當前位置: 首頁>>代碼示例>>Python>>正文


Python ssl.html方法代碼示例

本文整理匯總了Python中ssl.html方法的典型用法代碼示例。如果您正苦於以下問題:Python ssl.html方法的具體用法?Python ssl.html怎麽用?Python ssl.html使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在ssl的用法示例。


在下文中一共展示了ssl.html方法的9個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: get_ssl_certificate

# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import html [as 別名]
def get_ssl_certificate(self, binary_form=False):
        """Returns the client's SSL certificate, if any.

        To use client certificates, the HTTPServer must have been constructed
        with cert_reqs set in ssl_options, e.g.::

            server = HTTPServer(app,
                ssl_options=dict(
                    certfile="foo.crt",
                    keyfile="foo.key",
                    cert_reqs=ssl.CERT_REQUIRED,
                    ca_certs="cacert.crt"))

        By default, the return value is a dictionary (or None, if no
        client certificate is present).  If ``binary_form`` is true, a
        DER-encoded form of the certificate is returned instead.  See
        SSLSocket.getpeercert() in the standard library for more
        details.
        http://docs.python.org/library/ssl.html#sslsocket-objects
        """
        try:
            return self.connection.stream.socket.getpeercert(
                binary_form=binary_form)
        except ssl.SSLError:
            return None 
開發者ID:viewfinderco,項目名稱:viewfinder,代碼行數:27,代碼來源:httpserver.py

示例2: set_cert_credentials_provider

# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import html [as 別名]
def set_cert_credentials_provider(self, cert_credentials_provider):
        # History issue from Yun SDK where AR9331 embedded Linux only have Python 2.7.3
        # pre-installed. In this version, TLSv1_2 is not even an option.
        # SSLv23 is a work-around which selects the highest TLS version between the client
        # and service. If user installs opensslv1.0.1+, this option will work fine for Mutual
        # Auth.
        # Note that we cannot force TLSv1.2 for Mutual Auth. in Python 2.7.3 and TLS support
        # in Python only starts from Python2.7.
        # See also: https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_SSLv23
        if self._use_wss:
            ca_path = cert_credentials_provider.get_ca_path()
            self._paho_client.tls_set(ca_certs=ca_path, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_SSLv23)
        else:
            ca_path = cert_credentials_provider.get_ca_path()
            cert_path = cert_credentials_provider.get_cert_path()
            key_path = cert_credentials_provider.get_key_path()
            self._paho_client.tls_set(ca_certs=ca_path,certfile=cert_path, keyfile=key_path,
                                      cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_SSLv23) 
開發者ID:aws,項目名稱:aws-iot-device-sdk-python,代碼行數:20,代碼來源:clients.py

示例3: get_ssl_context

# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import html [as 別名]
def get_ssl_context(path):
    '''Construct SSLContext object'''

    # Best practice according to http://docs.python.org/3/library/ssl.html#protocol-versions
    context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
    context.options |= ssl.OP_NO_SSLv2
    context.verify_mode = ssl.CERT_REQUIRED

    if path is None:
        log.debug('Reading default CA certificates.')
        context.set_default_verify_paths()
    elif os.path.isfile(path):
        log.debug('Reading CA certificates from file %s', path)
        context.load_verify_locations(cafile=path)
    else:
        log.debug('Reading CA certificates from directory %s', path)
        context.load_verify_locations(capath=path)

    return context 
開發者ID:s3ql,項目名稱:s3ql,代碼行數:21,代碼來源:common.py

示例4: _build_ssl_context

# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import html [as 別名]
def _build_ssl_context(
    disable_ssl_certificate_validation, ca_certs, cert_file=None, key_file=None,
    maximum_version=None, minimum_version=None,
):
    if not hasattr(ssl, "SSLContext"):
        raise RuntimeError("httplib2 requires Python 3.2+ for ssl.SSLContext")

    context = ssl.SSLContext(DEFAULT_TLS_VERSION)
    context.verify_mode = (
        ssl.CERT_NONE if disable_ssl_certificate_validation else ssl.CERT_REQUIRED
    )

    # SSLContext.maximum_version and SSLContext.minimum_version are python 3.7+.
    # source: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.maximum_version
    if maximum_version is not None:
        if hasattr(context, "maximum_version"):
            context.maximum_version = getattr(ssl.TLSVersion, maximum_version)
        else:
            raise RuntimeError("setting tls_maximum_version requires Python 3.7 and OpenSSL 1.1 or newer")
    if minimum_version is not None:
        if hasattr(context, "minimum_version"):
            context.minimum_version = getattr(ssl.TLSVersion, minimum_version)
        else:
            raise RuntimeError("setting tls_minimum_version requires Python 3.7 and OpenSSL 1.1 or newer")

