Back to module index
Go to module by name
ssl
This module provides some more Pythonic support for SSL.
Object types:
SSLSocket -- subtype of socket.socket which does SSL over the socket
Exceptions:
SSLError -- exception raised for I/O errors
Functions:
cert_time_to_seconds -- convert time string used for certificate
notBefore and notAfter functions to integer
seconds past the Epoch (the time values
returned from time.time())
fetch_server_certificate (HOST, PORT) -- fetch the certificate provided
by the server running on HOST at port PORT. No
validation of the certificate is performed.
Integer constants:
SSL_ERROR_ZERO_RETURN
SSL_ERROR_WANT_READ
SSL_ERROR_WANT_WRITE
SSL_ERROR_WANT_X509_LOOKUP
SSL_ERROR_SYSCALL
SSL_ERROR_SSL
SSL_ERROR_WANT_CONNECT
SSL_ERROR_EOF
SSL_ERROR_INVALID_ERROR_CODE
The following group define certificate requirements that one side is
allowing/requiring from the other side:
CERT_NONE - no certificates from the other side are required (or will
be looked at if provided)
CERT_OPTIONAL - certificates are not required, but if provided will be
validated, and if validation fails, the connection will
also fail
CERT_REQUIRED - certificates are required, and will be validated, and
if validation fails, the connection will also fail
The following constants identify various SSL protocol variants:
PROTOCOL_SSLv2
PROTOCOL_SSLv3
PROTOCOL_SSLv23
PROTOCOL_TLS
PROTOCOL_TLS_CLIENT
PROTOCOL_TLS_SERVER
PROTOCOL_TLSv1
PROTOCOL_TLSv1_1
PROTOCOL_TLSv1_2
The following constants identify various SSL alert message descriptions as per
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
ALERT_DESCRIPTION_CLOSE_NOTIFY
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE
ALERT_DESCRIPTION_BAD_RECORD_MAC
ALERT_DESCRIPTION_RECORD_OVERFLOW
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE
ALERT_DESCRIPTION_HANDSHAKE_FAILURE
ALERT_DESCRIPTION_BAD_CERTIFICATE
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE
ALERT_DESCRIPTION_CERTIFICATE_REVOKED
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN
ALERT_DESCRIPTION_ILLEGAL_PARAMETER
ALERT_DESCRIPTION_UNKNOWN_CA
ALERT_DESCRIPTION_ACCESS_DENIED
ALERT_DESCRIPTION_DECODE_ERROR
ALERT_DESCRIPTION_DECRYPT_ERROR
ALERT_DESCRIPTION_PROTOCOL_VERSION
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY
ALERT_DESCRIPTION_INTERNAL_ERROR
ALERT_DESCRIPTION_USER_CANCELLED
ALERT_DESCRIPTION_NO_RENEGOTIATION
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE
ALERT_DESCRIPTION_UNRECOGNIZED_NAME
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY
Classes
AlertDescription
An enumeration.
ALERT_DESCRIPTION_ACCESS_DENIED = <AlertDescription.ALERT_DESCRIPTION_ACCESS_DENIED: 49>
ALERT_DESCRIPTION_BAD_CERTIFICATE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE: 42>
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE: 114>
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE: 113>
ALERT_DESCRIPTION_BAD_RECORD_MAC = <AlertDescription.ALERT_DESCRIPTION_BAD_RECORD_MAC: 20>
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_EXPIRED: 45>
ALERT_DESCRIPTION_CERTIFICATE_REVOKED = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_REVOKED: 44>
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN: 46>
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE: 111>
ALERT_DESCRIPTION_CLOSE_NOTIFY = <AlertDescription.ALERT_DESCRIPTION_CLOSE_NOTIFY: 0>
ALERT_DESCRIPTION_DECODE_ERROR = <AlertDescription.ALERT_DESCRIPTION_DECODE_ERROR: 50>
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE = <AlertDescription.ALERT_DESCRIPTION_DECOMPRESSION_FAILURE: 30>
ALERT_DESCRIPTION_DECRYPT_ERROR = <AlertDescription.ALERT_DESCRIPTION_DECRYPT_ERROR: 51>
ALERT_DESCRIPTION_HANDSHAKE_FAILURE = <AlertDescription.ALERT_DESCRIPTION_HANDSHAKE_FAILURE: 40>
ALERT_DESCRIPTION_ILLEGAL_PARAMETER = <AlertDescription.ALERT_DESCRIPTION_ILLEGAL_PARAMETER: 47>
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY = <AlertDescription.ALERT_DESCRIPTION_INSUFFICIENT_SECURITY: 71>
ALERT_DESCRIPTION_INTERNAL_ERROR = <AlertDescription.ALERT_DESCRIPTION_INTERNAL_ERROR: 80>
ALERT_DESCRIPTION_NO_RENEGOTIATION = <AlertDescription.ALERT_DESCRIPTION_NO_RENEGOTIATION: 100>
ALERT_DESCRIPTION_PROTOCOL_VERSION = <AlertDescription.ALERT_DESCRIPTION_PROTOCOL_VERSION: 70>
ALERT_DESCRIPTION_RECORD_OVERFLOW = <AlertDescription.ALERT_DESCRIPTION_RECORD_OVERFLOW: 22>
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE = <AlertDescription.ALERT_DESCRIPTION_UNEXPECTED_MESSAGE: 10>
ALERT_DESCRIPTION_UNKNOWN_CA = <AlertDescription.ALERT_DESCRIPTION_UNKNOWN_CA: 48>
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY = <AlertDescription.ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY: 115>
ALERT_DESCRIPTION_UNRECOGNIZED_NAME = <AlertDescription.ALERT_DESCRIPTION_UNRECOGNIZED_NAME: 112>
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE = <AlertDescription.ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE: 43>
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION = <AlertDescription.ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION: 110>
ALERT_DESCRIPTION_USER_CANCELLED = <AlertDescription.ALERT_DESCRIPTION_USER_CANCELLED: 90>
SSLCertVerificationError
A certificate could not be verified.
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects>
POSIX exception code
filename = <member 'filename' of 'OSError' objects>
exception filename
filename2 = <member 'filename2' of 'OSError' objects>
second exception filename
strerror = <member 'strerror' of 'OSError' objects>
exception strerror
DefaultVerifyPaths
DefaultVerifyPaths(cafile, capath, openssl_cafile_env, openssl_cafile, openssl_capath_env, openssl_capath)
count(self, value, /)
Return number of occurrences of value.
index(self, value, start=0, stop=9223372036854775807, /)
Return first index of value.
Raises ValueError if the value is not present.
cafile = _tuplegetter(0, 'Alias for field number 0')
Alias for field number 0
capath = _tuplegetter(1, 'Alias for field number 1')
Alias for field number 1
openssl_cafile = _tuplegetter(3, 'Alias for field number 3')
Alias for field number 3
openssl_cafile_env = _tuplegetter(2, 'Alias for field number 2')
Alias for field number 2
openssl_capath = _tuplegetter(5, 'Alias for field number 5')
Alias for field number 5
openssl_capath_env = _tuplegetter(4, 'Alias for field number 4')
Alias for field number 4
MemoryBIO
read(self, size=-1, /)
Read up to size bytes from the memory BIO.
If size is not specified, read the entire buffer.
