本文整理匯總了Python中ssl.CERT_OPTIONAL屬性的典型用法代碼示例。如果您正苦於以下問題:Python ssl.CERT_OPTIONAL屬性的具體用法?Python ssl.CERT_OPTIONAL怎麽用?Python ssl.CERT_OPTIONAL使用的例子?那麽, 這裏精選的屬性代碼示例或許可以為您提供幫助。您也可以進一步了解該屬性所在類ssl的用法示例。
在下文中一共展示了ssl.CERT_OPTIONAL屬性的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: _connect
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def _connect(self):
"""
Connects a ssl socket.
"""
self._connect_socket()
try:
ctx = ssl.create_default_context()
if not self.verify_cert:
ctx.verify_mode = ssl.CERT_OPTIONAL
if not self.verify_addr:
ctx.check_hostname = False
self._sock = ctx.wrap_socket(self._base_sock,
server_hostname=self.address)
except ssl.SSLError:
LOG.error('could not establish SSL connection')
raise ClientError('could not establish SSL connection') 示例2: __init__
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def __init__(self, ssl_keyfile=None, ssl_certfile=None, ssl_cert_reqs=None,
ssl_ca_certs=None, **kwargs):
if not ssl_available:
raise RedisError("Python wasn't built with SSL support")
super(SSLConnection, self).__init__(**kwargs)
self.keyfile = ssl_keyfile
self.certfile = ssl_certfile
if ssl_cert_reqs is None:
ssl_cert_reqs = ssl.CERT_NONE
elif isinstance(ssl_cert_reqs, basestring):
CERT_REQS = {
'none': ssl.CERT_NONE,
'optional': ssl.CERT_OPTIONAL,
'required': ssl.CERT_REQUIRED
}
if ssl_cert_reqs not in CERT_REQS:
raise RedisError(
"Invalid SSL Certificate Requirements Flag: %s" %
ssl_cert_reqs)
ssl_cert_reqs = CERT_REQS[ssl_cert_reqs]
self.cert_reqs = ssl_cert_reqs
self.ca_certs = ssl_ca_certs 示例3: _connect
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def _connect(self):
if self.server_tls:
raise Exception("TBD")
print(self.client.tls_set(self.server_tls.server_cert, cert_reqs=ssl.CERT_OPTIONAL))
print(self.client.connect(self.host, self.port))
else:
self.client.connect(self.host, self.port)
self.client.subscribe(self.topics)
def on_connect(client, userdata, flags, rc):
print("Connected with result code "+str(rc))
self.client.on_connect = on_connect
def on_publish(client, userdata, mid):
print("Successfully published mid %d" % mid)
self.client.on_publish = on_publish 示例4: __init__
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def __init__(self, keyfile=None, certfile=None,
cert_reqs=None, ca_certs=None):
self.keyfile = keyfile
self.certfile = certfile
if cert_reqs is None:
self.cert_reqs = ssl.CERT_NONE
elif isinstance(cert_reqs, str):
CERT_REQS = {
'none': ssl.CERT_NONE,
'optional': ssl.CERT_OPTIONAL,
'required': ssl.CERT_REQUIRED
}
if cert_reqs not in CERT_REQS:
raise RedisError(
"Invalid SSL Certificate Requirements Flag: %s" %
cert_reqs)
self.cert_reqs = CERT_REQS[cert_reqs]
self.ca_certs = ca_certs
self.context = None 示例5: test_cert_reqs_options
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def test_cert_reqs_options(self):
import ssl
with pytest.raises(TypeError) as e:
pool = aredis.ConnectionPool.from_url(
'rediss://?ssl_cert_reqs=none&ssl_keyfile=test')
assert e.message == 'certfile should be a valid filesystem path'
assert pool.get_connection().ssl_context.verify_mode == ssl.CERT_NONE
with pytest.raises(TypeError) as e:
pool = aredis.ConnectionPool.from_url(
'rediss://?ssl_cert_reqs=optional&ssl_keyfile=test')
assert e.message == 'certfile should be a valid filesystem path'
assert pool.get_connection().ssl_context.verify_mode == ssl.CERT_OPTIONAL
with pytest.raises(TypeError) as e:
pool = aredis.ConnectionPool.from_url(
'rediss://?ssl_cert_reqs=required&ssl_keyfile=test')
assert e.message == 'certfile should be a valid filesystem path'
assert pool.get_connection().ssl_context.verify_mode == ssl.CERT_REQUIRED 示例6: __init__
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def __init__(self, ssl_keyfile=None, ssl_certfile=None,
ssl_cert_reqs='required', ssl_ca_certs=None, **kwargs):