    # check_hostname requires python 3.4+
    # we will perform the equivalent in HTTPSConnectionWithTimeout.connect() by calling ssl.match_hostname
    # if check_hostname is not supported.
    if hasattr(context, "check_hostname"):
        context.check_hostname = not disable_ssl_certificate_validation

    context.load_verify_locations(ca_certs)

    if cert_file:
        context.load_cert_chain(cert_file, key_file)

    return context 
開發者ID:remg427,項目名稱:misp42splunk,代碼行數:39,代碼來源:__init__.py

示例5: create_ssl_context

# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import html [as 別名]
def create_ssl_context(**kwargs):
    """
    A helper function around creating an SSL context

    https://docs.python.org/3/library/ssl.html#context-creation

    Accepts kwargs in the same manner as `create_default_context`.
    """
    ctx = ssl.create_default_context(**kwargs)
    return ctx 
開發者ID:PacktPublishing,項目名稱:Mastering-Elasticsearch-7.0,代碼行數:12,代碼來源:http_urllib3.py

示例6: tls_context

# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import html [as 別名]
def tls_context(self):
        if self._tls_context is None:
            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext
            # https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS
            self._tls_context = ssl.SSLContext(protocol=PROTOCOL_TLS_CLIENT)

            # Run our own validation later on if need be
            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname
            #
            # IMPORTANT: This must be set before verify_mode in Python 3.7+, see:
            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname
            self._tls_context.check_hostname = False

            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.verify_mode
            self._tls_context.verify_mode = ssl.CERT_REQUIRED if self._validate_cert else ssl.CERT_NONE

            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations
            if self._cafile or self._capath:  # no cov
                self._tls_context.load_verify_locations(self._cafile, self._capath, None)

            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_default_certs
            else:
                self._tls_context.load_default_certs(ssl.Purpose.SERVER_AUTH)

            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain
            if self._cert:  # no cov
                self._tls_context.load_cert_chain(self._cert, keyfile=self._private_key)

            # https://docs.python.org/3/library/ssl.html#ssl.create_default_context
            if 'SSLv3' in self._allowed_versions:  # no cov
                self._tls_context.options &= ~ssl.OP_NO_SSLv3

        return self._tls_context 
開發者ID:DataDog,項目名稱:integrations-core,代碼行數:35,代碼來源:tls.py

示例7: check_remote

# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import html [as 別名]
def check_remote(self, instance):
        if not self._server:
            raise ConfigurationError('You must specify `server` in your configuration file.')

        try:
            sock = self.create_connection()
        except Exception as e:
            self.service_check(self.SERVICE_CHECK_CAN_CONNECT, self.CRITICAL, tags=self._tags, message=str(e))
            return
        else:
            self.service_check(self.SERVICE_CHECK_CAN_CONNECT, self.OK, tags=self._tags)

        # Get the cert & TLS version from the connection
        with closing(sock):
            try:
                with closing(self.tls_context.wrap_socket(sock, server_hostname=self._server_hostname)) as secure_sock:
                    der_cert = secure_sock.getpeercert(binary_form=True)
                    protocol_version = secure_sock.version()
            except Exception as e:
                # https://docs.python.org/3/library/ssl.html#ssl.SSLCertVerificationError
                err_code = getattr(e, 'verify_code', None)
                message = getattr(e, 'verify_message', str(e))
                self.service_check(self.SERVICE_CHECK_VALIDATION, self.CRITICAL, tags=self._tags, message=message)

                # There's no sane way to tell it to not validate just the expiration
                # This only works on Python 3.7+, see: https://bugs.python.org/issue28182
                # https://github.com/openssl/openssl/blob/0b45d8eec051fd9816b6bf46a975fa461ffc983d/include/openssl/x509_vfy.h#L109
                if err_code == 10:
                    self.service_check(
                        self.SERVICE_CHECK_EXPIRATION, self.CRITICAL, tags=self._tags, message='Certificate has expired'
                    )

                return

        # Load https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate
        try:
            cert = load_der_x509_certificate(der_cert, default_backend())
        except Exception as e:
            self.service_check(
                self.SERVICE_CHECK_VALIDATION,
                self.CRITICAL,
                tags=self._tags,
                message='Unable to parse the certificate: {}'.format(e),
            )
            return

        self.check_protocol_version(protocol_version)
        self.validate_certificate(cert)
        self.check_age(cert) 
開發者ID:DataDog,項目名稱:integrations-core,代碼行數:51,代碼來源:tls.py