If the return value is an empty bytes instance, this means either
EOF or that no data is available. Use the "eof" property to
distinguish between the two.
write(self, b, /)
Writes the bytes b into the memory BIO.
Returns the number of bytes written.
write_eof(self, /)
Write an EOF marker to the memory BIO.
When all data has been read, the "eof" property will be True.
eof = <attribute 'eof' of '_ssl.MemoryBIO' objects>
Whether the memory BIO is at EOF.
pending = <attribute 'pending' of '_ssl.MemoryBIO' objects>
The number of bytes pending in the memory BIO.
Options
An enumeration.
OP_ALL = <Options.OP_ALL: 2147483732>
OP_CIPHER_SERVER_PREFERENCE = <Options.OP_CIPHER_SERVER_PREFERENCE: 4194304>
OP_ENABLE_MIDDLEBOX_COMPAT = <Options.OP_ENABLE_MIDDLEBOX_COMPAT: 1048576>
OP_NO_COMPRESSION = <Options.OP_NO_COMPRESSION: 131072>
OP_NO_RENEGOTIATION = <Options.OP_NO_RENEGOTIATION: 1073741824>
OP_NO_SSLv2 = <Options.OP_NO_SSLv2: 0>
OP_NO_SSLv3 = <Options.OP_NO_SSLv3: 33554432>
OP_NO_TICKET = <Options.OP_NO_TICKET: 16384>
OP_NO_TLSv1 = <Options.OP_NO_TLSv1: 67108864>
OP_NO_TLSv1_1 = <Options.OP_NO_TLSv1_1: 268435456>
OP_NO_TLSv1_2 = <Options.OP_NO_TLSv1_2: 134217728>
OP_NO_TLSv1_3 = <Options.OP_NO_TLSv1_3: 536870912>
Purpose
SSLContext purpose flags with X509v3 Extended Key Usage objects
CLIENT_AUTH = <Purpose.CLIENT_AUTH: _ASN1Object(nid=130, shortname='clientAuth', longname='TLS Web Client Authentication', oid='1.3.6.1.5.5.7.3.2')>
SERVER_AUTH = <Purpose.SERVER_AUTH: _ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1')>
name = <types.DynamicClassAttribute object at 0x7f0567f3eb80>
The name of the Enum member.
value = <types.DynamicClassAttribute object at 0x7f0567f3ebb0>
The value of the Enum member.
SSLCertVerificationError
A certificate could not be verified.
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects>
POSIX exception code
filename = <member 'filename' of 'OSError' objects>
exception filename
filename2 = <member 'filename2' of 'OSError' objects>
second exception filename
strerror = <member 'strerror' of 'OSError' objects>
exception strerror
SSLContext
An SSLContext holds various SSL-related configuration options and
data, such as certificates and possibly a private key.
wrap_socket.SSLObject
This class implements an interface on top of a low-level SSL object as
implemented by OpenSSL. This object captures the state of an SSL connection
but does not provide any network IO itself. IO needs to be performed
through separate "BIO" objects which are OpenSSL's IO abstraction layer.
This class does not have a public constructor. Instances are returned by
``SSLContext.wrap_bio``. This class is typically used by framework authors
that want to implement asynchronous IO for SSL through memory buffers.
When compared to ``SSLSocket``, this object lacks the following features:
* Any form of network IO, including methods such as ``recv`` and ``send``.
* The ``do_handshake_on_connect`` and ``suppress_ragged_eofs`` machinery.
cipher(self)
Return the currently selected cipher as a 3-tuple ``(name,
ssl_version, secret_bits)``.
compression(self)
Return the current compression algorithm in use, or ``None`` if
compression was not negotiated or not supported by one of the peers.
do_handshake(self)
Start the SSL/TLS handshake.
get_channel_binding(self, cb_type='tls-unique')
Get channel binding data for current connection. Raise ValueError
if the requested `cb_type` is not supported. Return bytes of the data
or None if the data is not available (e.g. before the handshake).
getpeercert(self, binary_form=False)
Returns a formatted version of the data in the certificate provided
by the other end of the SSL channel.
Return None if no certificate was provided, {} if a certificate was
provided, but not validated.
pending(self)
Return the number of bytes that can be read immediately.
read(self, len=1024, buffer=None)
Read up to 'len' bytes from the SSL object and return them.
If 'buffer' is provided, read into this buffer and return the number of
bytes read.
selected_alpn_protocol(self)
Return the currently selected ALPN protocol as a string, or ``None``
if a next protocol was not negotiated or if ALPN is not supported by one
of the peers.
selected_npn_protocol(self)
Return the currently selected NPN protocol as a string, or ``None``
if a next protocol was not negotiated or if NPN is not supported by one
of the peers.
shared_ciphers(self)
Return a list of ciphers shared by the client during the handshake or
None if this is not a valid server connection.
unwrap(self)
Start the SSL shutdown handshake.
verify_client_post_handshake(self)
version(self)
Return a string identifying the protocol version used by the
current SSL channel.
write(self, data)
Write 'data' to the SSL object and return the number of bytes
written.
The 'data' argument must support the buffer interface.
context = <property object at 0x7f0567a2fb80>
The SSLContext that is currently in use.
server_hostname = <property object at 0x7f0567a2fc20>
The currently set server hostname (for SNI), or ``None`` if no
server hostname is set.
server_side = <property object at 0x7f0567a2fb30>
Whether this is a server-side socket.
session = <property object at 0x7f0567a2fbd0>
The SSLSession for client socket.
session_reused = <property object at 0x7f0567a2fa40>
Was the client session reused during handshake
wrap_socket.SSLSocket
This class implements a subtype of socket.socket that wraps
the underlying OS socket in an SSL context when necessary, and
provides read and write methods over that channel.
accept(self)
Accepts a new connection from a remote client, and returns
a tuple containing that new connection wrapped with a server-side
SSL channel, and the address of the remote client.
bind(...)
bind(address)
Bind the socket to a local address. For IP sockets, the address is a
pair (host, port); the host must refer to the local host. For raw packet
sockets the address is a tuple (ifname, proto [,pkttype [,hatype [,addr]]])
cipher(self)
Return the currently selected cipher as a 3-tuple ``(name,
ssl_version, secret_bits)``.
close(self)
compression(self)
Return the current compression algorithm in use, or ``None`` if
compression was not negotiated or not supported by one of the peers.
connect(self, addr)
Connects to remote ADDR, and then wraps the connection in
an SSL channel.
connect_ex(self, addr)
Connects to remote ADDR, and then wraps the connection in
an SSL channel.
detach(self)
detach() -> file descriptor
Close the socket object without closing the underlying file descriptor.
The object cannot be used after this call, but the file descriptor
can be reused for other purposes. The file descriptor is returned.
do_handshake(self, block=False)
Start the SSL/TLS handshake.
dup(self)
fileno(...)
fileno() -> integer
Return the integer file descriptor of the socket.
get_channel_binding(self, cb_type='tls-unique')
Get channel binding data for current connection. Raise ValueError
if the requested `cb_type` is not supported. Return bytes of the data
or None if the data is not available (e.g. before the handshake).
get_inheritable(self)
Get the inheritable flag of the socket
getblocking(...)
getblocking()
Returns True if socket is in blocking mode, or False if it
is in non-blocking mode.
getpeercert(self, binary_form=False)
Returns a formatted version of the data in the certificate provided
by the other end of the SSL channel.
