💾 Archived View for tris.fyi › pydoc › ssl captured on 2023-04-26 at 13:32:11. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
This module provides some more Pythonic support for SSL. Object types: SSLSocket -- subtype of socket.socket which does SSL over the socket Exceptions: SSLError -- exception raised for I/O errors Functions: cert_time_to_seconds -- convert time string used for certificate notBefore and notAfter functions to integer seconds past the Epoch (the time values returned from time.time()) get_server_certificate (addr, ssl_version, ca_certs, timeout) -- Retrieve the certificate from the server at the specified address and return it as a PEM-encoded string Integer constants: SSL_ERROR_ZERO_RETURN SSL_ERROR_WANT_READ SSL_ERROR_WANT_WRITE SSL_ERROR_WANT_X509_LOOKUP SSL_ERROR_SYSCALL SSL_ERROR_SSL SSL_ERROR_WANT_CONNECT SSL_ERROR_EOF SSL_ERROR_INVALID_ERROR_CODE The following group define certificate requirements that one side is allowing/requiring from the other side: CERT_NONE - no certificates from the other side are required (or will be looked at if provided) CERT_OPTIONAL - certificates are not required, but if provided will be validated, and if validation fails, the connection will also fail CERT_REQUIRED - certificates are required, and will be validated, and if validation fails, the connection will also fail The following constants identify various SSL protocol variants: PROTOCOL_SSLv2 PROTOCOL_SSLv3 PROTOCOL_SSLv23 PROTOCOL_TLS PROTOCOL_TLS_CLIENT PROTOCOL_TLS_SERVER PROTOCOL_TLSv1 PROTOCOL_TLSv1_1 PROTOCOL_TLSv1_2 The following constants identify various SSL alert message descriptions as per http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6 ALERT_DESCRIPTION_CLOSE_NOTIFY ALERT_DESCRIPTION_UNEXPECTED_MESSAGE ALERT_DESCRIPTION_BAD_RECORD_MAC ALERT_DESCRIPTION_RECORD_OVERFLOW ALERT_DESCRIPTION_DECOMPRESSION_FAILURE ALERT_DESCRIPTION_HANDSHAKE_FAILURE ALERT_DESCRIPTION_BAD_CERTIFICATE ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE ALERT_DESCRIPTION_CERTIFICATE_REVOKED ALERT_DESCRIPTION_CERTIFICATE_EXPIRED ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN ALERT_DESCRIPTION_ILLEGAL_PARAMETER ALERT_DESCRIPTION_UNKNOWN_CA ALERT_DESCRIPTION_ACCESS_DENIED ALERT_DESCRIPTION_DECODE_ERROR ALERT_DESCRIPTION_DECRYPT_ERROR ALERT_DESCRIPTION_PROTOCOL_VERSION ALERT_DESCRIPTION_INSUFFICIENT_SECURITY ALERT_DESCRIPTION_INTERNAL_ERROR ALERT_DESCRIPTION_USER_CANCELLED ALERT_DESCRIPTION_NO_RENEGOTIATION ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE ALERT_DESCRIPTION_UNRECOGNIZED_NAME ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY
An enumeration.
ALERT_DESCRIPTION_ACCESS_DENIED = <AlertDescription.ALERT_DESCRIPTION_ACCESS_DENIED: 49>
ALERT_DESCRIPTION_BAD_CERTIFICATE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE: 42>
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE: 114>
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE: 113>
ALERT_DESCRIPTION_BAD_RECORD_MAC = <AlertDescription.ALERT_DESCRIPTION_BAD_RECORD_MAC: 20>
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_EXPIRED: 45>
ALERT_DESCRIPTION_CERTIFICATE_REVOKED = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_REVOKED: 44>
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN: 46>
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE: 111>
ALERT_DESCRIPTION_CLOSE_NOTIFY = <AlertDescription.ALERT_DESCRIPTION_CLOSE_NOTIFY: 0>
ALERT_DESCRIPTION_DECODE_ERROR = <AlertDescription.ALERT_DESCRIPTION_DECODE_ERROR: 50>
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE = <AlertDescription.ALERT_DESCRIPTION_DECOMPRESSION_FAILURE: 30>
ALERT_DESCRIPTION_DECRYPT_ERROR = <AlertDescription.ALERT_DESCRIPTION_DECRYPT_ERROR: 51>
ALERT_DESCRIPTION_HANDSHAKE_FAILURE = <AlertDescription.ALERT_DESCRIPTION_HANDSHAKE_FAILURE: 40>
ALERT_DESCRIPTION_ILLEGAL_PARAMETER = <AlertDescription.ALERT_DESCRIPTION_ILLEGAL_PARAMETER: 47>
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY = <AlertDescription.ALERT_DESCRIPTION_INSUFFICIENT_SECURITY: 71>
ALERT_DESCRIPTION_INTERNAL_ERROR = <AlertDescription.ALERT_DESCRIPTION_INTERNAL_ERROR: 80>
ALERT_DESCRIPTION_NO_RENEGOTIATION = <AlertDescription.ALERT_DESCRIPTION_NO_RENEGOTIATION: 100>
ALERT_DESCRIPTION_PROTOCOL_VERSION = <AlertDescription.ALERT_DESCRIPTION_PROTOCOL_VERSION: 70>
ALERT_DESCRIPTION_RECORD_OVERFLOW = <AlertDescription.ALERT_DESCRIPTION_RECORD_OVERFLOW: 22>
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE = <AlertDescription.ALERT_DESCRIPTION_UNEXPECTED_MESSAGE: 10>
ALERT_DESCRIPTION_UNKNOWN_CA = <AlertDescription.ALERT_DESCRIPTION_UNKNOWN_CA: 48>
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY = <AlertDescription.ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY: 115>
ALERT_DESCRIPTION_UNRECOGNIZED_NAME = <AlertDescription.ALERT_DESCRIPTION_UNRECOGNIZED_NAME: 112>
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE = <AlertDescription.ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE: 43>
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION = <AlertDescription.ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION: 110>
ALERT_DESCRIPTION_USER_CANCELLED = <AlertDescription.ALERT_DESCRIPTION_USER_CANCELLED: 90>
A certificate could not be verified.
with_traceback(...) Exception.with_traceback(tb) -- set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects> POSIX exception code
filename = <member 'filename' of 'OSError' objects> exception filename
filename2 = <member 'filename2' of 'OSError' objects> second exception filename
strerror = <member 'strerror' of 'OSError' objects> exception strerror
DefaultVerifyPaths(cafile, capath, openssl_cafile_env, openssl_cafile, openssl_capath_env, openssl_capath)
count(self, value, /) Return number of occurrences of value.
index(self, value, start=0, stop=9223372036854775807, /) Return first index of value. Raises ValueError if the value is not present.
cafile = _tuplegetter(0, 'Alias for field number 0') Alias for field number 0
capath = _tuplegetter(1, 'Alias for field number 1') Alias for field number 1
openssl_cafile = _tuplegetter(3, 'Alias for field number 3') Alias for field number 3
openssl_cafile_env = _tuplegetter(2, 'Alias for field number 2') Alias for field number 2
openssl_capath = _tuplegetter(5, 'Alias for field number 5') Alias for field number 5
openssl_capath_env = _tuplegetter(4, 'Alias for field number 4') Alias for field number 4
read(self, size=-1, /) Read up to size bytes from the memory BIO. If size is not specified, read the entire buffer. If the return value is an empty bytes instance, this means either EOF or that no data is available. Use the "eof" property to distinguish between the two.
write(self, b, /) Writes the bytes b into the memory BIO. Returns the number of bytes written.
write_eof(self, /) Write an EOF marker to the memory BIO. When all data has been read, the "eof" property will be True.
eof = <attribute 'eof' of '_ssl.MemoryBIO' objects> Whether the memory BIO is at EOF.
pending = <attribute 'pending' of '_ssl.MemoryBIO' objects> The number of bytes pending in the memory BIO.
