gevent._ssl3 – SSL wrapper for socket objects on Python 3

For the documentation, refer to ssl module manual.

This module implements cooperative SSL socket wrappers.

class SSLSocket(sock=None, keyfile=None, certfile=None, server_side=False, cert_reqs=0, ssl_version=<_SSLMethod.PROTOCOL_SSLv23: 2>, ca_certs=None, do_handshake_on_connect=True, family=<AddressFamily.AF_INET: 2>, type=<SocketKind.SOCK_STREAM: 1>, proto=0, fileno=None, suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, server_hostname=None, _session=None, _context=None)

Bases: gevent._socket3.socket

gevent ssl.SSLSocket for Python 3.

accept()

Accepts a new connection from a remote client, and returns a tuple containing that new connection wrapped with a server-side SSL channel, and the address of the remote client.

connect(addr)

Connects to remote ADDR, and then wraps the connection in an SSL channel.

connect_ex(addr)

Connects to remote ADDR, and then wraps the connection in an SSL channel.

do_handshake()

Perform a TLS/SSL handshake.

get_channel_binding(cb_type='tls-unique')

Get channel binding data for current connection. Raise ValueError if the requested cb_type is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake).

getpeercert(binary_form=False)

Returns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.

read(len=1024, buffer=None)

Read up to LEN bytes and return them. Return zero-length string on EOF.

session

The SSLSession for client socket.

session_reused

Was the client session reused during handshake

shared_ciphers()

Return a list of ciphers shared by the client during the handshake or None if this is not a valid server connection.

version()

Return a string identifying the protocol version used by the current SSL channel.

write(data)

Write DATA to the underlying SSL channel. Returns number of bytes of DATA actually transmitted.

get_server_certificate(addr, ssl_version=<_SSLMethod.PROTOCOL_SSLv23: 2>, ca_certs=None)

Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If ‘ca_certs’ is specified, validate the server cert against it. If ‘ssl_version’ is specified, use it in the connection attempt.

RAND_add()

Mix string into the OpenSSL PRNG state.

entropy (a float) is a lower bound on the entropy contained in string. See RFC 1750.

get_default_verify_paths()

Return paths to default cafile and capath.

exception SSLZeroReturnError

Bases: ssl.SSLError

SSL/TLS session closed cleanly.

class Purpose

Bases: ssl._ASN1Object, enum.Enum

SSLContext purpose flags with X509v3 Extended Key Usage objects

exception SSLWantWriteError

Bases: ssl.SSLError

Non-blocking SSL socket needs to write more data before the requested operation can be completed.

exception SSLError

Bases: OSError

An error occurred in the SSL implementation.

RAND_pseudo_bytes()

Generate n pseudo-random bytes.

Return a pair (bytes, is_cryptographic). is_cryptographic is True if the bytes generated are cryptographically strong.

class DefaultVerifyPaths(cafile, capath, openssl_cafile_env, openssl_cafile, openssl_capath_env, openssl_capath)

Bases: tuple

Create new instance of DefaultVerifyPaths(cafile, capath, openssl_cafile_env, openssl_cafile, openssl_capath_env, openssl_capath)

cafile

Alias for field number 0

capath

Alias for field number 1

openssl_cafile

Alias for field number 3

openssl_cafile_env

Alias for field number 2

openssl_capath

Alias for field number 5

openssl_capath_env

Alias for field number 4

PEM_cert_to_DER_cert(pem_cert_string)

Takes a certificate in ASCII PEM format and returns the DER-encoded version of it as a byte sequence

DER_cert_to_PEM_cert(der_cert_bytes)

Takes a certificate in binary DER format and returns the PEM version of it as a string.

match_hostname(cert, hostname)

Verify that cert (in decoded format as returned by SSLSocket.getpeercert()) matches the hostname. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for hostname.

CertificateError is raised on failure. On success, the function returns nothing.

create_connection(address, timeout=<object object>, source_address=None)

Connect to address and return the socket object.