Return None if no certificate was provided, {} if a certificate was
provided, but not validated.
getpeername(...)
getpeername() -> address info
Return the address of the remote endpoint. For IP sockets, the address
info is a pair (hostaddr, port).
getsockname(...)
getsockname() -> address info
Return the address of the local endpoint. The format depends on the
address family. For IPv4 sockets, the address info is a pair
(hostaddr, port).
getsockopt(...)
getsockopt(level, option[, buffersize]) -> value
Get a socket option. See the Unix manual for level and option.
If a nonzero buffersize argument is given, the return value is a
string of that length; otherwise it is an integer.
gettimeout(...)
gettimeout() -> timeout
Returns the timeout in seconds (float) associated with socket
operations. A timeout of None indicates that timeouts on socket
operations are disabled.
listen(...)
listen([backlog])
Enable a server to accept connections. If backlog is specified, it must be
at least 0 (if it is lower, it is set to 0); it specifies the number of
unaccepted connections that the system will allow before refusing new
connections. If not specified, a default reasonable value is chosen.
makefile(self, mode='r', buffering=None, *, encoding=None, errors=None, newline=None)
makefile(...) -> an I/O stream connected to the socket
The arguments are as for io.open() after the filename, except the only
supported mode values are 'r' (default), 'w' and 'b'.
pending(self)
Return the number of bytes that can be read immediately.
read(self, len=1024, buffer=None)
Read up to LEN bytes and return them.
Return zero-length string on EOF.
recv(self, buflen=1024, flags=0)
recv_into(self, buffer, nbytes=None, flags=0)
recvfrom(self, buflen=1024, flags=0)
recvfrom_into(self, buffer, nbytes=None, flags=0)
recvmsg(self, *args, **kwargs)
recvmsg_into(self, *args, **kwargs)
selected_alpn_protocol(self)
Return the currently selected ALPN protocol as a string, or ``None``
if a next protocol was not negotiated or if ALPN is not supported by one
of the peers.
selected_npn_protocol(self)
Return the currently selected NPN protocol as a string, or ``None``
if a next protocol was not negotiated or if NPN is not supported by one
of the peers.
send(self, data, flags=0)
sendall(self, data, flags=0)
sendfile(self, file, offset=0, count=None)
Send a file, possibly by using os.sendfile() if this is a
clear-text socket. Return the total number of bytes sent.
sendmsg(self, *args, **kwargs)
sendmsg_afalg(...)
sendmsg_afalg([msg], *, op[, iv[, assoclen[, flags=MSG_MORE]]])
Set operation mode, IV and length of associated data for an AF_ALG
operation socket.
sendto(self, data, flags_or_addr, addr=None)
set_inheritable(self, inheritable)
Set the inheritable flag of the socket
setblocking(...)
setblocking(flag)
Set the socket to blocking (flag is true) or non-blocking (false).
setblocking(True) is equivalent to settimeout(None);
setblocking(False) is equivalent to settimeout(0.0).
setsockopt(...)
setsockopt(level, option, value: int)
setsockopt(level, option, value: buffer)
setsockopt(level, option, None, optlen: int)
Set a socket option. See the Unix manual for level and option.
The value argument can either be an integer, a string buffer, or
None, optlen.
settimeout(...)
settimeout(timeout)
Set a timeout on socket operations. 'timeout' can be a float,
giving in seconds, or None. Setting a timeout of None disables
the timeout feature and is equivalent to setblocking(1).
Setting a timeout of zero is the same as setblocking(0).
shared_ciphers(self)
Return a list of ciphers shared by the client during the handshake or
None if this is not a valid server connection.
shutdown(self, how)
unwrap(self)
Start the SSL shutdown handshake.
verify_client_post_handshake(self)
version(self)
Return a string identifying the protocol version used by the
current SSL channel.
write(self, data)
Write DATA to the underlying SSL channel. Returns
number of bytes of DATA actually transmitted.
context = <property object at 0x7f0567a2fd60>
The SSLContext that is currently in use.
family = <property object at 0x7f0567a87360>
Read-only access to the address family for this socket.
proto = <member 'proto' of '_socket.socket' objects>
the socket protocol
session = <property object at 0x7f0567a2fdb0>
The SSLSession for client socket.
session_reused = <property object at 0x7f0567a2fcc0>
Was the client session reused during handshake
timeout = <attribute 'timeout' of '_socket.socket' objects>
the socket timeout
type = <property object at 0x7f0567a0bb30>
Read-only access to the socket type.
cert_store_stats(self, /)
Returns quantities of loaded X.509 certificates.
X.509 certificates with a CA extension and certificate revocation lists
inside the context's cert store.
NOTE: Certificates in a capath directory aren't loaded unless they have
been used at least once.
get_ca_certs(self, /, binary_form=False)
Returns a list of dicts with information of loaded CA certs.
If the optional argument is True, returns a DER-encoded copy of the CA
certificate.
NOTE: Certificates in a capath directory aren't loaded unless they have
been used at least once.
get_ciphers(self, /)
load_cert_chain(self, /, certfile, keyfile=None, password=None)
load_default_certs(self, purpose=<Purpose.SERVER_AUTH: _ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1')>)
load_dh_params(self, path, /)
load_verify_locations(self, /, cafile=None, capath=None, cadata=None)
session_stats(self, /)
set_alpn_protocols(self, alpn_protocols)
set_ciphers(self, cipherlist, /)
set_default_verify_paths(self, /)
set_ecdh_curve(self, name, /)
set_npn_protocols(self, npn_protocols)
set_servername_callback(self, server_name_callback)
wrap_bio(self, incoming, outgoing, server_side=False, server_hostname=None, session=None)
wrap_socket(self, sock, server_side=False, do_handshake_on_connect=True, suppress_ragged_eofs=True, server_hostname=None, session=None)
check_hostname = <attribute 'check_hostname' of '_ssl._SSLContext' objects>
hostname_checks_common_name = <property object at 0x7f0567a2f9a0>
keylog_filename = <attribute 'keylog_filename' of '_ssl._SSLContext' objects>
maximum_version = <property object at 0x7f0567a2f900>
minimum_version = <property object at 0x7f0567a2f8b0>
num_tickets = <attribute 'num_tickets' of '_ssl._SSLContext' objects>
Control the number of TLSv1.3 session tickets
options = <property object at 0x7f0567a2f950>
post_handshake_auth = <attribute 'post_handshake_auth' of '_ssl._SSLContext' objects>
protocol = <property object at 0x7f0567a2f450>
sni_callback = <attribute 'sni_callback' of '_ssl._SSLContext' objects>
Set a callback that will be called when a server name is provided by the SSL/TLS client in the SNI extension.
If the argument is None then the callback is disabled. The method is called
with the SSLSocket, the server name as a string, and the SSLContext object.
See RFC 6066 for details of the SNI extension.
verify_flags = <property object at 0x7f0567a2fa90>
verify_mode = <property object at 0x7f0567a2fae0>
SSLEOFError
SSL/TLS connection terminated abruptly.
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects>
POSIX exception code
filename = <member 'filename' of 'OSError' objects>
exception filename
filename2 = <member 'filename2' of 'OSError' objects>
second exception filename
strerror = <member 'strerror' of 'OSError' objects>
exception strerror
SSLError
An error occurred in the SSL implementation.