An enumeration.
OP_ALL = <Options.OP_ALL: 2147483728>
OP_CIPHER_SERVER_PREFERENCE = <Options.OP_CIPHER_SERVER_PREFERENCE: 4194304>
OP_ENABLE_MIDDLEBOX_COMPAT = <Options.OP_ENABLE_MIDDLEBOX_COMPAT: 1048576>
OP_IGNORE_UNEXPECTED_EOF = <Options.OP_IGNORE_UNEXPECTED_EOF: 128>
OP_NO_COMPRESSION = <Options.OP_NO_COMPRESSION: 131072>
OP_NO_RENEGOTIATION = <Options.OP_NO_RENEGOTIATION: 1073741824>
OP_NO_SSLv2 = <Options.OP_NO_SSLv2: 0>
OP_NO_SSLv3 = <Options.OP_NO_SSLv3: 33554432>
OP_NO_TICKET = <Options.OP_NO_TICKET: 16384>
OP_NO_TLSv1 = <Options.OP_NO_TLSv1: 67108864>
OP_NO_TLSv1_1 = <Options.OP_NO_TLSv1_1: 268435456>
OP_NO_TLSv1_2 = <Options.OP_NO_TLSv1_2: 134217728>
OP_NO_TLSv1_3 = <Options.OP_NO_TLSv1_3: 536870912>
SSLContext purpose flags with X509v3 Extended Key Usage objects
CLIENT_AUTH = <Purpose.CLIENT_AUTH: _ASN1Object(nid=130, shortname='clientAuth', longname='TLS Web Client Authentication', oid='1.3.6.1.5.5.7.3.2')>
SERVER_AUTH = <Purpose.SERVER_AUTH: _ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1')>
name = <types.DynamicClassAttribute object at 0x7f75e3bec2e0> The name of the Enum member.
value = <types.DynamicClassAttribute object at 0x7f75e3bec2b0> The value of the Enum member.
A certificate could not be verified.
with_traceback(...) Exception.with_traceback(tb) -- set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects> POSIX exception code
filename = <member 'filename' of 'OSError' objects> exception filename
filename2 = <member 'filename2' of 'OSError' objects> second exception filename
strerror = <member 'strerror' of 'OSError' objects> exception strerror
An SSLContext holds various SSL-related configuration options and data, such as certificates and possibly a private key.
This class implements an interface on top of a low-level SSL object as implemented by OpenSSL. This object captures the state of an SSL connection but does not provide any network IO itself. IO needs to be performed through separate "BIO" objects which are OpenSSL's IO abstraction layer. This class does not have a public constructor. Instances are returned by ``SSLContext.wrap_bio``. This class is typically used by framework authors that want to implement asynchronous IO for SSL through memory buffers. When compared to ``SSLSocket``, this object lacks the following features: * Any form of network IO, including methods such as ``recv`` and ``send``. * The ``do_handshake_on_connect`` and ``suppress_ragged_eofs`` machinery.
cipher(self) Return the currently selected cipher as a 3-tuple ``(name, ssl_version, secret_bits)``.
compression(self) Return the current compression algorithm in use, or ``None`` if compression was not negotiated or not supported by one of the peers.
do_handshake(self) Start the SSL/TLS handshake.
get_channel_binding(self, cb_type='tls-unique') Get channel binding data for current connection. Raise ValueError if the requested `cb_type` is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake).
getpeercert(self, binary_form=False) Returns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.
pending(self) Return the number of bytes that can be read immediately.
read(self, len=1024, buffer=None) Read up to 'len' bytes from the SSL object and return them. If 'buffer' is provided, read into this buffer and return the number of bytes read.
selected_alpn_protocol(self) Return the currently selected ALPN protocol as a string, or ``None`` if a next protocol was not negotiated or if ALPN is not supported by one of the peers.
selected_npn_protocol(self) Return the currently selected NPN protocol as a string, or ``None`` if a next protocol was not negotiated or if NPN is not supported by one of the peers.
shared_ciphers(self) Return a list of ciphers shared by the client during the handshake or None if this is not a valid server connection.
unwrap(self) Start the SSL shutdown handshake.
verify_client_post_handshake(self)
version(self) Return a string identifying the protocol version used by the current SSL channel.
write(self, data) Write 'data' to the SSL object and return the number of bytes written. The 'data' argument must support the buffer interface.
context = <property object at 0x7f75e3a901d0> The SSLContext that is currently in use.
server_hostname = <property object at 0x7f75e3a90270> The currently set server hostname (for SNI), or ``None`` if no server hostname is set.
server_side = <property object at 0x7f75e3a90180> Whether this is a server-side socket.
session = <property object at 0x7f75e3a90220> The SSLSession for client socket.
session_reused = <property object at 0x7f75e3a90090> Was the client session reused during handshake
This class implements a subtype of socket.socket that wraps the underlying OS socket in an SSL context when necessary, and provides read and write methods over that channel.
accept(self) Accepts a new connection from a remote client, and returns a tuple containing that new connection wrapped with a server-side SSL channel, and the address of the remote client.
bind(...) bind(address) Bind the socket to a local address. For IP sockets, the address is a pair (host, port); the host must refer to the local host. For raw packet sockets the address is a tuple (ifname, proto [,pkttype [,hatype [,addr]]])
cipher(self) Return the currently selected cipher as a 3-tuple ``(name, ssl_version, secret_bits)``.
close(self)
compression(self) Return the current compression algorithm in use, or ``None`` if compression was not negotiated or not supported by one of the peers.
connect(self, addr) Connects to remote ADDR, and then wraps the connection in an SSL channel.
connect_ex(self, addr) Connects to remote ADDR, and then wraps the connection in an SSL channel.
detach(self) detach() -> file descriptor Close the socket object without closing the underlying file descriptor. The object cannot be used after this call, but the file descriptor can be reused for other purposes. The file descriptor is returned.
do_handshake(self, block=False) Start the SSL/TLS handshake.
dup(self)
fileno(...) fileno() -> integer Return the integer file descriptor of the socket.
get_channel_binding(self, cb_type='tls-unique') Get channel binding data for current connection. Raise ValueError if the requested `cb_type` is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake).
