gevent._sslgte279 – SSL wrapper for socket objects on Python 2.7.9 and above

For the documentation, refer to ssl module manual.

This module implements cooperative SSL socket wrappers.

class SSLSocket(sock=None, keyfile=None, certfile=None, server_side=False, cert_reqs=0, ssl_version=2, ca_certs=None, do_handshake_on_connect=True, family=<AddressFamily.AF_INET: 2>, type=<SocketKind.SOCK_STREAM: 1>, proto=0, fileno=None, suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, server_hostname=None, _context=None)

Bases: gevent._socket2.socket

gevent ssl.SSLSocket for Pythons >= 2.7.9 but less than 3.


Accepts a new connection from a remote client, and returns a tuple containing that new connection wrapped with a server-side SSL channel, and the address of the remote client.


Connects to remote ADDR, and then wraps the connection in an SSL channel.


Connects to remote ADDR, and then wraps the connection in an SSL channel.


Perform a TLS/SSL handshake.


Get channel binding data for current connection. Raise ValueError if the requested cb_type is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake).


Returns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.

makefile(mode='r', bufsize=-1)

Make and return a file-like object that works with the SSL connection. Just use the code from the socket module.

read(len=1024, buffer=None)

Read up to LEN bytes and return them. Return zero-length string on EOF.


Return a string identifying the protocol version used by the current SSL channel, or None if there is no established channel.


Write DATA to the underlying SSL channel. Returns number of bytes of DATA actually transmitted.

get_server_certificate(addr, ssl_version=2, ca_certs=None)

Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If ‘ca_certs’ is specified, validate the server cert against it. If ‘ssl_version’ is specified, use it in the connection attempt.

create_default_context(purpose=<Purpose.SERVER_AUTH: _ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='')>, cafile=None, capath=None, cadata=None)

Create a SSLContext object with default settings.

NOTE: The protocol and settings may change anytime without prior
deprecation. The values represent a fair balance between maximum compatibility and security.
exception SSLWantReadError

Bases: ssl.SSLError

Non-blocking SSL socket needs to read more data before the requested operation can be completed.

RAND_egd(path) → bytes

Queries the entropy gather daemon (EGD) on the socket named by ‘path’. Returns number of bytes read. Raises SSLError if connection to EGD fails or if it does not provide enough data to seed PRNG.

match_hostname(cert, hostname)

Verify that cert (in decoded format as returned by SSLSocket.getpeercert()) matches the hostname. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for hostname.

CertificateError is raised on failure. On success, the function returns nothing.


Takes a certificate in ASCII PEM format and returns the DER-encoded version of it as a byte sequence

class Purpose

Bases: ssl._ASN1Object, enum.Enum

SSLContext purpose flags with X509v3 Extended Key Usage objects

RAND_status() → 0 or 1

Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not. It is necessary to seed the PRNG with RAND_add() on some platforms before using the ssl() function.


Takes a date-time string in standard ASN1_print form (“MON DAY 24HOUR:MINUTE:SEC YEAR TIMEZONE”) and return a Python time value in seconds past the epoch.

exception SSLWantWriteError

Bases: ssl.SSLError

Non-blocking SSL socket needs to write more data before the requested operation can be completed.

exception SSLSyscallError

Bases: ssl.SSLError

System error when attempting SSL operation.

RAND_pseudo_bytes(n) -> (bytes, is_cryptographic)

Generate n pseudo-random bytes. is_cryptographic is True if the bytesgenerated are cryptographically strong.

class DefaultVerifyPaths(cafile, capath, openssl_cafile_env, openssl_cafile, openssl_capath_env, openssl_capath)

Bases: tuple


Alias for field number 0


Alias for field number 1


Alias for field number 3


Alias for field number 2


Alias for field number 5


Alias for field number 4

RAND_add(string, entropy)

Mix string into the OpenSSL PRNG state. entropy (a float) is a lower bound on the entropy contained in string. See RFC 1750.

exception SSLError

Bases: OSError

An error occurred in the SSL implementation.


Takes a certificate in binary DER format and returns the PEM version of it as a string.

exception SSLEOFError

Bases: ssl.SSLError

SSL/TLS connection terminated abruptly.


Return paths to default cafile and capath.

exception SSLZeroReturnError

Bases: ssl.SSLError

SSL/TLS session closed cleanly.


alias of OSError

RAND_bytes(n) → bytes

Generate n cryptographically strong pseudo-random bytes.

Next page: gevent._ssl2 – SSL wrapper for socket objects on Python 2.7.8 and below