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects>
POSIX exception code
filename = <member 'filename' of 'OSError' objects>
exception filename
filename2 = <member 'filename2' of 'OSError' objects>
second exception filename
strerror = <member 'strerror' of 'OSError' objects>
exception strerror
SSLErrorNumber
An enumeration.
SSL_ERROR_EOF = <SSLErrorNumber.SSL_ERROR_EOF: 8>
SSL_ERROR_INVALID_ERROR_CODE = <SSLErrorNumber.SSL_ERROR_INVALID_ERROR_CODE: 10>
SSL_ERROR_SSL = <SSLErrorNumber.SSL_ERROR_SSL: 1>
SSL_ERROR_SYSCALL = <SSLErrorNumber.SSL_ERROR_SYSCALL: 5>
SSL_ERROR_WANT_CONNECT = <SSLErrorNumber.SSL_ERROR_WANT_CONNECT: 7>
SSL_ERROR_WANT_READ = <SSLErrorNumber.SSL_ERROR_WANT_READ: 2>
SSL_ERROR_WANT_WRITE = <SSLErrorNumber.SSL_ERROR_WANT_WRITE: 3>
SSL_ERROR_WANT_X509_LOOKUP = <SSLErrorNumber.SSL_ERROR_WANT_X509_LOOKUP: 4>
SSL_ERROR_ZERO_RETURN = <SSLErrorNumber.SSL_ERROR_ZERO_RETURN: 6>
SSLObject
This class implements an interface on top of a low-level SSL object as
implemented by OpenSSL. This object captures the state of an SSL connection
but does not provide any network IO itself. IO needs to be performed
through separate "BIO" objects which are OpenSSL's IO abstraction layer.
This class does not have a public constructor. Instances are returned by
``SSLContext.wrap_bio``. This class is typically used by framework authors
that want to implement asynchronous IO for SSL through memory buffers.
When compared to ``SSLSocket``, this object lacks the following features:
* Any form of network IO, including methods such as ``recv`` and ``send``.
* The ``do_handshake_on_connect`` and ``suppress_ragged_eofs`` machinery.
cipher(self)
Return the currently selected cipher as a 3-tuple ``(name,
ssl_version, secret_bits)``.
compression(self)
Return the current compression algorithm in use, or ``None`` if
compression was not negotiated or not supported by one of the peers.
do_handshake(self)
Start the SSL/TLS handshake.
get_channel_binding(self, cb_type='tls-unique')
Get channel binding data for current connection. Raise ValueError
if the requested `cb_type` is not supported. Return bytes of the data
or None if the data is not available (e.g. before the handshake).
getpeercert(self, binary_form=False)
Returns a formatted version of the data in the certificate provided
by the other end of the SSL channel.
Return None if no certificate was provided, {} if a certificate was
provided, but not validated.
pending(self)
Return the number of bytes that can be read immediately.
read(self, len=1024, buffer=None)
Read up to 'len' bytes from the SSL object and return them.
If 'buffer' is provided, read into this buffer and return the number of
bytes read.
selected_alpn_protocol(self)
Return the currently selected ALPN protocol as a string, or ``None``
if a next protocol was not negotiated or if ALPN is not supported by one
of the peers.
selected_npn_protocol(self)
Return the currently selected NPN protocol as a string, or ``None``
if a next protocol was not negotiated or if NPN is not supported by one
of the peers.
shared_ciphers(self)
Return a list of ciphers shared by the client during the handshake or
None if this is not a valid server connection.
unwrap(self)
Start the SSL shutdown handshake.
verify_client_post_handshake(self)
version(self)
Return a string identifying the protocol version used by the
current SSL channel.
write(self, data)
Write 'data' to the SSL object and return the number of bytes
written.
The 'data' argument must support the buffer interface.
context = <property object at 0x7f0567a2fb80>
The SSLContext that is currently in use.
server_hostname = <property object at 0x7f0567a2fc20>
The currently set server hostname (for SNI), or ``None`` if no
server hostname is set.
server_side = <property object at 0x7f0567a2fb30>
Whether this is a server-side socket.
session = <property object at 0x7f0567a2fbd0>
The SSLSession for client socket.
session_reused = <property object at 0x7f0567a2fa40>
Was the client session reused during handshake
Session
has_ticket = <attribute 'has_ticket' of '_ssl.Session' objects>
Does the session contain a ticket?
id = <attribute 'id' of '_ssl.Session' objects>
Session id
ticket_lifetime_hint = <attribute 'ticket_lifetime_hint' of '_ssl.Session' objects>
Ticket life time hint.
time = <attribute 'time' of '_ssl.Session' objects>
Session creation time (seconds since epoch).
timeout = <attribute 'timeout' of '_ssl.Session' objects>
Session timeout (delta in seconds).
SSLSocket
This class implements a subtype of socket.socket that wraps
the underlying OS socket in an SSL context when necessary, and
provides read and write methods over that channel.
accept(self)
Accepts a new connection from a remote client, and returns
a tuple containing that new connection wrapped with a server-side
SSL channel, and the address of the remote client.
bind(...)
bind(address)
Bind the socket to a local address. For IP sockets, the address is a
pair (host, port); the host must refer to the local host. For raw packet
sockets the address is a tuple (ifname, proto [,pkttype [,hatype [,addr]]])
cipher(self)
Return the currently selected cipher as a 3-tuple ``(name,
ssl_version, secret_bits)``.
close(self)
compression(self)
Return the current compression algorithm in use, or ``None`` if
compression was not negotiated or not supported by one of the peers.
connect(self, addr)
Connects to remote ADDR, and then wraps the connection in
an SSL channel.
connect_ex(self, addr)
Connects to remote ADDR, and then wraps the connection in
an SSL channel.
detach(self)
detach() -> file descriptor
Close the socket object without closing the underlying file descriptor.
The object cannot be used after this call, but the file descriptor
can be reused for other purposes. The file descriptor is returned.
do_handshake(self, block=False)
Start the SSL/TLS handshake.
dup(self)
fileno(...)
fileno() -> integer
Return the integer file descriptor of the socket.
get_channel_binding(self, cb_type='tls-unique')
Get channel binding data for current connection. Raise ValueError
if the requested `cb_type` is not supported. Return bytes of the data
or None if the data is not available (e.g. before the handshake).
get_inheritable(self)
Get the inheritable flag of the socket
getblocking(...)
getblocking()
Returns True if socket is in blocking mode, or False if it
is in non-blocking mode.
getpeercert(self, binary_form=False)
Returns a formatted version of the data in the certificate provided
by the other end of the SSL channel.
Return None if no certificate was provided, {} if a certificate was
provided, but not validated.
getpeername(...)
getpeername() -> address info
Return the address of the remote endpoint. For IP sockets, the address
info is a pair (hostaddr, port).
getsockname(...)
getsockname() -> address info
Return the address of the local endpoint. The format depends on the
address family. For IPv4 sockets, the address info is a pair
(hostaddr, port).
getsockopt(...)
getsockopt(level, option[, buffersize]) -> value
Get a socket option. See the Unix manual for level and option.
