本文整理匯總了Python中ssl.VERIFY_CRL_CHECK_LEAF屬性的典型用法代碼示例。如果您正苦於以下問題:Python ssl.VERIFY_CRL_CHECK_LEAF屬性的具體用法?Python ssl.VERIFY_CRL_CHECK_LEAF怎麽用?Python ssl.VERIFY_CRL_CHECK_LEAF使用的例子?那麽, 這裏精選的屬性代碼示例或許可以為您提供幫助。您也可以進一步了解該屬性所在類ssl的用法示例。
在下文中一共展示了ssl.VERIFY_CRL_CHECK_LEAF屬性的2個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: create_ssl_context
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import VERIFY_CRL_CHECK_LEAF [as 別名]
def create_ssl_context(config):
# taken from conn.py, as it adds a lot more logic to the context configuration than the initial version
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) # pylint: disable=no-member
ssl_context.options |= ssl.OP_NO_SSLv2 # pylint: disable=no-member
ssl_context.options |= ssl.OP_NO_SSLv3 # pylint: disable=no-member
ssl_context.verify_mode = ssl.CERT_OPTIONAL
if config.get('ssl_check_hostname'):
ssl_context.check_hostname = True
if config['ssl_cafile']:
ssl_context.load_verify_locations(config['ssl_cafile'])
ssl_context.verify_mode = ssl.CERT_REQUIRED
if config['ssl_certfile'] and config['ssl_keyfile']:
ssl_context.load_cert_chain(
certfile=config['ssl_certfile'], keyfile=config['ssl_keyfile'], password=config.get('ssl_password')
)
if config.get('ssl_crlfile'):
if not hasattr(ssl, 'VERIFY_CRL_CHECK_LEAF'):
raise RuntimeError('This version of Python does not support ssl_crlfile!')
ssl_context.load_verify_locations(config['ssl_crlfile'])
# pylint: disable=no-member
ssl_context.verify_flags |= ssl.VERIFY_CRL_CHECK_LEAF
if config.get('ssl_ciphers'):
ssl_context.set_ciphers(config['ssl_ciphers'])
return ssl_context 示例2: generate_ssl_context
# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import VERIFY_CRL_CHECK_LEAF [as 別名]
def generate_ssl_context(ssl_check_hostname,
ssl_cafile,
ssl_certfile,
ssl_keyfile,
ssl_password,
ssl_crlfile,
ssl_supported_protocols,
ssl_ciphers):
"""
Generate SSLContext for kafka client.
"""
log.debug('Configuring default SSL Context')
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ssl_context.options |= ssl.OP_NO_SSLv2
ssl_context.options |= ssl.OP_NO_SSLv3
ssl_context.verify_mode = ssl.CERT_OPTIONAL
if ssl_supported_protocols:
if 'TLSv1' not in ssl_supported_protocols:
ssl_context.options |= ssl.OP_NO_TLSv1
if 'TLSv1.1' not in ssl_supported_protocols:
ssl_context.options |= ssl.OP_NO_TLSv1_1
if 'TLSv1.2' not in ssl_supported_protocols:
ssl_context.options |= ssl.OP_NO_TLSv1_2
if ssl_check_hostname:
ssl_context.check_hostname = True
if ssl_cafile:
log.info('Loading SSL CA from %s', ssl_cafile)
ssl_context.load_verify_locations(ssl_cafile)
ssl_context.verify_mode = ssl.CERT_REQUIRED
else:
log.info('Loading system default SSL CAs from %s',
ssl.get_default_verify_paths())
ssl_context.load_default_certs()
if ssl_certfile and ssl_keyfile:
log.info('Loading SSL Cert from %s', ssl_certfile)
log.info('Loading SSL Key from %s', ssl_keyfile)
ssl_context.load_cert_chain(
certfile=ssl_certfile,
keyfile=ssl_keyfile,
password=ssl_password)
if ssl_crlfile:
if not hasattr(ssl, 'VERIFY_CRL_CHECK_LEAF'):
raise RuntimeError('This version of Python does not'
' support ssl_crlfile!')
log.info('Loading SSL CRL from %s', ssl_crlfile)
ssl_context.load_verify_locations(ssl_crlfile)
ssl_context.verify_flags |= ssl.VERIFY_CRL_CHECK_LEAF
if ssl_ciphers:
log.info('Setting SSL Ciphers: %s', ssl_ciphers)
ssl_context.set_ciphers(ssl_ciphers)
return ssl_context