get_inheritable(self) Get the inheritable flag of the socket
getblocking(...) getblocking() Returns True if socket is in blocking mode, or False if it is in non-blocking mode.
getpeercert(self, binary_form=False) Returns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.
getpeername(...) getpeername() -> address info Return the address of the remote endpoint. For IP sockets, the address info is a pair (hostaddr, port).
getsockname(...) getsockname() -> address info Return the address of the local endpoint. The format depends on the address family. For IPv4 sockets, the address info is a pair (hostaddr, port).
getsockopt(...) getsockopt(level, option[, buffersize]) -> value Get a socket option. See the Unix manual for level and option. If a nonzero buffersize argument is given, the return value is a string of that length; otherwise it is an integer.
gettimeout(...) gettimeout() -> timeout Returns the timeout in seconds (float) associated with socket operations. A timeout of None indicates that timeouts on socket operations are disabled.
listen(...) listen([backlog]) Enable a server to accept connections. If backlog is specified, it must be at least 0 (if it is lower, it is set to 0); it specifies the number of unaccepted connections that the system will allow before refusing new connections. If not specified, a default reasonable value is chosen.
makefile(self, mode='r', buffering=None, *, encoding=None, errors=None, newline=None) makefile(...) -> an I/O stream connected to the socket The arguments are as for io.open() after the filename, except the only supported mode values are 'r' (default), 'w' and 'b'.
pending(self) Return the number of bytes that can be read immediately.
read(self, len=1024, buffer=None) Read up to LEN bytes and return them. Return zero-length string on EOF.
recv(self, buflen=1024, flags=0)
recv_into(self, buffer, nbytes=None, flags=0)
recvfrom(self, buflen=1024, flags=0)
recvfrom_into(self, buffer, nbytes=None, flags=0)
recvmsg(self, *args, **kwargs)
recvmsg_into(self, *args, **kwargs)
selected_alpn_protocol(self) Return the currently selected ALPN protocol as a string, or ``None`` if a next protocol was not negotiated or if ALPN is not supported by one of the peers.
selected_npn_protocol(self) Return the currently selected NPN protocol as a string, or ``None`` if a next protocol was not negotiated or if NPN is not supported by one of the peers.
send(self, data, flags=0)
sendall(self, data, flags=0)
sendfile(self, file, offset=0, count=None) Send a file, possibly by using os.sendfile() if this is a clear-text socket. Return the total number of bytes sent.
sendmsg(self, *args, **kwargs)
sendmsg_afalg(...) sendmsg_afalg([msg], *, op[, iv[, assoclen[, flags=MSG_MORE]]]) Set operation mode, IV and length of associated data for an AF_ALG operation socket.
sendto(self, data, flags_or_addr, addr=None)
set_inheritable(self, inheritable) Set the inheritable flag of the socket
setblocking(...) setblocking(flag) Set the socket to blocking (flag is true) or non-blocking (false). setblocking(True) is equivalent to settimeout(None); setblocking(False) is equivalent to settimeout(0.0).
setsockopt(...) setsockopt(level, option, value: int) setsockopt(level, option, value: buffer) setsockopt(level, option, None, optlen: int) Set a socket option. See the Unix manual for level and option. The value argument can either be an integer, a string buffer, or None, optlen.
settimeout(...) settimeout(timeout) Set a timeout on socket operations. 'timeout' can be a float, giving in seconds, or None. Setting a timeout of None disables the timeout feature and is equivalent to setblocking(1). Setting a timeout of zero is the same as setblocking(0).
shared_ciphers(self) Return a list of ciphers shared by the client during the handshake or None if this is not a valid server connection.
shutdown(self, how)
unwrap(self) Start the SSL shutdown handshake.
verify_client_post_handshake(self)
version(self) Return a string identifying the protocol version used by the current SSL channel.
write(self, data) Write DATA to the underlying SSL channel. Returns number of bytes of DATA actually transmitted.
context = <property object at 0x7f75e3a903b0> The SSLContext that is currently in use.
family = <property object at 0x7f75e3b37420> Read-only access to the address family for this socket.
proto = <member 'proto' of '_socket.socket' objects> the socket protocol
session = <property object at 0x7f75e3a90400> The SSLSession for client socket.
session_reused = <property object at 0x7f75e3a90310> Was the client session reused during handshake
timeout = <attribute 'timeout' of '_socket.socket' objects> the socket timeout
type = <property object at 0x7f75e3a66e80> Read-only access to the socket type.
cert_store_stats(self, /) Returns quantities of loaded X.509 certificates. X.509 certificates with a CA extension and certificate revocation lists inside the context's cert store. NOTE: Certificates in a capath directory aren't loaded unless they have been used at least once.
get_ca_certs(self, /, binary_form=False) Returns a list of dicts with information of loaded CA certs. If the optional argument is True, returns a DER-encoded copy of the CA certificate. NOTE: Certificates in a capath directory aren't loaded unless they have been used at least once.
get_ciphers(self, /)
load_cert_chain(self, /, certfile, keyfile=None, password=None)
load_default_certs(self, purpose=<Purpose.SERVER_AUTH: _ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1')>)
load_dh_params(self, path, /)
load_verify_locations(self, /, cafile=None, capath=None, cadata=None)
session_stats(self, /)
set_alpn_protocols(self, alpn_protocols)
set_ciphers(self, cipherlist, /)
set_default_verify_paths(self, /)
set_ecdh_curve(self, name, /)
set_npn_protocols(self, npn_protocols)
set_servername_callback(self, server_name_callback)
wrap_bio(self, incoming, outgoing, server_side=False, server_hostname=None, session=None)
wrap_socket(self, sock, server_side=False, do_handshake_on_connect=True, suppress_ragged_eofs=True, server_hostname=None, session=None)
check_hostname = <attribute 'check_hostname' of '_ssl._SSLContext' objects>
hostname_checks_common_name = <property object at 0x7f75e3a73fb0>
keylog_filename = <attribute 'keylog_filename' of '_ssl._SSLContext' objects>
maximum_version = <property object at 0x7f75e3a73f10>
minimum_version = <property object at 0x7f75e3a73ec0>
num_tickets = <attribute 'num_tickets' of '_ssl._SSLContext' objects> Control the number of TLSv1.3 session tickets
options = <property object at 0x7f75e3a73f60>
post_handshake_auth = <attribute 'post_handshake_auth' of '_ssl._SSLContext' objects>
protocol = <property object at 0x7f75e3a73a60>
security_level = <attribute 'security_level' of '_ssl._SSLContext' objects> The current security level
sni_callback = <attribute 'sni_callback' of '_ssl._SSLContext' objects> Set a callback that will be called when a server name is provided by the SSL/TLS client in the SNI extension. If the argument is None then the callback is disabled. The method is called with the SSLSocket, the server name as a string, and the SSLContext object. See RFC 6066 for details of the SNI extension.
verify_flags = <property object at 0x7f75e3a900e0>
verify_mode = <property object at 0x7f75e3a90130>
SSL/TLS connection terminated abruptly.
with_traceback(...) Exception.with_traceback(tb) -- set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects> POSIX exception code
filename = <member 'filename' of 'OSError' objects> exception filename
filename2 = <member 'filename2' of 'OSError' objects> second exception filename
strerror = <member 'strerror' of 'OSError' objects> exception strerror
An error occurred in the SSL implementation.
with_traceback(...) Exception.with_traceback(tb) -- set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects> POSIX exception code
filename = <member 'filename' of 'OSError' objects> exception filename
filename2 = <member 'filename2' of 'OSError' objects> second exception filename
strerror = <member 'strerror' of 'OSError' objects> exception strerror
An enumeration.