if not ssl_available:
raise RedisError("Python wasn't built with SSL support")
super(SSLConnection, self).__init__(**kwargs)
self.keyfile = ssl_keyfile
self.certfile = ssl_certfile
if ssl_cert_reqs is None:
ssl_cert_reqs = ssl.CERT_NONE
elif isinstance(ssl_cert_reqs, basestring):
CERT_REQS = {
'none': ssl.CERT_NONE,
'optional': ssl.CERT_OPTIONAL,
'required': ssl.CERT_REQUIRED
}
if ssl_cert_reqs not in CERT_REQS:
raise RedisError(
"Invalid SSL Certificate Requirements Flag: %s" %
ssl_cert_reqs)
ssl_cert_reqs = CERT_REQS[ssl_cert_reqs]
self.cert_reqs = ssl_cert_reqs
self.ca_certs = ssl_ca_certs 示例7: connect
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def connect(self):
# check configuration
if not (hasattr(settings, 'LDAP_SERVERS') and hasattr(settings, 'LDAP_BIND_ADMIN') and
hasattr(settings, 'LDAP_BIND_ADMIN_PASS') and hasattr(settings, 'LDAP_AD_DOMAIN')
and hasattr(settings, 'LDAP_CERT_FILE')
):
raise ImproperlyConfigured()
# first: build server pool from settings
tls = Tls(validate=ssl.CERT_OPTIONAL, version=ssl.PROTOCOL_TLSv1, ca_certs_file=settings.LDAP_CERT_FILE)
if self.pool is None:
self.pool = ServerPool(None, pool_strategy=FIRST, active=True)
for srv in settings.LDAP_SERVERS:
# Only add servers that supports SSL, impossible to make changes without
if srv['use_ssl']:
server = Server(srv['host'], srv['port'], srv['use_ssl'], tls=tls)
self.pool.add(server)
# then, try to connect with user/pass from settings
self.con = Connection(self.pool, auto_bind=True, authentication=SIMPLE,
user=settings.LDAP_BIND_ADMIN, password=settings.LDAP_BIND_ADMIN_PASS) 示例8: _ssl_cert_req_type
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def _ssl_cert_req_type(self, req_type):
try:
import ssl
except ImportError:
raise exception.ConfigurationError(_('no ssl support available'))
req_type = req_type.upper()
try:
return {
'NONE': ssl.CERT_NONE,
'OPTIONAL': ssl.CERT_OPTIONAL,
'REQUIRED': ssl.CERT_REQUIRED
}[req_type]
except KeyError:
msg = _('Invalid ssl_cert_reqs value of %s, must be one of '
'"NONE", "OPTIONAL", "REQUIRED"') % req_type
raise exception.ConfigurationError(msg) 示例9: wrap_socket
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def wrap_socket(self, sock):
try:
if self.clientcert_req:
ca_certs = self.interface[4]
cert_reqs = ssl.CERT_OPTIONAL
sock = ssl.wrap_socket(sock,
keyfile=self.interface[2],
certfile=self.interface[3],
server_side=True,
cert_reqs=cert_reqs,
ca_certs=ca_certs,
ssl_version=ssl.PROTOCOL_SSLv23)
else:
sock = ssl.wrap_socket(sock,
keyfile=self.interface[2],
certfile=self.interface[3],
server_side=True,
ssl_version=ssl.PROTOCOL_SSLv23)
except SSLError:
# Generally this happens when an HTTP request is received on a
# secure socket. We don't do anything because it will be detected
# by Worker and dealt with appropriately.
pass
return sock 示例10: create_ssl_context
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def create_ssl_context(config):
# taken from conn.py, as it adds a lot more logic to the context configuration than the initial version
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) # pylint: disable=no-member
ssl_context.options |= ssl.OP_NO_SSLv2 # pylint: disable=no-member
ssl_context.options |= ssl.OP_NO_SSLv3 # pylint: disable=no-member
ssl_context.verify_mode = ssl.CERT_OPTIONAL
if config.get('ssl_check_hostname'):
ssl_context.check_hostname = True
if config['ssl_cafile']:
ssl_context.load_verify_locations(config['ssl_cafile'])
ssl_context.verify_mode = ssl.CERT_REQUIRED
if config['ssl_certfile'] and config['ssl_keyfile']:
ssl_context.load_cert_chain(
certfile=config['ssl_certfile'], keyfile=config['ssl_keyfile'], password=config.get('ssl_password')
)
if config.get('ssl_crlfile'):
if not hasattr(ssl, 'VERIFY_CRL_CHECK_LEAF'):
raise RuntimeError('This version of Python does not support ssl_crlfile!')