If a nonzero buffersize argument is given, the return value is a
string of that length; otherwise it is an integer.
gettimeout(...)
gettimeout() -> timeout
Returns the timeout in seconds (float) associated with socket
operations. A timeout of None indicates that timeouts on socket
operations are disabled.
listen(...)
listen([backlog])
Enable a server to accept connections. If backlog is specified, it must be
at least 0 (if it is lower, it is set to 0); it specifies the number of
unaccepted connections that the system will allow before refusing new
connections. If not specified, a default reasonable value is chosen.
makefile(self, mode='r', buffering=None, *, encoding=None, errors=None, newline=None)
makefile(...) -> an I/O stream connected to the socket
The arguments are as for io.open() after the filename, except the only
supported mode values are 'r' (default), 'w' and 'b'.
pending(self)
Return the number of bytes that can be read immediately.
read(self, len=1024, buffer=None)
Read up to LEN bytes and return them.
Return zero-length string on EOF.
recv(self, buflen=1024, flags=0)
recv_into(self, buffer, nbytes=None, flags=0)
recvfrom(self, buflen=1024, flags=0)
recvfrom_into(self, buffer, nbytes=None, flags=0)
recvmsg(self, *args, **kwargs)
recvmsg_into(self, *args, **kwargs)
selected_alpn_protocol(self)
Return the currently selected ALPN protocol as a string, or ``None``
if a next protocol was not negotiated or if ALPN is not supported by one
of the peers.
selected_npn_protocol(self)
Return the currently selected NPN protocol as a string, or ``None``
if a next protocol was not negotiated or if NPN is not supported by one
of the peers.
send(self, data, flags=0)
sendall(self, data, flags=0)
sendfile(self, file, offset=0, count=None)
Send a file, possibly by using os.sendfile() if this is a
clear-text socket. Return the total number of bytes sent.
sendmsg(self, *args, **kwargs)
sendmsg_afalg(...)
sendmsg_afalg([msg], *, op[, iv[, assoclen[, flags=MSG_MORE]]])
Set operation mode, IV and length of associated data for an AF_ALG
operation socket.
sendto(self, data, flags_or_addr, addr=None)
set_inheritable(self, inheritable)
Set the inheritable flag of the socket
setblocking(...)
setblocking(flag)
Set the socket to blocking (flag is true) or non-blocking (false).
setblocking(True) is equivalent to settimeout(None);
setblocking(False) is equivalent to settimeout(0.0).
setsockopt(...)
setsockopt(level, option, value: int)
setsockopt(level, option, value: buffer)
setsockopt(level, option, None, optlen: int)
Set a socket option. See the Unix manual for level and option.
The value argument can either be an integer, a string buffer, or
None, optlen.
settimeout(...)
settimeout(timeout)
Set a timeout on socket operations. 'timeout' can be a float,
giving in seconds, or None. Setting a timeout of None disables
the timeout feature and is equivalent to setblocking(1).
Setting a timeout of zero is the same as setblocking(0).
shared_ciphers(self)
Return a list of ciphers shared by the client during the handshake or
None if this is not a valid server connection.
shutdown(self, how)
unwrap(self)
Start the SSL shutdown handshake.
verify_client_post_handshake(self)
version(self)
Return a string identifying the protocol version used by the
current SSL channel.
write(self, data)
Write DATA to the underlying SSL channel. Returns
number of bytes of DATA actually transmitted.
context = <property object at 0x7f0567a2fd60>
The SSLContext that is currently in use.
family = <property object at 0x7f0567a87360>
Read-only access to the address family for this socket.
proto = <member 'proto' of '_socket.socket' objects>
the socket protocol
session = <property object at 0x7f0567a2fdb0>
The SSLSession for client socket.
session_reused = <property object at 0x7f0567a2fcc0>
Was the client session reused during handshake
timeout = <attribute 'timeout' of '_socket.socket' objects>
the socket timeout
type = <property object at 0x7f0567a0bb30>
Read-only access to the socket type.
SSLSyscallError
System error when attempting SSL operation.
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects>
POSIX exception code
filename = <member 'filename' of 'OSError' objects>
exception filename
filename2 = <member 'filename2' of 'OSError' objects>
second exception filename
strerror = <member 'strerror' of 'OSError' objects>
exception strerror
SSLWantReadError
Non-blocking SSL socket needs to read more data
before the requested operation can be completed.
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects>
POSIX exception code
filename = <member 'filename' of 'OSError' objects>
exception filename
filename2 = <member 'filename2' of 'OSError' objects>
second exception filename
strerror = <member 'strerror' of 'OSError' objects>
exception strerror
SSLWantWriteError
Non-blocking SSL socket needs to write more data
before the requested operation can be completed.
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects>
POSIX exception code
filename = <member 'filename' of 'OSError' objects>
exception filename
filename2 = <member 'filename2' of 'OSError' objects>
second exception filename
strerror = <member 'strerror' of 'OSError' objects>
exception strerror
SSLZeroReturnError
SSL/TLS session closed cleanly.
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects>
POSIX exception code
filename = <member 'filename' of 'OSError' objects>
exception filename
filename2 = <member 'filename2' of 'OSError' objects>
second exception filename
strerror = <member 'strerror' of 'OSError' objects>
exception strerror
TLSVersion
An enumeration.
MAXIMUM_SUPPORTED = <TLSVersion.MAXIMUM_SUPPORTED: -1>
MINIMUM_SUPPORTED = <TLSVersion.MINIMUM_SUPPORTED: -2>
SSLv3 = <TLSVersion.SSLv3: 768>
TLSv1 = <TLSVersion.TLSv1: 769>
TLSv1_1 = <TLSVersion.TLSv1_1: 770>
TLSv1_2 = <TLSVersion.TLSv1_2: 771>
TLSv1_3 = <TLSVersion.TLSv1_3: 772>
VerifyFlags
An enumeration.
VERIFY_CRL_CHECK_CHAIN = <VerifyFlags.VERIFY_CRL_CHECK_CHAIN: 12>
VERIFY_CRL_CHECK_LEAF = <VerifyFlags.VERIFY_CRL_CHECK_LEAF: 4>
VERIFY_DEFAULT = <VerifyFlags.VERIFY_DEFAULT: 0>
VERIFY_X509_STRICT = <VerifyFlags.VERIFY_X509_STRICT: 32>
VERIFY_X509_TRUSTED_FIRST = <VerifyFlags.VERIFY_X509_TRUSTED_FIRST: 32768>
VerifyMode
An enumeration.
CERT_NONE = <VerifyMode.CERT_NONE: 0>
CERT_OPTIONAL = <VerifyMode.CERT_OPTIONAL: 1>
CERT_REQUIRED = <VerifyMode.CERT_REQUIRED: 2>
socket
A subclass of _socket.socket adding the makefile() method.
accept(self)
accept() -> (socket object, address info)
Wait for an incoming connection. Return a new socket
representing the connection, and the address of the client.
For IP sockets, the address info is a pair (hostaddr, port).
bind(...)
bind(address)
Bind the socket to a local address. For IP sockets, the address is a
pair (host, port); the host must refer to the local host. For raw packet
sockets the address is a tuple (ifname, proto [,pkttype [,hatype [,addr]]])
close(self)
connect(...)
connect(address)
Connect the socket to a remote address. For IP sockets, the address
is a pair (host, port).
connect_ex(...)
connect_ex(address) -> errno
This is like connect(address), but returns an error code (the errno value)
instead of raising an exception when an error occurs.
detach(self)
detach() -> file descriptor
Close the socket object without closing the underlying file descriptor.