SSL_ERROR_EOF = <SSLErrorNumber.SSL_ERROR_EOF: 8>
SSL_ERROR_INVALID_ERROR_CODE = <SSLErrorNumber.SSL_ERROR_INVALID_ERROR_CODE: 10>
SSL_ERROR_SSL = <SSLErrorNumber.SSL_ERROR_SSL: 1>
SSL_ERROR_SYSCALL = <SSLErrorNumber.SSL_ERROR_SYSCALL: 5>
SSL_ERROR_WANT_CONNECT = <SSLErrorNumber.SSL_ERROR_WANT_CONNECT: 7>
SSL_ERROR_WANT_READ = <SSLErrorNumber.SSL_ERROR_WANT_READ: 2>
SSL_ERROR_WANT_WRITE = <SSLErrorNumber.SSL_ERROR_WANT_WRITE: 3>
SSL_ERROR_WANT_X509_LOOKUP = <SSLErrorNumber.SSL_ERROR_WANT_X509_LOOKUP: 4>
SSL_ERROR_ZERO_RETURN = <SSLErrorNumber.SSL_ERROR_ZERO_RETURN: 6>
This class implements an interface on top of a low-level SSL object as implemented by OpenSSL. This object captures the state of an SSL connection but does not provide any network IO itself. IO needs to be performed through separate "BIO" objects which are OpenSSL's IO abstraction layer. This class does not have a public constructor. Instances are returned by ``SSLContext.wrap_bio``. This class is typically used by framework authors that want to implement asynchronous IO for SSL through memory buffers. When compared to ``SSLSocket``, this object lacks the following features: * Any form of network IO, including methods such as ``recv`` and ``send``. * The ``do_handshake_on_connect`` and ``suppress_ragged_eofs`` machinery.
cipher(self) Return the currently selected cipher as a 3-tuple ``(name, ssl_version, secret_bits)``.
compression(self) Return the current compression algorithm in use, or ``None`` if compression was not negotiated or not supported by one of the peers.
do_handshake(self) Start the SSL/TLS handshake.
get_channel_binding(self, cb_type='tls-unique') Get channel binding data for current connection. Raise ValueError if the requested `cb_type` is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake).
getpeercert(self, binary_form=False) Returns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.
pending(self) Return the number of bytes that can be read immediately.
read(self, len=1024, buffer=None) Read up to 'len' bytes from the SSL object and return them. If 'buffer' is provided, read into this buffer and return the number of bytes read.
selected_alpn_protocol(self) Return the currently selected ALPN protocol as a string, or ``None`` if a next protocol was not negotiated or if ALPN is not supported by one of the peers.
selected_npn_protocol(self) Return the currently selected NPN protocol as a string, or ``None`` if a next protocol was not negotiated or if NPN is not supported by one of the peers.
shared_ciphers(self) Return a list of ciphers shared by the client during the handshake or None if this is not a valid server connection.
unwrap(self) Start the SSL shutdown handshake.
verify_client_post_handshake(self)
version(self) Return a string identifying the protocol version used by the current SSL channel.
write(self, data) Write 'data' to the SSL object and return the number of bytes written. The 'data' argument must support the buffer interface.
context = <property object at 0x7f75e3a901d0> The SSLContext that is currently in use.
server_hostname = <property object at 0x7f75e3a90270> The currently set server hostname (for SNI), or ``None`` if no server hostname is set.
server_side = <property object at 0x7f75e3a90180> Whether this is a server-side socket.
session = <property object at 0x7f75e3a90220> The SSLSession for client socket.
session_reused = <property object at 0x7f75e3a90090> Was the client session reused during handshake
has_ticket = <attribute 'has_ticket' of '_ssl.SSLSession' objects> Does the session contain a ticket?
id = <attribute 'id' of '_ssl.SSLSession' objects> Session id
ticket_lifetime_hint = <attribute 'ticket_lifetime_hint' of '_ssl.SSLSession' objects> Ticket life time hint.
time = <attribute 'time' of '_ssl.SSLSession' objects> Session creation time (seconds since epoch).
timeout = <attribute 'timeout' of '_ssl.SSLSession' objects> Session timeout (delta in seconds).
This class implements a subtype of socket.socket that wraps the underlying OS socket in an SSL context when necessary, and provides read and write methods over that channel.
accept(self) Accepts a new connection from a remote client, and returns a tuple containing that new connection wrapped with a server-side SSL channel, and the address of the remote client.
bind(...) bind(address) Bind the socket to a local address. For IP sockets, the address is a pair (host, port); the host must refer to the local host. For raw packet sockets the address is a tuple (ifname, proto [,pkttype [,hatype [,addr]]])
cipher(self) Return the currently selected cipher as a 3-tuple ``(name, ssl_version, secret_bits)``.
close(self)
compression(self) Return the current compression algorithm in use, or ``None`` if compression was not negotiated or not supported by one of the peers.
connect(self, addr) Connects to remote ADDR, and then wraps the connection in an SSL channel.
connect_ex(self, addr) Connects to remote ADDR, and then wraps the connection in an SSL channel.
detach(self) detach() -> file descriptor Close the socket object without closing the underlying file descriptor. The object cannot be used after this call, but the file descriptor can be reused for other purposes. The file descriptor is returned.
do_handshake(self, block=False) Start the SSL/TLS handshake.
dup(self)
fileno(...) fileno() -> integer Return the integer file descriptor of the socket.
get_channel_binding(self, cb_type='tls-unique') Get channel binding data for current connection. Raise ValueError if the requested `cb_type` is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake).
get_inheritable(self) Get the inheritable flag of the socket
getblocking(...) getblocking() Returns True if socket is in blocking mode, or False if it is in non-blocking mode.
getpeercert(self, binary_form=False) Returns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.
getpeername(...) getpeername() -> address info Return the address of the remote endpoint. For IP sockets, the address info is a pair (hostaddr, port).
getsockname(...) getsockname() -> address info Return the address of the local endpoint. The format depends on the address family. For IPv4 sockets, the address info is a pair (hostaddr, port).
getsockopt(...) getsockopt(level, option[, buffersize]) -> value Get a socket option. See the Unix manual for level and option. If a nonzero buffersize argument is given, the return value is a string of that length; otherwise it is an integer.
gettimeout(...) gettimeout() -> timeout Returns the timeout in seconds (float) associated with socket operations. A timeout of None indicates that timeouts on socket operations are disabled.
listen(...) listen([backlog]) Enable a server to accept connections. If backlog is specified, it must be at least 0 (if it is lower, it is set to 0); it specifies the number of unaccepted connections that the system will allow before refusing new connections. If not specified, a default reasonable value is chosen.
