from the connection
with closing(sock):
try:
with closing(self.tls_context.wrap_socket(sock, server_hostname=self._server_hostname)) as secure_sock:
der_cert = secure_sock.getpeercert(binary_form=True)
protocol_version = secure_sock.version()
except Exception as e:
# https://docs.python.org/3/library/ssl.html#ssl.SSLCertVerificationError
err_code = getattr(e, 'verify_code', None)
message = getattr(e, 'verify_message', str(e))
self.service_check(self.SERVICE_CHECK_VALIDATION, self.CRITICAL, tags=self._tags, message=message)
# There's no sane way to tell it to not validate just the expiration
# This only works on Python 3.7+, see: https://bugs.python.org/issue28182
# https://github.com/openssl/openssl/blob/0b45d8eec051fd9816b6bf46a975fa461ffc983d/include/openssl/x509_vfy.h#L109
if err_code == 10:
self.service_check(
self.SERVICE_CHECK_EXPIRATION, self.CRITICAL, tags=self._tags, message='Certificate has expired'
)
return
# Load https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate
try:
cert = load_der_x509_certificate(der_cert, default_backend())
except Exception as e:
self.service_check(
self.SERVICE_CHECK_VALIDATION,
self.CRITICAL,
tags=self._tags,
message='Unable to parse the certificate: {}'.format(e),
)
return
self.check_protocol_version(protocol_version)
self.validate_certificate(cert)
self.check_age(cert) 示例8: get_connection
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import html [as 别名]
def get_connection(self):
connection_options = {
'database': self._db,
'host': self._server,
'port': self._port,
'user': self._username,
'password': self._password,
'backup_server_node': self._backup_servers,
'connection_load_balance': self._connection_load_balance,
'connection_timeout': self._timeout,
}
if self._client_lib_log_level:
connection_options['log_level'] = self._client_lib_log_level
# log_path is required by vertica client for using logging
# when log_path is set to '', vertica won't log to a file
# but we still get logs via parent root logger
connection_options['log_path'] = ''
if self._tls_verify: # no cov
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext
# https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS
tls_context = ssl.SSLContext(protocol=PROTOCOL_TLS_CLIENT)
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.verify_mode
tls_context.verify_mode = ssl.CERT_REQUIRED
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname
tls_context.check_hostname = self._validate_hostname
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations
if self._cafile or self._capath:
tls_context.load_verify_locations(self._cafile, self._capath, None)
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_default_certs
else:
tls_context.load_default_certs(ssl.Purpose.SERVER_AUTH)
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain
if self._cert:
tls_context.load_cert_chain(self._cert, keyfile=self._private_key)
connection_options['ssl'] = tls_context
try:
connection = vertica.connect(**connection_options)
except Exception as e:
self.log.error('Unable to connect to database `%s` as user `%s`: %s', self._db, self._username, e)
self.service_check(self.SERVICE_CHECK_CONNECT, self.CRITICAL, tags=self._tags)
else:
self.service_check(self.SERVICE_CHECK_CONNECT, self.OK, tags=self._tags)
return connection 示例9: make_secure_ssl_client_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import html [as 别名]
def make_secure_ssl_client_context(
ca_cert=None, client_cert=None, client_key=None, check_hostname=True, protocol=ssl.PROTOCOL_TLS,
):
"""Creates a secure ssl context for integration that requires one.
:param str ca_cert: Path to a file of concatenated CA certificates in PEM format or to a directory containing
several CA certificates in PEM format
:param str client_cert: Path to a single file in PEM format containing the certificate as well as any number of
CA certificates needed to establish the certificate's authenticity.
:param str client_key: Must point to a file containing the private key. Otherwise the private key will be taken
from certfile as well.
:param bool check_hostname: Whether to match the peer cert's hostname
:param int protocol: Client side protocol (should be one of the `ssl.PROTOCOL_*` constants)
By default selects the highest protocol version possible.
:rtype ssl.Context
"""
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext
# https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS
context = ssl.SSLContext(protocol=protocol)
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.verify_mode
context.verify_mode = ssl.CERT_REQUIRED
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname
context.check_hostname = check_hostname
ca_file, ca_path = None, None
if os.path.isdir(ca_cert):
ca_path = ca_cert
elif os.path.isfile(ca_cert):
ca_file = ca_cert
else:
raise ConfigurationError("Specified tls_ca_cert: {} should be a valid file or directory.".format(ca_cert))
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations
if ca_file or ca_path:
context.load_verify_locations(ca_file, ca_path, None)
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_default_certs
else:
context.load_default_certs(ssl.Purpose.SERVER_AUTH)
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain
if client_cert:
# If client_key is not defined, load_cert_chain reads the key from the client_cert
context.load_cert_chain(client_cert, keyfile=client_key)
return context