示例8: get_connection

# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import html [as 別名]
def get_connection(self):
        connection_options = {
            'database': self._db,
            'host': self._server,
            'port': self._port,
            'user': self._username,
            'password': self._password,
            'backup_server_node': self._backup_servers,
            'connection_load_balance': self._connection_load_balance,
            'connection_timeout': self._timeout,
        }
        if self._client_lib_log_level:
            connection_options['log_level'] = self._client_lib_log_level
            # log_path is required by vertica client for using logging
            # when log_path is set to '', vertica won't log to a file
            # but we still get logs via parent root logger
            connection_options['log_path'] = ''

        if self._tls_verify:  # no cov
            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext
            # https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS
            tls_context = ssl.SSLContext(protocol=PROTOCOL_TLS_CLIENT)

            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.verify_mode
            tls_context.verify_mode = ssl.CERT_REQUIRED

            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname
            tls_context.check_hostname = self._validate_hostname

            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations
            if self._cafile or self._capath:
                tls_context.load_verify_locations(self._cafile, self._capath, None)

            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_default_certs
            else:
                tls_context.load_default_certs(ssl.Purpose.SERVER_AUTH)

            # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain
            if self._cert:
                tls_context.load_cert_chain(self._cert, keyfile=self._private_key)

            connection_options['ssl'] = tls_context

        try:
            connection = vertica.connect(**connection_options)
        except Exception as e:
            self.log.error('Unable to connect to database `%s` as user `%s`: %s', self._db, self._username, e)
            self.service_check(self.SERVICE_CHECK_CONNECT, self.CRITICAL, tags=self._tags)
        else:
            self.service_check(self.SERVICE_CHECK_CONNECT, self.OK, tags=self._tags)
            return connection 
開發者ID:DataDog,項目名稱:integrations-core,代碼行數:53,代碼來源:vertica.py

示例9: make_secure_ssl_client_context

# 需要導入模塊: import ssl [as 別名]
# 或者: from ssl import html [as 別名]
def make_secure_ssl_client_context(
    ca_cert=None, client_cert=None, client_key=None, check_hostname=True, protocol=ssl.PROTOCOL_TLS,
):
    """Creates a secure ssl context for integration that requires one.
    :param str ca_cert:     Path to a file of concatenated CA certificates in PEM format or to a directory containing
                            several CA certificates in PEM format
    :param str client_cert: Path to a single file in PEM format containing the certificate as well as any number of
                            CA certificates needed to establish the certificate's authenticity.
    :param str client_key:  Must point to a file containing the private key. Otherwise the private key will be taken
                            from certfile as well.
    :param bool check_hostname: Whether to match the peer cert's hostname
    :param int protocol:    Client side protocol (should be one of the `ssl.PROTOCOL_*` constants)
                            By default selects the highest protocol version possible.

    :rtype ssl.Context
    """
    # https://docs.python.org/3/library/ssl.html#ssl.SSLContext
    # https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS
    context = ssl.SSLContext(protocol=protocol)

    # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.verify_mode
    context.verify_mode = ssl.CERT_REQUIRED

    # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname
    context.check_hostname = check_hostname

    ca_file, ca_path = None, None
    if os.path.isdir(ca_cert):
        ca_path = ca_cert
    elif os.path.isfile(ca_cert):
        ca_file = ca_cert
    else:
        raise ConfigurationError("Specified tls_ca_cert: {} should be a valid file or directory.".format(ca_cert))

    # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations
    if ca_file or ca_path:
        context.load_verify_locations(ca_file, ca_path, None)

    # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_default_certs
    else:
        context.load_default_certs(ssl.Purpose.SERVER_AUTH)

    # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain
    if client_cert:
        # If client_key is not defined, load_cert_chain reads the key from the client_cert
        context.load_cert_chain(client_cert, keyfile=client_key)

    return context 
開發者ID:DataDog,項目名稱:integrations-core,代碼行數:50,代碼來源:ssl_utils.py


注:本文中的ssl.html方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。