makefile(self, mode='r', buffering=None, *, encoding=None, errors=None, newline=None) makefile(...) -> an I/O stream connected to the socket The arguments are as for io.open() after the filename, except the only supported mode values are 'r' (default), 'w' and 'b'.
pending(self) Return the number of bytes that can be read immediately.
read(self, len=1024, buffer=None) Read up to LEN bytes and return them. Return zero-length string on EOF.
recv(self, buflen=1024, flags=0)
recv_into(self, buffer, nbytes=None, flags=0)
recvfrom(self, buflen=1024, flags=0)
recvfrom_into(self, buffer, nbytes=None, flags=0)
recvmsg(self, *args, **kwargs)
recvmsg_into(self, *args, **kwargs)
selected_alpn_protocol(self) Return the currently selected ALPN protocol as a string, or ``None`` if a next protocol was not negotiated or if ALPN is not supported by one of the peers.
selected_npn_protocol(self) Return the currently selected NPN protocol as a string, or ``None`` if a next protocol was not negotiated or if NPN is not supported by one of the peers.
send(self, data, flags=0)
sendall(self, data, flags=0)
sendfile(self, file, offset=0, count=None) Send a file, possibly by using os.sendfile() if this is a clear-text socket. Return the total number of bytes sent.
sendmsg(self, *args, **kwargs)
sendmsg_afalg(...) sendmsg_afalg([msg], *, op[, iv[, assoclen[, flags=MSG_MORE]]]) Set operation mode, IV and length of associated data for an AF_ALG operation socket.
sendto(self, data, flags_or_addr, addr=None)
set_inheritable(self, inheritable) Set the inheritable flag of the socket
setblocking(...) setblocking(flag) Set the socket to blocking (flag is true) or non-blocking (false). setblocking(True) is equivalent to settimeout(None); setblocking(False) is equivalent to settimeout(0.0).
setsockopt(...) setsockopt(level, option, value: int) setsockopt(level, option, value: buffer) setsockopt(level, option, None, optlen: int) Set a socket option. See the Unix manual for level and option. The value argument can either be an integer, a string buffer, or None, optlen.
settimeout(...) settimeout(timeout) Set a timeout on socket operations. 'timeout' can be a float, giving in seconds, or None. Setting a timeout of None disables the timeout feature and is equivalent to setblocking(1). Setting a timeout of zero is the same as setblocking(0).
shared_ciphers(self) Return a list of ciphers shared by the client during the handshake or None if this is not a valid server connection.
shutdown(self, how)
unwrap(self) Start the SSL shutdown handshake.
verify_client_post_handshake(self)
version(self) Return a string identifying the protocol version used by the current SSL channel.
write(self, data) Write DATA to the underlying SSL channel. Returns number of bytes of DATA actually transmitted.
context = <property object at 0x7f75e3a903b0> The SSLContext that is currently in use.
family = <property object at 0x7f75e3b37420> Read-only access to the address family for this socket.
proto = <member 'proto' of '_socket.socket' objects> the socket protocol
session = <property object at 0x7f75e3a90400> The SSLSession for client socket.
session_reused = <property object at 0x7f75e3a90310> Was the client session reused during handshake
timeout = <attribute 'timeout' of '_socket.socket' objects> the socket timeout
type = <property object at 0x7f75e3a66e80> Read-only access to the socket type.
System error when attempting SSL operation.
with_traceback(...) Exception.with_traceback(tb) -- set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects> POSIX exception code
filename = <member 'filename' of 'OSError' objects> exception filename
filename2 = <member 'filename2' of 'OSError' objects> second exception filename
strerror = <member 'strerror' of 'OSError' objects> exception strerror
Non-blocking SSL socket needs to read more data before the requested operation can be completed.
with_traceback(...) Exception.with_traceback(tb) -- set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects> POSIX exception code
filename = <member 'filename' of 'OSError' objects> exception filename
filename2 = <member 'filename2' of 'OSError' objects> second exception filename
strerror = <member 'strerror' of 'OSError' objects> exception strerror
Non-blocking SSL socket needs to write more data before the requested operation can be completed.
with_traceback(...) Exception.with_traceback(tb) -- set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects> POSIX exception code
filename = <member 'filename' of 'OSError' objects> exception filename
filename2 = <member 'filename2' of 'OSError' objects> second exception filename
strerror = <member 'strerror' of 'OSError' objects> exception strerror
SSL/TLS session closed cleanly.
with_traceback(...) Exception.with_traceback(tb) -- set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects> POSIX exception code
filename = <member 'filename' of 'OSError' objects> exception filename
filename2 = <member 'filename2' of 'OSError' objects> second exception filename
strerror = <member 'strerror' of 'OSError' objects> exception strerror
An enumeration.
MAXIMUM_SUPPORTED = <TLSVersion.MAXIMUM_SUPPORTED: -1>
MINIMUM_SUPPORTED = <TLSVersion.MINIMUM_SUPPORTED: -2>
SSLv3 = <TLSVersion.SSLv3: 768>
TLSv1 = <TLSVersion.TLSv1: 769>
TLSv1_1 = <TLSVersion.TLSv1_1: 770>
TLSv1_2 = <TLSVersion.TLSv1_2: 771>
TLSv1_3 = <TLSVersion.TLSv1_3: 772>
An enumeration.
VERIFY_ALLOW_PROXY_CERTS = <VerifyFlags.VERIFY_ALLOW_PROXY_CERTS: 64>
VERIFY_CRL_CHECK_CHAIN = <VerifyFlags.VERIFY_CRL_CHECK_CHAIN: 12>
VERIFY_CRL_CHECK_LEAF = <VerifyFlags.VERIFY_CRL_CHECK_LEAF: 4>
VERIFY_DEFAULT = <VerifyFlags.VERIFY_DEFAULT: 0>
VERIFY_X509_PARTIAL_CHAIN = <VerifyFlags.VERIFY_X509_PARTIAL_CHAIN: 524288>
VERIFY_X509_STRICT = <VerifyFlags.VERIFY_X509_STRICT: 32>
VERIFY_X509_TRUSTED_FIRST = <VerifyFlags.VERIFY_X509_TRUSTED_FIRST: 32768>
An enumeration.
