cheroot.ssl.pyopenssl module

A library for integrating pyOpenSSL with Cheroot.

The OpenSSL module must be importable for SSL functionality. You can obtain it from here.

To use this module, set HTTPServer.ssl_adapter to an instance of ssl.Adapter. There are two ways to use SSL:

Method One

  • ssl_adapter.context: an instance of SSL.Context.

If this is not None, it is assumed to be an SSL.Context instance, and will be passed to SSL.Connection on bind(). The developer is responsible for forming a valid Context object. This approach is to be preferred for more flexibility, e.g. if the cert and key are streams instead of files, or need decryption, or SSL.SSLv3_METHOD is desired instead of the default SSL.SSLv23_METHOD, etc. Consult the pyOpenSSL documentation for complete options.

Method Two (shortcut)

  • ssl_adapter.certificate: the filename of the server SSL certificate.
  • ssl_adapter.private_key: the filename of the server’s private key file.

Both are None by default. If ssl_adapter.context is None, but .private_key and .certificate are both given and valid, they will be read, and the context will be automatically created from them.

class cheroot.ssl.pyopenssl.SSLConnection(*args)

Bases: object

A thread-safe wrapper for an SSL.Connection.

*args: the arguments to create the wrapped SSL.Connection(*args).

accept(*args)
bind(*args)
close(*args)
connect(*args)
connect_ex(*args)
family
fileno(*args)
get_app_data(*args)
get_cipher_list(*args)
get_context(*args)
get_peer_certificate(*args)
getpeername(*args)
getsockname(*args)
getsockopt(*args)
gettimeout(*args)
listen(*args)
makefile(*args)
pending(*args)
read(*args)
recv(*args)
renegotiate(*args)
send(*args)
sendall(*args)
set_accept_state(*args)
set_app_data(*args)
set_connect_state(*args)
setblocking(*args)
setsockopt(*args)
settimeout(*args)
shutdown(*args)
sock_shutdown(*args)
state_string(*args)
want_read(*args)
want_write(*args)
write(*args)
class cheroot.ssl.pyopenssl.SSLConnectionProxyMeta

Bases: object

Metaclass for generating a bunch of proxy methods.

class cheroot.ssl.pyopenssl.SSLFileobjectMixin

Bases: object

Base mixin for an SSL socket stream.

recv(size)

Receive message of a size from the socket.

send(*args, **kwargs)

Send some part of message to the socket.

sendall(*args, **kwargs)

Send whole message to the socket.

ssl_retry = 0.01
ssl_timeout = 3
class cheroot.ssl.pyopenssl.SSLFileobjectStreamReader(sock, mode='r', bufsize=8192)

Bases: cheroot.ssl.pyopenssl.SSLFileobjectMixin, cheroot.makefile.StreamReader

SSL file object attached to a socket object.

class cheroot.ssl.pyopenssl.SSLFileobjectStreamWriter(sock, mode='w', bufsize=8192)

Bases: cheroot.ssl.pyopenssl.SSLFileobjectMixin, cheroot.makefile.StreamWriter

SSL file object attached to a socket object.

class cheroot.ssl.pyopenssl.pyOpenSSLAdapter(certificate, private_key, certificate_chain=None, ciphers=None)

Bases: cheroot.ssl.Adapter

A wrapper for integrating pyOpenSSL with Cheroot.

bind(sock)

Wrap and return the given socket.

certificate = None

The filename of the server SSL certificate.

certificate_chain = None

Optional. The filename of CA’s intermediate certificate bundle.

This is needed for cheaper “chained root” SSL certificates, and should be left as None if not required.

ciphers = None

The ciphers list of SSL.

context = None

An instance of SSL.Context.

get_context()

Return an SSL.Context from self attributes.

get_environ()

Return WSGI environ entries to be merged into each request.

makefile(sock, mode='r', bufsize=-1)

Return socket file object.

private_key = None

The filename of the server’s private key file.

wrap(sock)

Wrap and return the given socket, plus WSGI environ entries.

Indices and tables