The object cannot be used after this call, but the file descriptor
can be reused for other purposes. The file descriptor is returned.
dup(self)
dup() -> socket object
Duplicate the socket. Return a new socket object connected to the same
system resource. The new socket is non-inheritable.
fileno(...)
fileno() -> integer
Return the integer file descriptor of the socket.
get_inheritable(self)
Get the inheritable flag of the socket
getblocking(...)
getblocking()
Returns True if socket is in blocking mode, or False if it
is in non-blocking mode.
getpeername(...)
getpeername() -> address info
Return the address of the remote endpoint. For IP sockets, the address
info is a pair (hostaddr, port).
getsockname(...)
getsockname() -> address info
Return the address of the local endpoint. The format depends on the
address family. For IPv4 sockets, the address info is a pair
(hostaddr, port).
getsockopt(...)
getsockopt(level, option[, buffersize]) -> value
Get a socket option. See the Unix manual for level and option.
If a nonzero buffersize argument is given, the return value is a
string of that length; otherwise it is an integer.
gettimeout(...)
gettimeout() -> timeout
Returns the timeout in seconds (float) associated with socket
operations. A timeout of None indicates that timeouts on socket
operations are disabled.
listen(...)
listen([backlog])
Enable a server to accept connections. If backlog is specified, it must be
at least 0 (if it is lower, it is set to 0); it specifies the number of
unaccepted connections that the system will allow before refusing new
connections. If not specified, a default reasonable value is chosen.
makefile(self, mode='r', buffering=None, *, encoding=None, errors=None, newline=None)
makefile(...) -> an I/O stream connected to the socket
The arguments are as for io.open() after the filename, except the only
supported mode values are 'r' (default), 'w' and 'b'.
recv(...)
recv(buffersize[, flags]) -> data
Receive up to buffersize bytes from the socket. For the optional flags
argument, see the Unix manual. When no data is available, block until
at least one byte is available or until the remote end is closed. When
the remote end is closed and all data is read, return the empty string.
recv_into(...)
recv_into(buffer, [nbytes[, flags]]) -> nbytes_read
A version of recv() that stores its data into a buffer rather than creating
a new string. Receive up to buffersize bytes from the socket. If buffersize
is not specified (or 0), receive up to the size available in the given buffer.
See recv() for documentation about the flags.
recvfrom(...)
recvfrom(buffersize[, flags]) -> (data, address info)
Like recv(buffersize, flags) but also return the sender's address info.
recvfrom_into(...)
recvfrom_into(buffer[, nbytes[, flags]]) -> (nbytes, address info)
Like recv_into(buffer[, nbytes[, flags]]) but also return the sender's address info.
recvmsg(...)
recvmsg(bufsize[, ancbufsize[, flags]]) -> (data, ancdata, msg_flags, address)
Receive normal data (up to bufsize bytes) and ancillary data from the
socket. The ancbufsize argument sets the size in bytes of the
internal buffer used to receive the ancillary data; it defaults to 0,
meaning that no ancillary data will be received. Appropriate buffer
sizes for ancillary data can be calculated using CMSG_SPACE() or
CMSG_LEN(), and items which do not fit into the buffer might be
truncated or discarded. The flags argument defaults to 0 and has the
same meaning as for recv().
The return value is a 4-tuple: (data, ancdata, msg_flags, address).
The data item is a bytes object holding the non-ancillary data
received. The ancdata item is a list of zero or more tuples
(cmsg_level, cmsg_type, cmsg_data) representing the ancillary data
(control messages) received: cmsg_level and cmsg_type are integers
specifying the protocol level and protocol-specific type respectively,
and cmsg_data is a bytes object holding the associated data. The
msg_flags item is the bitwise OR of various flags indicating
conditions on the received message; see your system documentation for
details. If the receiving socket is unconnected, address is the
address of the sending socket, if available; otherwise, its value is
unspecified.
If recvmsg() raises an exception after the system call returns, it
will first attempt to close any file descriptors received via the
SCM_RIGHTS mechanism.
recvmsg_into(...)
recvmsg_into(buffers[, ancbufsize[, flags]]) -> (nbytes, ancdata, msg_flags, address)
Receive normal data and ancillary data from the socket, scattering the
non-ancillary data into a series of buffers. The buffers argument
must be an iterable of objects that export writable buffers
(e.g. bytearray objects); these will be filled with successive chunks
of the non-ancillary data until it has all been written or there are
no more buffers. The ancbufsize argument sets the size in bytes of
the internal buffer used to receive the ancillary data; it defaults to
0, meaning that no ancillary data will be received. Appropriate
buffer sizes for ancillary data can be calculated using CMSG_SPACE()
or CMSG_LEN(), and items which do not fit into the buffer might be
truncated or discarded. The flags argument defaults to 0 and has the
same meaning as for recv().
The return value is a 4-tuple: (nbytes, ancdata, msg_flags, address).
The nbytes item is the total number of bytes of non-ancillary data
written into the buffers. The ancdata item is a list of zero or more
tuples (cmsg_level, cmsg_type, cmsg_data) representing the ancillary
data (control messages) received: cmsg_level and cmsg_type are
integers specifying the protocol level and protocol-specific type
respectively, and cmsg_data is a bytes object holding the associated
data. The msg_flags item is the bitwise OR of various flags
indicating conditions on the received message; see your system
documentation for details. If the receiving socket is unconnected,
address is the address of the sending socket, if available; otherwise,
its value is unspecified.
If recvmsg_into() raises an exception after the system call returns,
it will first attempt to close any file descriptors received via the
SCM_RIGHTS mechanism.
send(...)
send(data[, flags]) -> count
Send a data string to the socket. For the optional flags
argument, see the Unix manual. Return the number of bytes
sent; this may be less than len(data) if the network is busy.
sendall(...)
sendall(data[, flags])
Send a data string to the socket. For the optional flags
argument, see the Unix manual. This calls send() repeatedly
until all data is sent. If an error occurs, it's impossible
to tell how much data has been sent.
sendfile(self, file, offset=0, count=None)
sendfile(file[, offset[, count]]) -> sent
Send a file until EOF is reached by using high-performance
os.sendfile() and return the total number of bytes which
were sent.
*file* must be a regular file object opened in binary mode.
If os.sendfile() is not available (e.g. Windows) or file is
not a regular file socket.send() will be used instead.
*offset* tells from where to start reading the file.
If specified, *count* is the total number of bytes to transmit
as opposed to sending the file until EOF is reached.
File position is updated on return or also in case of error in
which case file.tell() can be used to figure out the number of
bytes which were sent.
The socket must be of SOCK_STREAM type.
Non-blocking sockets are not supported.
sendmsg(...)
sendmsg(buffers[, ancdata[, flags[, address]]]) -> count
Send normal and ancillary data to the socket, gathering the
non-ancillary data from a series of buffers and concatenating it into
a single message. The buffers argument specifies the non-ancillary
data as an iterable of bytes-like objects (e.g. bytes objects).