CERT_NONE = <VerifyMode.CERT_NONE: 0>
CERT_OPTIONAL = <VerifyMode.CERT_OPTIONAL: 1>
CERT_REQUIRED = <VerifyMode.CERT_REQUIRED: 2>
A subclass of _socket.socket adding the makefile() method.
accept(self) accept() -> (socket object, address info) Wait for an incoming connection. Return a new socket representing the connection, and the address of the client. For IP sockets, the address info is a pair (hostaddr, port).
bind(...) bind(address) Bind the socket to a local address. For IP sockets, the address is a pair (host, port); the host must refer to the local host. For raw packet sockets the address is a tuple (ifname, proto [,pkttype [,hatype [,addr]]])
close(self)
connect(...) connect(address) Connect the socket to a remote address. For IP sockets, the address is a pair (host, port).
connect_ex(...) connect_ex(address) -> errno This is like connect(address), but returns an error code (the errno value) instead of raising an exception when an error occurs.
detach(self) detach() -> file descriptor Close the socket object without closing the underlying file descriptor. The object cannot be used after this call, but the file descriptor can be reused for other purposes. The file descriptor is returned.
dup(self) dup() -> socket object Duplicate the socket. Return a new socket object connected to the same system resource. The new socket is non-inheritable.
fileno(...) fileno() -> integer Return the integer file descriptor of the socket.
get_inheritable(self) Get the inheritable flag of the socket
getblocking(...) getblocking() Returns True if socket is in blocking mode, or False if it is in non-blocking mode.
getpeername(...) getpeername() -> address info Return the address of the remote endpoint. For IP sockets, the address info is a pair (hostaddr, port).
getsockname(...) getsockname() -> address info Return the address of the local endpoint. The format depends on the address family. For IPv4 sockets, the address info is a pair (hostaddr, port).
getsockopt(...) getsockopt(level, option[, buffersize]) -> value Get a socket option. See the Unix manual for level and option. If a nonzero buffersize argument is given, the return value is a string of that length; otherwise it is an integer.
gettimeout(...) gettimeout() -> timeout Returns the timeout in seconds (float) associated with socket operations. A timeout of None indicates that timeouts on socket operations are disabled.
listen(...) listen([backlog]) Enable a server to accept connections. If backlog is specified, it must be at least 0 (if it is lower, it is set to 0); it specifies the number of unaccepted connections that the system will allow before refusing new connections. If not specified, a default reasonable value is chosen.
makefile(self, mode='r', buffering=None, *, encoding=None, errors=None, newline=None) makefile(...) -> an I/O stream connected to the socket The arguments are as for io.open() after the filename, except the only supported mode values are 'r' (default), 'w' and 'b'.
recv(...) recv(buffersize[, flags]) -> data Receive up to buffersize bytes from the socket. For the optional flags argument, see the Unix manual. When no data is available, block until at least one byte is available or until the remote end is closed. When the remote end is closed and all data is read, return the empty string.
recv_into(...) recv_into(buffer, [nbytes[, flags]]) -> nbytes_read A version of recv() that stores its data into a buffer rather than creating a new string. Receive up to buffersize bytes from the socket. If buffersize is not specified (or 0), receive up to the size available in the given buffer. See recv() for documentation about the flags.
recvfrom(...) recvfrom(buffersize[, flags]) -> (data, address info) Like recv(buffersize, flags) but also return the sender's address info.
recvfrom_into(...) recvfrom_into(buffer[, nbytes[, flags]]) -> (nbytes, address info) Like recv_into(buffer[, nbytes[, flags]]) but also return the sender's address info.
recvmsg(...) recvmsg(bufsize[, ancbufsize[, flags]]) -> (data, ancdata, msg_flags, address) Receive normal data (up to bufsize bytes) and ancillary data from the socket. The ancbufsize argument sets the size in bytes of the internal buffer used to receive the ancillary data; it defaults to 0, meaning that no ancillary data will be received. Appropriate buffer sizes for ancillary data can be calculated using CMSG_SPACE() or CMSG_LEN(), and items which do not fit into the buffer might be truncated or discarded. The flags argument defaults to 0 and has the same meaning as for recv(). The return value is a 4-tuple: (data, ancdata, msg_flags, address). The data item is a bytes object holding the non-ancillary data received. The ancdata item is a list of zero or more tuples (cmsg_level, cmsg_type, cmsg_data) representing the ancillary data (control messages) received: cmsg_level and cmsg_type are integers specifying the protocol level and protocol-specific type respectively, and cmsg_data is a bytes object holding the associated data. The msg_flags item is the bitwise OR of various flags indicating conditions on the received message; see your system documentation for details. If the receiving socket is unconnected, address is the address of the sending socket, if available; otherwise, its value is unspecified. If recvmsg() raises an exception after the system call returns, it will first attempt to close any file descriptors received via the SCM_RIGHTS mechanism.
recvmsg_into(...) recvmsg_into(buffers[, ancbufsize[, flags]]) -> (nbytes, ancdata, msg_flags, address) Receive normal data and ancillary data from the socket, scattering the non-ancillary data into a series of buffers. The buffers argument must be an iterable of objects that export writable buffers (e.g. bytearray objects); these will be filled with successive chunks of the non-ancillary data until it has all been written or there are no more buffers. The ancbufsize argument sets the size in bytes of the internal buffer used to receive the ancillary data; it defaults to 0, meaning that no ancillary data will be received. Appropriate buffer sizes for ancillary data can be calculated using CMSG_SPACE() or CMSG_LEN(), and items which do not fit into the buffer might be truncated or discarded. The flags argument defaults to 0 and has the same meaning as for recv(). The return value is a 4-tuple: (nbytes, ancdata, msg_flags, address). The nbytes item is the total number of bytes of non-ancillary data written into the buffers. The ancdata item is a list of zero or more tuples (cmsg_level, cmsg_type, cmsg_data) representing the ancillary data (control messages) received: cmsg_level and cmsg_type are integers specifying the protocol level and protocol-specific type respectively, and cmsg_data is a bytes object holding the associated data. The msg_flags item is the bitwise OR of various flags indicating conditions on the received message; see your system documentation for details. If the receiving socket is unconnected, address is the address of the sending socket, if available; otherwise, its value is unspecified. If recvmsg_into() raises an exception after the system call returns, it will first attempt to close any file descriptors received via the SCM_RIGHTS mechanism.
send(...) send(data[, flags]) -> count Send a data string to the socket. For the optional flags argument, see the Unix manual. Return the number of bytes sent; this may be less than len(data) if the network is busy.
sendall(...) sendall(data[, flags]) Send a data string to the socket. For the optional flags argument, see the Unix manual. This calls send() repeatedly until all data is sent. If an error occurs, it's impossible to tell how much data has been sent.
sendfile(self, file, offset=0, count=None) sendfile(file[, offset[, count]]) -> sent Send a file until EOF is reached by using high-performance os.sendfile() and return the total number of bytes which were sent. *file* must be a regular file object opened in binary mode. If os.sendfile() is not available (e.g. Windows) or file is not a regular file socket.send() will be used instead. *offset* tells from where to start reading the file. If specified, *count* is the total number of bytes to transmit as opposed to sending the file until EOF is reached. File position is updated on return or also in case of error in which case file.tell() can be used to figure out the number of bytes which were sent. The socket must be of SOCK_STREAM type. Non-blocking sockets are not supported.
sendmsg(...) sendmsg(buffers[, ancdata[, flags[, address]]]) -> count Send normal and ancillary data to the socket, gathering the non-ancillary data from a series of buffers and concatenating it into a single message. The buffers argument specifies the non-ancillary data as an iterable of bytes-like objects (e.g. bytes objects). The ancdata argument specifies the ancillary data (control messages) as an iterable of zero or more tuples (cmsg_level, cmsg_type, cmsg_data), where cmsg_level and cmsg_type are integers specifying the protocol level and protocol-specific type respectively, and cmsg_data is a bytes-like object holding the associated data. The flags argument defaults to 0 and has the same meaning as for send(). If address is supplied and not None, it sets a destination address for the message. The return value is the number of bytes of non-ancillary data sent.