Convenience function. Connect to address (a 2-tuple (host, port)) and return the socket object. Passing the optional timeout parameter will set the timeout on the socket instance before attempting to connect. If no timeout is supplied, the global default timeout setting returned by getdefaulttimeout() is used. If source_address is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. A host of ‘’ or port 0 tells the OS to use the default.

RAND_egd()

Queries the entropy gather daemon (EGD) on the socket named by ‘path’.

Returns number of bytes read. Raises SSLError if connection to EGD fails or if it does not provide enough data to seed PRNG.

RAND_bytes()

Generate n cryptographically strong pseudo-random bytes.

RAND_status()

Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.

It is necessary to seed the PRNG with RAND_add() on some platforms before using the ssl() function.

exception SSLSyscallError

Bases: ssl.SSLError

System error when attempting SSL operation.

socket_error

alias of OSError

exception SSLWantReadError

Bases: ssl.SSLError

Non-blocking SSL socket needs to read more data before the requested operation can be completed.

cert_time_to_seconds(cert_time)

Return the time in seconds since the Epoch, given the timestring representing the “notBefore” or “notAfter” date from a certificate in "%b %d %H:%M:%S %Y %Z" strptime format (C locale).

“notBefore” or “notAfter” dates must use UTC (RFC 5280).

Month is one of: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec UTC should be specified as GMT (see ASN1_TIME_print())

create_default_context(purpose=<Purpose.SERVER_AUTH: _ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1')>, *, cafile=None, capath=None, cadata=None)

Create a SSLContext object with default settings.

NOTE: The protocol and settings may change anytime without prior
deprecation. The values represent a fair balance between maximum compatibility and security.
class SSLObject(sslobj, owner=None)

Bases: object

This class implements an interface on top of a low-level SSL object as implemented by OpenSSL. This object captures the state of an SSL connection but does not provide any network IO itself. IO needs to be performed through separate “BIO” objects which are OpenSSL’s IO abstraction layer.

This class does not have a public constructor. Instances are returned by SSLContext.wrap_bio. This class is typically used by framework authors that want to implement asynchronous IO for SSL through memory buffers.

When compared to SSLSocket, this object lacks the following features:

  • Any form of network IO incluging methods such as recv and send.
  • The do_handshake_on_connect and suppress_ragged_eofs machinery.
cipher()

Return the currently selected cipher as a 3-tuple (name, ssl_version, secret_bits).

compression()

Return the current compression algorithm in use, or None if compression was not negotiated or not supported by one of the peers.

context

The SSLContext that is currently in use.

do_handshake()

Start the SSL/TLS handshake.

get_channel_binding(cb_type='tls-unique')

Get channel binding data for current connection. Raise ValueError if the requested cb_type is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake).

getpeercert(binary_form=False)

Returns a formatted version of the data in the certificate provided by the other end of the SSL channel.

Return None if no certificate was provided, {} if a certificate was provided, but not validated.

pending()

Return the number of bytes that can be read immediately.

read(len=1024, buffer=None)

Read up to ‘len’ bytes from the SSL object and return them.

If ‘buffer’ is provided, read into this buffer and return the number of bytes read.

selected_alpn_protocol()

Return the currently selected ALPN protocol as a string, or None if a next protocol was not negotiated or if ALPN is not supported by one of the peers.

selected_npn_protocol()

Return the currently selected NPN protocol as a string, or None if a next protocol was not negotiated or if NPN is not supported by one of the peers.

server_hostname

The currently set server hostname (for SNI), or None if no server hostame is set.

server_side

Whether this is a server-side socket.

shared_ciphers()

Return a list of ciphers shared by the client during the handshake or None if this is not a valid server connection.

unwrap()

Start the SSL shutdown handshake.

version()

Return a string identifying the protocol version used by the current SSL channel.

write(data)

Write ‘data’ to the SSL object and return the number of bytes written.

The ‘data’ argument must support the buffer interface.

exception SSLEOFError

Bases: ssl.SSLError

SSL/TLS connection terminated abruptly.

Next page: gevent._sslgte279 – SSL wrapper for socket objects on Python 2.7.9 and above