The ancdata argument specifies the ancillary data (control messages)
as an iterable of zero or more tuples (cmsg_level, cmsg_type,
cmsg_data), where cmsg_level and cmsg_type are integers specifying the
protocol level and protocol-specific type respectively, and cmsg_data
is a bytes-like object holding the associated data. The flags
argument defaults to 0 and has the same meaning as for send(). If
address is supplied and not None, it sets a destination address for
the message. The return value is the number of bytes of non-ancillary
data sent.
sendmsg_afalg(...)
sendmsg_afalg([msg], *, op[, iv[, assoclen[, flags=MSG_MORE]]])
Set operation mode, IV and length of associated data for an AF_ALG
operation socket.
sendto(...)
sendto(data[, flags], address) -> count
Like send(data, flags) but allows specifying the destination address.
For IP sockets, the address is a pair (hostaddr, port).
set_inheritable(self, inheritable)
Set the inheritable flag of the socket
setblocking(...)
setblocking(flag)
Set the socket to blocking (flag is true) or non-blocking (false).
setblocking(True) is equivalent to settimeout(None);
setblocking(False) is equivalent to settimeout(0.0).
setsockopt(...)
setsockopt(level, option, value: int)
setsockopt(level, option, value: buffer)
setsockopt(level, option, None, optlen: int)
Set a socket option. See the Unix manual for level and option.
The value argument can either be an integer, a string buffer, or
None, optlen.
settimeout(...)
settimeout(timeout)
Set a timeout on socket operations. 'timeout' can be a float,
giving in seconds, or None. Setting a timeout of None disables
the timeout feature and is equivalent to setblocking(1).
Setting a timeout of zero is the same as setblocking(0).
shutdown(...)
shutdown(flag)
Shut down the reading side of the socket (flag == SHUT_RD), the writing side
of the socket (flag == SHUT_WR), or both ends (flag == SHUT_RDWR).
family = <property object at 0x7f0567a87360>
Read-only access to the address family for this socket.
proto = <member 'proto' of '_socket.socket' objects>
the socket protocol
timeout = <attribute 'timeout' of '_socket.socket' objects>
the socket timeout
type = <property object at 0x7f0567a0bb30>
Read-only access to the socket type.
OSError
Base class for I/O related errors.
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>
characters_written = <attribute 'characters_written' of 'OSError' objects>
errno = <member 'errno' of 'OSError' objects>
POSIX exception code
filename = <member 'filename' of 'OSError' objects>
exception filename
filename2 = <member 'filename2' of 'OSError' objects>
second exception filename
strerror = <member 'strerror' of 'OSError' objects>
exception strerror
Functions
DER_cert_to_PEM_cert
DER_cert_to_PEM_cert(der_cert_bytes)
Takes a certificate in binary DER format and returns the
PEM version of it as a string.
PEM_cert_to_DER_cert
PEM_cert_to_DER_cert(pem_cert_string)
Takes a certificate in ASCII PEM format and returns the
DER-encoded version of it as a byte sequence
RAND_add
RAND_add(string, entropy, /)
Mix string into the OpenSSL PRNG state.
entropy (a float) is a lower bound on the entropy contained in
string. See RFC 4086.
RAND_bytes
RAND_bytes(n, /)
Generate n cryptographically strong pseudo-random bytes.
RAND_pseudo_bytes
RAND_pseudo_bytes(n, /)
Generate n pseudo-random bytes.
Return a pair (bytes, is_cryptographic). is_cryptographic is True
if the bytes generated are cryptographically strong.
RAND_status
RAND_status()
Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.
It is necessary to seed the PRNG with RAND_add() on some platforms before
using the ssl() function.
cert_time_to_seconds
cert_time_to_seconds(cert_time)
Return the time in seconds since the Epoch, given the timestring
representing the "notBefore" or "notAfter" date from a certificate
in ``"%b %d %H:%M:%S %Y %Z"`` strptime format (C locale).
"notBefore" or "notAfter" dates must use UTC (RFC 5280).
Month is one of: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
UTC should be specified as GMT (see ASN1_TIME_print())
create_connection
create_connection(address, timeout=<object object at 0x7f05680934a0>, source_address=None)
Connect to *address* and return the socket object.
Convenience function. Connect to *address* (a 2-tuple ``(host,
port)``) and return the socket object. Passing the optional
*timeout* parameter will set the timeout on the socket instance
before attempting to connect. If no *timeout* is supplied, the
global default timeout setting returned by :func:`getdefaulttimeout`
is used. If *source_address* is set it must be a tuple of (host, port)
for the socket to bind as a source address before making the connection.
A host of '' or port 0 tells the OS to use the default.
create_default_context
create_default_context(purpose=<Purpose.SERVER_AUTH: _ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1')>, *, cafile=None, capath=None, cadata=None)
Create a SSLContext object with default settings.
NOTE: The protocol and settings may change anytime without prior
deprecation. The values represent a fair balance between maximum
compatibility and security.
get_default_verify_paths
get_default_verify_paths()
Return paths to default cafile and capath.
get_protocol_name
get_protocol_name(protocol_code)
get_server_certificate
get_server_certificate(addr, ssl_version=<_SSLMethod.PROTOCOL_TLS: 2>, ca_certs=None)
Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
If 'ssl_version' is specified, use it in the connection attempt.
match_hostname
match_hostname(cert, hostname)
Verify that *cert* (in decoded format as returned by
SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125
rules are followed.
The function matches IP addresses rather than dNSNames if hostname is a
valid ipaddress string. IPv4 addresses are supported on all platforms.
IPv6 addresses are supported on platforms with IPv6 support (AF_INET6
and inet_pton).
CertificateError is raised on failure. On success, the function
returns nothing.
namedtuple
namedtuple(typename, field_names, *, rename=False, defaults=None, module=None)
Returns a new subclass of tuple with named fields.