sendmsg_afalg(...) sendmsg_afalg([msg], *, op[, iv[, assoclen[, flags=MSG_MORE]]]) Set operation mode, IV and length of associated data for an AF_ALG operation socket.
sendto(...) sendto(data[, flags], address) -> count Like send(data, flags) but allows specifying the destination address. For IP sockets, the address is a pair (hostaddr, port).
set_inheritable(self, inheritable) Set the inheritable flag of the socket
setblocking(...) setblocking(flag) Set the socket to blocking (flag is true) or non-blocking (false). setblocking(True) is equivalent to settimeout(None); setblocking(False) is equivalent to settimeout(0.0).
setsockopt(...) setsockopt(level, option, value: int) setsockopt(level, option, value: buffer) setsockopt(level, option, None, optlen: int) Set a socket option. See the Unix manual for level and option. The value argument can either be an integer, a string buffer, or None, optlen.
settimeout(...) settimeout(timeout) Set a timeout on socket operations. 'timeout' can be a float, giving in seconds, or None. Setting a timeout of None disables the timeout feature and is equivalent to setblocking(1). Setting a timeout of zero is the same as setblocking(0).
shutdown(...) shutdown(flag) Shut down the reading side of the socket (flag == SHUT_RD), the writing side of the socket (flag == SHUT_WR), or both ends (flag == SHUT_RDWR).
family = <property object at 0x7f75e3b37420> Read-only access to the address family for this socket.
proto = <member 'proto' of '_socket.socket' objects> the socket protocol
timeout = <attribute 'timeout' of '_socket.socket' objects> the socket timeout
type = <property object at 0x7f75e3a66e80> Read-only access to the socket type.
Base class for I/O related errors.
with_traceback(...) Exception.with_traceback(tb) -- set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects> POSIX exception code
filename = <member 'filename' of 'OSError' objects> exception filename
filename2 = <member 'filename2' of 'OSError' objects> second exception filename
strerror = <member 'strerror' of 'OSError' objects> exception strerror
DER_cert_to_PEM_cert(der_cert_bytes) Takes a certificate in binary DER format and returns the PEM version of it as a string.
PEM_cert_to_DER_cert(pem_cert_string) Takes a certificate in ASCII PEM format and returns the DER-encoded version of it as a byte sequence
RAND_add(string, entropy, /) Mix string into the OpenSSL PRNG state. entropy (a float) is a lower bound on the entropy contained in string. See RFC 4086.
RAND_bytes(n, /) Generate n cryptographically strong pseudo-random bytes.
RAND_pseudo_bytes(n, /) Generate n pseudo-random bytes. Return a pair (bytes, is_cryptographic). is_cryptographic is True if the bytes generated are cryptographically strong.
RAND_status() Returns True if the OpenSSL PRNG has been seeded with enough data and False if not. It is necessary to seed the PRNG with RAND_add() on some platforms before using the ssl() function.
cert_time_to_seconds(cert_time) Return the time in seconds since the Epoch, given the timestring representing the "notBefore" or "notAfter" date from a certificate in ``"%b %d %H:%M:%S %Y %Z"`` strptime format (C locale). "notBefore" or "notAfter" dates must use UTC (RFC 5280). Month is one of: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec UTC should be specified as GMT (see ASN1_TIME_print())
create_connection(address, timeout=<object object at 0x7f75e3c944e0>, source_address=None) Connect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. A host of '' or port 0 tells the OS to use the default.
create_default_context(purpose=<Purpose.SERVER_AUTH: _ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1')>, *, cafile=None, capath=None, cadata=None) Create a SSLContext object with default settings. NOTE: The protocol and settings may change anytime without prior deprecation. The values represent a fair balance between maximum compatibility and security.
get_default_verify_paths() Return paths to default cafile and capath.
get_protocol_name(protocol_code)
get_server_certificate(addr, ssl_version=<_SSLMethod.PROTOCOL_TLS_CLIENT: 16>, ca_certs=None, timeout=<object object at 0x7f75e3c944e0>) Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If 'ca_certs' is specified, validate the server cert against it. If 'ssl_version' is specified, use it in the connection attempt. If 'timeout' is specified, use it in the connection attempt.
match_hostname(cert, hostname) Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed. The function matches IP addresses rather than dNSNames if hostname is a valid ipaddress string. IPv4 addresses are supported on all platforms. IPv6 addresses are supported on platforms with IPv6 support (AF_INET6 and inet_pton). CertificateError is raised on failure. On success, the function returns nothing.
namedtuple(typename, field_names, *, rename=False, defaults=None, module=None) Returns a new subclass of tuple with named fields. >>> Point = namedtuple('Point', ['x', 'y']) >>> Point.__doc__ # docstring for the new class 'Point(x, y)' >>> p = Point(11, y=22) # instantiate with positional args or keywords >>> p[0] + p[1] # indexable like a plain tuple 33 >>> x, y = p # unpack like a regular tuple >>> x, y (11, 22) >>> p.x + p.y # fields also accessible by name 33 >>> d = p._asdict() # convert to a dictionary >>> d['x'] 11 >>> Point(**d) # convert from a dictionary Point(x=11, y=22) >>> p._replace(x=100) # _replace() is like str.replace() but targets named fields Point(x=100, y=22)
wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=<VerifyMode.CERT_NONE: 0>, ssl_version=<_SSLMethod.PROTOCOL_TLS: 2>, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None)
ALERT_DESCRIPTION_ACCESS_DENIED = <AlertDescription.ALERT_DESCRIPTION_ACCESS_DENIED: 49>
ALERT_DESCRIPTION_BAD_CERTIFICATE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE: 42>
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE: 114>
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE: 113>
ALERT_DESCRIPTION_BAD_RECORD_MAC = <AlertDescription.ALERT_DESCRIPTION_BAD_RECORD_MAC: 20>
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_EXPIRED: 45>
ALERT_DESCRIPTION_CERTIFICATE_REVOKED = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_REVOKED: 44>
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN: 46>
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE: 111>
ALERT_DESCRIPTION_CLOSE_NOTIFY = <AlertDescription.ALERT_DESCRIPTION_CLOSE_NOTIFY: 0>
ALERT_DESCRIPTION_DECODE_ERROR = <AlertDescription.ALERT_DESCRIPTION_DECODE_ERROR: 50>
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE = <AlertDescription.ALERT_DESCRIPTION_DECOMPRESSION_FAILURE: 30>
ALERT_DESCRIPTION_DECRYPT_ERROR = <AlertDescription.ALERT_DESCRIPTION_DECRYPT_ERROR: 51>
ALERT_DESCRIPTION_HANDSHAKE_FAILURE = <AlertDescription.ALERT_DESCRIPTION_HANDSHAKE_FAILURE: 40>
ALERT_DESCRIPTION_ILLEGAL_PARAMETER = <AlertDescription.ALERT_DESCRIPTION_ILLEGAL_PARAMETER: 47>
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY = <AlertDescription.ALERT_DESCRIPTION_INSUFFICIENT_SECURITY: 71>
ALERT_DESCRIPTION_INTERNAL_ERROR = <AlertDescription.ALERT_DESCRIPTION_INTERNAL_ERROR: 80>
ALERT_DESCRIPTION_NO_RENEGOTIATION = <AlertDescription.ALERT_DESCRIPTION_NO_RENEGOTIATION: 100>
ALERT_DESCRIPTION_PROTOCOL_VERSION = <AlertDescription.ALERT_DESCRIPTION_PROTOCOL_VERSION: 70>
ALERT_DESCRIPTION_RECORD_OVERFLOW = <AlertDescription.ALERT_DESCRIPTION_RECORD_OVERFLOW: 22>
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE = <AlertDescription.ALERT_DESCRIPTION_UNEXPECTED_MESSAGE: 10>
ALERT_DESCRIPTION_UNKNOWN_CA = <AlertDescription.ALERT_DESCRIPTION_UNKNOWN_CA: 48>
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY = <AlertDescription.ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY: 115>
ALERT_DESCRIPTION_UNRECOGNIZED_NAME = <AlertDescription.ALERT_DESCRIPTION_UNRECOGNIZED_NAME: 112>
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE = <AlertDescription.ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE: 43>
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION = <AlertDescription.ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION: 110>
ALERT_DESCRIPTION_USER_CANCELLED = <AlertDescription.ALERT_DESCRIPTION_USER_CANCELLED: 90>
CERT_NONE = <VerifyMode.CERT_NONE: 0>
CERT_OPTIONAL = <VerifyMode.CERT_OPTIONAL: 1>
CERT_REQUIRED = <VerifyMode.CERT_REQUIRED: 2>
CHANNEL_BINDING_TYPES = ['tls-unique']
HAS_ALPN = True
HAS_ECDH = True
HAS_NEVER_CHECK_COMMON_NAME = True
HAS_NPN = False
HAS_SNI = True
HAS_SSLv2 = False
HAS_SSLv3 = False
HAS_TLSv1 = True
HAS_TLSv1_1 = True
HAS_TLSv1_2 = True
HAS_TLSv1_3 = True
OPENSSL_VERSION = 'OpenSSL 3.0.7 1 Nov 2022'
OPENSSL_VERSION_INFO = (3, 0, 0, 7, 0)
OPENSSL_VERSION_NUMBER = 805306480
OP_ALL = <Options.OP_ALL: 2147483728>
OP_CIPHER_SERVER_PREFERENCE = <Options.OP_CIPHER_SERVER_PREFERENCE: 4194304>
OP_ENABLE_MIDDLEBOX_COMPAT = <Options.OP_ENABLE_MIDDLEBOX_COMPAT: 1048576>
OP_IGNORE_UNEXPECTED_EOF = <Options.OP_IGNORE_UNEXPECTED_EOF: 128>
OP_NO_COMPRESSION = <Options.OP_NO_COMPRESSION: 131072>
OP_NO_RENEGOTIATION = <Options.OP_NO_RENEGOTIATION: 1073741824>
OP_NO_SSLv2 = <Options.OP_NO_SSLv2: 0>
OP_NO_SSLv3 = <Options.OP_NO_SSLv3: 33554432>
OP_NO_TICKET = <Options.OP_NO_TICKET: 16384>
OP_NO_TLSv1 = <Options.OP_NO_TLSv1: 67108864>
OP_NO_TLSv1_1 = <Options.OP_NO_TLSv1_1: 268435456>
OP_NO_TLSv1_2 = <Options.OP_NO_TLSv1_2: 134217728>
OP_NO_TLSv1_3 = <Options.OP_NO_TLSv1_3: 536870912>
OP_SINGLE_DH_USE = <Options.OP_NO_SSLv2: 0>
OP_SINGLE_ECDH_USE = <Options.OP_NO_SSLv2: 0>
PEM_FOOTER = '-----END CERTIFICATE-----'
PEM_HEADER = '-----BEGIN CERTIFICATE-----'
PROTOCOL_SSLv23 = <_SSLMethod.PROTOCOL_TLS: 2>
PROTOCOL_TLS = <_SSLMethod.PROTOCOL_TLS: 2>
PROTOCOL_TLS_CLIENT = <_SSLMethod.PROTOCOL_TLS_CLIENT: 16>
PROTOCOL_TLS_SERVER = <_SSLMethod.PROTOCOL_TLS_SERVER: 17>
PROTOCOL_TLSv1 = <_SSLMethod.PROTOCOL_TLSv1: 3>
PROTOCOL_TLSv1_1 = <_SSLMethod.PROTOCOL_TLSv1_1: 4>
PROTOCOL_TLSv1_2 = <_SSLMethod.PROTOCOL_TLSv1_2: 5>
SOCK_STREAM = <SocketKind.SOCK_STREAM: 1>
SOL_SOCKET = 1
SO_TYPE = 3
SSL_ERROR_EOF = <SSLErrorNumber.SSL_ERROR_EOF: 8>
SSL_ERROR_INVALID_ERROR_CODE = <SSLErrorNumber.SSL_ERROR_INVALID_ERROR_CODE: 10>
SSL_ERROR_SSL = <SSLErrorNumber.SSL_ERROR_SSL: 1>
SSL_ERROR_SYSCALL = <SSLErrorNumber.SSL_ERROR_SYSCALL: 5>
SSL_ERROR_WANT_CONNECT = <SSLErrorNumber.SSL_ERROR_WANT_CONNECT: 7>
SSL_ERROR_WANT_READ = <SSLErrorNumber.SSL_ERROR_WANT_READ: 2>
SSL_ERROR_WANT_WRITE = <SSLErrorNumber.SSL_ERROR_WANT_WRITE: 3>
SSL_ERROR_WANT_X509_LOOKUP = <SSLErrorNumber.SSL_ERROR_WANT_X509_LOOKUP: 4>
SSL_ERROR_ZERO_RETURN = <SSLErrorNumber.SSL_ERROR_ZERO_RETURN: 6>
VERIFY_ALLOW_PROXY_CERTS = <VerifyFlags.VERIFY_ALLOW_PROXY_CERTS: 64>
VERIFY_CRL_CHECK_CHAIN = <VerifyFlags.VERIFY_CRL_CHECK_CHAIN: 12>
VERIFY_CRL_CHECK_LEAF = <VerifyFlags.VERIFY_CRL_CHECK_LEAF: 4>
VERIFY_DEFAULT = <VerifyFlags.VERIFY_DEFAULT: 0>
VERIFY_X509_PARTIAL_CHAIN = <VerifyFlags.VERIFY_X509_PARTIAL_CHAIN: 524288>
VERIFY_X509_STRICT = <VerifyFlags.VERIFY_X509_STRICT: 32>
VERIFY_X509_TRUSTED_FIRST = <VerifyFlags.VERIFY_X509_TRUSTED_FIRST: 32768>