API tools faq
paste
Tiran

Untitled

Tiran
Nov 7th, 2013
292
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.65 KB | None | 0 0
raw download clone embed print report
  1. diff -r 07fa1ed0d551 Lib/ssl.py
  2. --- a/Lib/ssl.py    Wed Nov 06 17:25:17 2013 +0100
  3. +++ b/Lib/ssl.py    Thu Nov 07 22:23:23 2013 +0100
  4. @@ -278,7 +278,7 @@
  5.      """An SSLContext holds various SSL-related configuration options and
  6.     data, such as certificates and possibly a private key."""
  7.  
  8. -    __slots__ = ('protocol', '__weakref__')
  9. +    __slots__ = ('protocol', '_check_cert', '__weakref__')
  10.  
  11.      def __new__(cls, protocol, *args, **kwargs):
  12.          self = _SSLContext.__new__(cls, protocol)
  13. @@ -286,8 +286,9 @@
  14.              self.set_ciphers(_DEFAULT_CIPHERS)
  15.          return self
  16.  
  17. -    def __init__(self, protocol):
  18. +    def __init__(self, protocol, *, check_cert=None):
  19.          self.protocol = protocol
  20. +        self._check_cert = check_cert
  21.  
  22.      def wrap_socket(self, sock, server_side=False,
  23.                      do_handshake_on_connect=True,
  24. @@ -310,6 +311,27 @@
  25.  
  26.          self._set_npn_protocols(protos)
  27.  
  28. +    def check_cert(self, sslsock, hostname=None, *, initiator=None, **kwargs):
  29. +        check_cert = self._check_cert
  30. +        if callable(check_cert):
  31. +            return check_cert(sslsock=sslsock, hostname=hostname,
  32. +                              initiator=initiator, **kwargs)
  33. +        will_verify = self.verify_mode != CERT_NONE
  34. +        if check_cert is None:
  35. +            check_cert = will_verify
  36. +        elif check_cert and not will_verify:
  37. +            raise CertificateError("check_cert needs a SSL context with "
  38. +                                   "either CERT_OPTIONAL or CERT_REQUIRED")
  39. +        if not check_cert:
  40. +            return False
  41. +        if hostname is None:
  42. +            hostname = sslsock.server_hostname
  43. +            if hostname is None:
  44. +                raise CertificateError("check_cert needs a hostname or a ssl "
  45. +                                       "socket with server_hostname.")
  46. +        match_hostname(sslsock.getpeercert(), hostname)
  47. +        return True
  48. +
  49.  
  50.  class SSLSocket(socket):
  51.      """This class implements a subtype of socket.socket that wraps
  52. @@ -685,6 +707,17 @@
  53.             return None
  54.         return self._sslobj.tls_unique_cb()
  55.  
  56. +    def check_cert(self, hostname=None, *, close_onerror=False,
  57. +                   initiator=None, **kwargs):
  58. +        try:
  59. +            return self.context.check_cert(self, hostname=hostname,
  60. +                                           initiator=initiator, **kwargs)
  61. +        except Exception:
  62. +            if close_onerror:
  63. +                self.shutdown(socket.SHUT_RDWR)
  64. +                self.close()
  65. +            raise
  66. +
  67.  
  68. def wrap_socket(sock, keyfile=None, certfile=None,
  69.                 server_side=False, cert_reqs=CERT_NONE,
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!