cheroot.ssl package

Submodules

• cheroot.ssl.builtin module
  • BuiltinSSLAdapter
    • BuiltinSSLAdapter.CERT_KEY_TO_ENV
    • BuiltinSSLAdapter.CERT_KEY_TO_LDAP_CODE
    • BuiltinSSLAdapter._abc_impl
    • BuiltinSSLAdapter._make_env_cert_dict()
    • BuiltinSSLAdapter._make_env_dn_dict()
    • BuiltinSSLAdapter._make_env_san_dict()
    • BuiltinSSLAdapter.certificate
    • BuiltinSSLAdapter.certificate_chain
    • BuiltinSSLAdapter.ciphers
    • BuiltinSSLAdapter.context
    • BuiltinSSLAdapter.get_environ()
    • BuiltinSSLAdapter.makefile()
    • BuiltinSSLAdapter.private_key
    • BuiltinSSLAdapter.private_key_password
    • BuiltinSSLAdapter.wrap()
  • _assert_ssl_exc_contains()
  • _loopback_for_cert()
  • _loopback_for_cert_thread()
  • _parse_cert()
  • _sni_callback()
• cheroot.ssl.pyopenssl module
  • Method One
  • Method Two (shortcut)
  • SSLConnection
    • SSLConnection._decref_socketios()
    • SSLConnection._socket
    • SSLConnection.accept()
    • SSLConnection.bind()
    • SSLConnection.close()
    • SSLConnection.connect()
    • SSLConnection.connect_ex()
    • SSLConnection.family
    • SSLConnection.fileno()
    • SSLConnection.get_app_data()
    • SSLConnection.get_cipher_list()
    • SSLConnection.get_context()
    • SSLConnection.get_peer_certificate()
    • SSLConnection.getpeername()
    • SSLConnection.getsockname()
    • SSLConnection.getsockopt()
    • SSLConnection.gettimeout()
    • SSLConnection.listen()
    • SSLConnection.makefile()
    • SSLConnection.pending()
    • SSLConnection.read()
    • SSLConnection.recv()
    • SSLConnection.recv_into()
    • SSLConnection.renegotiate()
    • SSLConnection.send()
    • SSLConnection.sendall()
    • SSLConnection.set_accept_state()
    • SSLConnection.set_app_data()
    • SSLConnection.set_connect_state()
    • SSLConnection.setblocking()
    • SSLConnection.setsockopt()
    • SSLConnection.settimeout()
    • SSLConnection.shutdown()
    • SSLConnection.sock_shutdown()
    • SSLConnection.state_string()
    • SSLConnection.want_read()
    • SSLConnection.want_write()
    • SSLConnection.write()
  • SSLConnectionProxyMeta
  • SSLFileobjectMixin
    • SSLFileobjectMixin._safe_call()
    • SSLFileobjectMixin.readline()
    • SSLFileobjectMixin.recv()
    • SSLFileobjectMixin.send()
    • SSLFileobjectMixin.sendall()
    • SSLFileobjectMixin.ssl_retry
    • SSLFileobjectMixin.ssl_timeout
  • SSLFileobjectStreamReader
    • SSLFileobjectStreamReader._abc_impl
  • SSLFileobjectStreamWriter
    • SSLFileobjectStreamWriter._abc_impl
  • pyOpenSSLAdapter
    • pyOpenSSLAdapter._abc_impl
    • pyOpenSSLAdapter._password_callback()
    • pyOpenSSLAdapter.certificate
    • pyOpenSSLAdapter.certificate_chain
    • pyOpenSSLAdapter.ciphers
    • pyOpenSSLAdapter.context
    • pyOpenSSLAdapter.get_context()
    • pyOpenSSLAdapter.get_environ()
    • pyOpenSSLAdapter.makefile()
    • pyOpenSSLAdapter.private_key
    • pyOpenSSLAdapter.private_key_password
    • pyOpenSSLAdapter.wrap()

Module contents

Implementation of the SSL adapter base interface.

class cheroot.ssl.Adapter(certificate, private_key, certificate_chain=None, ciphers=None, *, private_key_password=None)

Bases: ABC

Base class for SSL driver library adapters.

Required methods:

• wrap(sock) -> (wrapped socket, ssl environ dict)

• makefile(sock, mode='r', bufsize=DEFAULT_BUFFER_SIZE) -> socket file object

_abc_impl = <_abc._abc_data object>

_prompt_for_tls_password() → str

Prompt for encrypted private key password interactively.

bind(sock)

Return the given socket.

Deprecated: This method no longer performs any SSL-specific operations. SSL wrapping now happens in wrap(). bind() will be removed in a future version.

abstract get_environ()

Return WSGI environ entries to be merged into each request.

abstract makefile(sock, mode='r', bufsize=-1)

Return socket file object.

abstract wrap(sock)

Wrap the given socket and return WSGI environ entries.

cheroot.ssl._ensure_peer_speaks_https(raw_socket, /) → None

Raise exception if the client sent plain HTTP.

This method probes the TCP stream for signs of the peer having sent us plaintext HTTP on the HTTPS port by peeking at the first bytes. If there’s no data yet, the method considers the guess inconclusive and does not error out. This allows the server to continue until the SSL handshake is attempted, at which point an error will be caught by the SSL layer if the client is not speaking TLS.

Raises:

NoSSLError – When plaintext HTTP is detected on an HTTPS socket