>>> Point = namedtuple('Point', ['x', 'y'])
>>> Point.__doc__ # docstring for the new class
'Point(x, y)'
>>> p = Point(11, y=22) # instantiate with positional args or keywords
>>> p[0] + p[1] # indexable like a plain tuple
33
>>> x, y = p # unpack like a regular tuple
>>> x, y
(11, 22)
>>> p.x + p.y # fields also accessible by name
33
>>> d = p._asdict() # convert to a dictionary
>>> d['x']
11
>>> Point(**d) # convert from a dictionary
Point(x=11, y=22)
>>> p._replace(x=100) # _replace() is like str.replace() but targets named fields
Point(x=100, y=22)
wrap_socket
wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=<VerifyMode.CERT_NONE: 0>, ssl_version=<_SSLMethod.PROTOCOL_TLS: 2>, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None)
Other members
ALERT_DESCRIPTION_ACCESS_DENIED = <AlertDescription.ALERT_DESCRIPTION_ACCESS_DENIED: 49>
ALERT_DESCRIPTION_BAD_CERTIFICATE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE: 42>
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE: 114>
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE = <AlertDescription.ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE: 113>
ALERT_DESCRIPTION_BAD_RECORD_MAC = <AlertDescription.ALERT_DESCRIPTION_BAD_RECORD_MAC: 20>
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_EXPIRED: 45>
ALERT_DESCRIPTION_CERTIFICATE_REVOKED = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_REVOKED: 44>
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN: 46>
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE = <AlertDescription.ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE: 111>
ALERT_DESCRIPTION_CLOSE_NOTIFY = <AlertDescription.ALERT_DESCRIPTION_CLOSE_NOTIFY: 0>
ALERT_DESCRIPTION_DECODE_ERROR = <AlertDescription.ALERT_DESCRIPTION_DECODE_ERROR: 50>
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE = <AlertDescription.ALERT_DESCRIPTION_DECOMPRESSION_FAILURE: 30>
ALERT_DESCRIPTION_DECRYPT_ERROR = <AlertDescription.ALERT_DESCRIPTION_DECRYPT_ERROR: 51>
ALERT_DESCRIPTION_HANDSHAKE_FAILURE = <AlertDescription.ALERT_DESCRIPTION_HANDSHAKE_FAILURE: 40>
ALERT_DESCRIPTION_ILLEGAL_PARAMETER = <AlertDescription.ALERT_DESCRIPTION_ILLEGAL_PARAMETER: 47>
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY = <AlertDescription.ALERT_DESCRIPTION_INSUFFICIENT_SECURITY: 71>
ALERT_DESCRIPTION_INTERNAL_ERROR = <AlertDescription.ALERT_DESCRIPTION_INTERNAL_ERROR: 80>
ALERT_DESCRIPTION_NO_RENEGOTIATION = <AlertDescription.ALERT_DESCRIPTION_NO_RENEGOTIATION: 100>
ALERT_DESCRIPTION_PROTOCOL_VERSION = <AlertDescription.ALERT_DESCRIPTION_PROTOCOL_VERSION: 70>
ALERT_DESCRIPTION_RECORD_OVERFLOW = <AlertDescription.ALERT_DESCRIPTION_RECORD_OVERFLOW: 22>
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE = <AlertDescription.ALERT_DESCRIPTION_UNEXPECTED_MESSAGE: 10>
ALERT_DESCRIPTION_UNKNOWN_CA = <AlertDescription.ALERT_DESCRIPTION_UNKNOWN_CA: 48>
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY = <AlertDescription.ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY: 115>
ALERT_DESCRIPTION_UNRECOGNIZED_NAME = <AlertDescription.ALERT_DESCRIPTION_UNRECOGNIZED_NAME: 112>
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE = <AlertDescription.ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE: 43>
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION = <AlertDescription.ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION: 110>
ALERT_DESCRIPTION_USER_CANCELLED = <AlertDescription.ALERT_DESCRIPTION_USER_CANCELLED: 90>
CERT_NONE = <VerifyMode.CERT_NONE: 0>
CERT_OPTIONAL = <VerifyMode.CERT_OPTIONAL: 1>
CERT_REQUIRED = <VerifyMode.CERT_REQUIRED: 2>
CHANNEL_BINDING_TYPES = ['tls-unique']
HAS_ALPN = True
HAS_ECDH = True
HAS_NEVER_CHECK_COMMON_NAME = True
HAS_NPN = False
HAS_SNI = True
HAS_SSLv2 = False
HAS_SSLv3 = False
HAS_TLSv1 = True
HAS_TLSv1_1 = True
HAS_TLSv1_2 = True
HAS_TLSv1_3 = True
OPENSSL_VERSION = 'OpenSSL 1.1.1l 24 Aug 2021'
OPENSSL_VERSION_INFO = (1, 1, 1, 12, 15)
OPENSSL_VERSION_NUMBER = 269488335
OP_ALL = <Options.OP_ALL: 2147483732>
OP_CIPHER_SERVER_PREFERENCE = <Options.OP_CIPHER_SERVER_PREFERENCE: 4194304>
OP_ENABLE_MIDDLEBOX_COMPAT = <Options.OP_ENABLE_MIDDLEBOX_COMPAT: 1048576>
OP_NO_COMPRESSION = <Options.OP_NO_COMPRESSION: 131072>
OP_NO_RENEGOTIATION = <Options.OP_NO_RENEGOTIATION: 1073741824>
OP_NO_SSLv2 = <Options.OP_NO_SSLv2: 0>
OP_NO_SSLv3 = <Options.OP_NO_SSLv3: 33554432>
OP_NO_TICKET = <Options.OP_NO_TICKET: 16384>
OP_NO_TLSv1 = <Options.OP_NO_TLSv1: 67108864>
OP_NO_TLSv1_1 = <Options.OP_NO_TLSv1_1: 268435456>
OP_NO_TLSv1_2 = <Options.OP_NO_TLSv1_2: 134217728>
OP_NO_TLSv1_3 = <Options.OP_NO_TLSv1_3: 536870912>
OP_SINGLE_DH_USE = <Options.OP_NO_SSLv2: 0>
OP_SINGLE_ECDH_USE = <Options.OP_NO_SSLv2: 0>
PEM_FOOTER = '-----END CERTIFICATE-----'
PEM_HEADER = '-----BEGIN CERTIFICATE-----'
PROTOCOL_SSLv23 = <_SSLMethod.PROTOCOL_TLS: 2>
PROTOCOL_TLS = <_SSLMethod.PROTOCOL_TLS: 2>
PROTOCOL_TLS_CLIENT = <_SSLMethod.PROTOCOL_TLS_CLIENT: 16>
PROTOCOL_TLS_SERVER = <_SSLMethod.PROTOCOL_TLS_SERVER: 17>
PROTOCOL_TLSv1 = <_SSLMethod.PROTOCOL_TLSv1: 3>
PROTOCOL_TLSv1_1 = <_SSLMethod.PROTOCOL_TLSv1_1: 4>
PROTOCOL_TLSv1_2 = <_SSLMethod.PROTOCOL_TLSv1_2: 5>
SOCK_STREAM = <SocketKind.SOCK_STREAM: 1>
SOL_SOCKET = 1
SO_TYPE = 3
SSL_ERROR_EOF = <SSLErrorNumber.SSL_ERROR_EOF: 8>
SSL_ERROR_INVALID_ERROR_CODE = <SSLErrorNumber.SSL_ERROR_INVALID_ERROR_CODE: 10>
SSL_ERROR_SSL = <SSLErrorNumber.SSL_ERROR_SSL: 1>
SSL_ERROR_SYSCALL = <SSLErrorNumber.SSL_ERROR_SYSCALL: 5>
SSL_ERROR_WANT_CONNECT = <SSLErrorNumber.SSL_ERROR_WANT_CONNECT: 7>
SSL_ERROR_WANT_READ = <SSLErrorNumber.SSL_ERROR_WANT_READ: 2>
SSL_ERROR_WANT_WRITE = <SSLErrorNumber.SSL_ERROR_WANT_WRITE: 3>
SSL_ERROR_WANT_X509_LOOKUP = <SSLErrorNumber.SSL_ERROR_WANT_X509_LOOKUP: 4>
SSL_ERROR_ZERO_RETURN = <SSLErrorNumber.SSL_ERROR_ZERO_RETURN: 6>
VERIFY_CRL_CHECK_CHAIN = <VerifyFlags.VERIFY_CRL_CHECK_CHAIN: 12>
VERIFY_CRL_CHECK_LEAF = <VerifyFlags.VERIFY_CRL_CHECK_LEAF: 4>
VERIFY_DEFAULT = <VerifyFlags.VERIFY_DEFAULT: 0>
VERIFY_X509_STRICT = <VerifyFlags.VERIFY_X509_STRICT: 32>
VERIFY_X509_TRUSTED_FIRST = <VerifyFlags.VERIFY_X509_TRUSTED_FIRST: 32768>
Modules
base64
errno
os
sys
warnings