ssl_context.load_verify_locations(config['ssl_crlfile'])
# pylint: disable=no-member
ssl_context.verify_flags |= ssl.VERIFY_CRL_CHECK_LEAF
if config.get('ssl_ciphers'):
ssl_context.set_ciphers(config['ssl_ciphers'])
return ssl_context 示例11: _verify_cert
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def _verify_cert(self, peercert):
"""Returns True if peercert is valid according to the configured
validation mode and hostname.
The ssl handshake already tested the certificate for a valid
CA signature; the only thing that remains is to check
the hostname.
"""
if isinstance(self._ssl_options, dict):
verify_mode = self._ssl_options.get('cert_reqs', ssl.CERT_NONE)
elif isinstance(self._ssl_options, ssl.SSLContext):
verify_mode = self._ssl_options.verify_mode
assert verify_mode in (ssl.CERT_NONE, ssl.CERT_REQUIRED, ssl.CERT_OPTIONAL)
if verify_mode == ssl.CERT_NONE or self._server_hostname is None:
return True
cert = self.socket.getpeercert()
if cert is None and verify_mode == ssl.CERT_REQUIRED:
gen_log.warning("No SSL certificate given")
return False
try:
ssl_match_hostname(peercert, self._server_hostname)
except SSLCertificateError as e:
gen_log.warning("Invalid SSL certificate: %s" % e)
return False
else:
return True 示例12: validate_cert_reqs
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def validate_cert_reqs(option, value):
"""Validate the cert reqs are valid. It must be None or one of the three
values ``ssl.CERT_NONE``, ``ssl.CERT_OPTIONAL`` or ``ssl.CERT_REQUIRED``"""
if value is None:
return value
if HAS_SSL:
if value in (ssl.CERT_NONE, ssl.CERT_OPTIONAL, ssl.CERT_REQUIRED):
return value
raise ConfigurationError("The value of %s must be one of: "
"`ssl.CERT_NONE`, `ssl.CERT_OPTIONAL` or "
"`ssl.CERT_REQUIRED" % (option,))
else:
raise ConfigurationError("The value of %s is set but can't be "
"validated. The ssl module is not available"
% (option,)) 示例13: init_https
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def init_https(self, certfile, keyfile = None, ca_certs = None, cert_reqs = NOT_SET, secure = True):
self.keyfile = keyfile
self.certfile = certfile
self.ca_certs = ca_certs
if cert_reqs is NOT_SET:
cert_reqs = ca_certs and CERT_OPTIONAL or CERT_NONE
self.cert_reqs = cert_reqs
if secure:
self.enable_https() 示例14: _verify_cert
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def _verify_cert(self, peercert: Any) -> bool:
"""Returns ``True`` if peercert is valid according to the configured
validation mode and hostname.
The ssl handshake already tested the certificate for a valid
CA signature; the only thing that remains is to check
the hostname.
"""
if isinstance(self._ssl_options, dict):
verify_mode = self._ssl_options.get("cert_reqs", ssl.CERT_NONE)
elif isinstance(self._ssl_options, ssl.SSLContext):
verify_mode = self._ssl_options.verify_mode
assert verify_mode in (ssl.CERT_NONE, ssl.CERT_REQUIRED, ssl.CERT_OPTIONAL)
if verify_mode == ssl.CERT_NONE or self._server_hostname is None:
return True
cert = self.socket.getpeercert()
if cert is None and verify_mode == ssl.CERT_REQUIRED:
gen_log.warning("No SSL certificate given")
return False
try:
ssl.match_hostname(peercert, self._server_hostname)
except ssl.CertificateError as e:
gen_log.warning("Invalid SSL certificate: %s" % e)
return False
else:
return True 示例15: __get_verify_mode
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import CERT_OPTIONAL [as 別名]
def __get_verify_mode(self):
"""Whether to try to verify other peers' certificates and how to
behave if verification fails. This attribute must be one of
ssl.CERT_NONE, ssl.CERT_OPTIONAL or ssl.CERT_REQUIRED.
"""
return self._verify_mode