cheroot.ssl package

Submodules

• cheroot.ssl.builtin module
  • BuiltinSSLAdapter
    • BuiltinSSLAdapter.CERT_KEY_TO_ENV
    • BuiltinSSLAdapter.CERT_KEY_TO_LDAP_CODE
    • BuiltinSSLAdapter._abc_impl
    • BuiltinSSLAdapter._check_for_plain_http()
    • BuiltinSSLAdapter._create_context()
    • BuiltinSSLAdapter._create_ssl_socket()
    • BuiltinSSLAdapter._get_client_cert_environ()
    • BuiltinSSLAdapter._get_library_version_environ()
    • BuiltinSSLAdapter._get_optional_environ()
    • BuiltinSSLAdapter._get_server_cert_environ()
    • BuiltinSSLAdapter._handle_ssl_error()
    • BuiltinSSLAdapter._make_env_cert_dict()
    • BuiltinSSLAdapter._make_env_dn_dict()
    • BuiltinSSLAdapter._make_env_san_dict()
    • BuiltinSSLAdapter._perform_handshake()
    • BuiltinSSLAdapter._wait_for_handshake_data()
    • BuiltinSSLAdapter._wrap_with_builtin()
    • BuiltinSSLAdapter.bind()
    • BuiltinSSLAdapter.certificate
    • BuiltinSSLAdapter.certificate_chain
    • BuiltinSSLAdapter.ciphers
    • BuiltinSSLAdapter.context
    • BuiltinSSLAdapter.private_key
    • BuiltinSSLAdapter.private_key_password
    • BuiltinSSLAdapter.wrap()
• cheroot.ssl.pyopenssl module
  • Method One
  • Method Two (shortcut)
  • SSLFileobjectStreamReader
    • SSLFileobjectStreamReader._abc_impl
  • SSLFileobjectStreamWriter
    • SSLFileobjectStreamWriter._abc_impl
  • pyOpenSSLAdapter
    • pyOpenSSLAdapter._abc_impl
    • pyOpenSSLAdapter._configure_connection_state()
    • pyOpenSSLAdapter._create_pyopenssl_connection()
    • pyOpenSSLAdapter._get_client_cert_environ()
    • pyOpenSSLAdapter._get_library_version_environ()
    • pyOpenSSLAdapter._get_optional_environ()
    • pyOpenSSLAdapter._get_server_cert_environ()
    • pyOpenSSLAdapter._handle_ssl_error()
    • pyOpenSSLAdapter._password_callback()
    • pyOpenSSLAdapter._perform_handshake()
    • pyOpenSSLAdapter._wait_for_handshake_data()
    • pyOpenSSLAdapter._wrap_with_pyopenssl()
    • pyOpenSSLAdapter.bind()
    • pyOpenSSLAdapter.certificate
    • pyOpenSSLAdapter.certificate_chain
    • pyOpenSSLAdapter.ciphers
    • pyOpenSSLAdapter.context
    • pyOpenSSLAdapter.get_context()
    • pyOpenSSLAdapter.private_key
    • pyOpenSSLAdapter.private_key_password
    • pyOpenSSLAdapter.wrap()
• cheroot.ssl.tls_socket module
  • TLSSocket
    • TLSSocket._abc_impl
    • TLSSocket._closed
    • TLSSocket._safe_call()
    • TLSSocket.close()
    • TLSSocket.closed
    • TLSSocket.compression()
    • TLSSocket.family
    • TLSSocket.fileno()
    • TLSSocket.get_cipher_info()
    • TLSSocket.get_session()
    • TLSSocket.get_verify_mode()
    • TLSSocket.getpeercert()
    • TLSSocket.getpeername()
    • TLSSocket.getsockname()
    • TLSSocket.getsockopt()
    • TLSSocket.gettimeout()
    • TLSSocket.makefile()
    • TLSSocket.proto
    • TLSSocket.read()
    • TLSSocket.readable()
    • TLSSocket.readinto()
    • TLSSocket.recv()
    • TLSSocket.scheme
    • TLSSocket.seekable()
    • TLSSocket.send()
    • TLSSocket.sendall()
    • TLSSocket.session
    • TLSSocket.setblocking()
    • TLSSocket.settimeout()
    • TLSSocket.shutdown()
    • TLSSocket.sni
    • TLSSocket.sock_shutdown()
    • TLSSocket.type
    • TLSSocket.version()
    • TLSSocket.writable()
    • TLSSocket.write()

Module contents

Implementation of the SSL adapter base interface.

class cheroot.ssl.Adapter(certificate, private_key, certificate_chain=None, ciphers=None, *, private_key_password=None)

Bases: SSLEnvironMixin, ABC

Base class for SSL driver library adapters.

Required methods:

• wrap(sock) -> (wrapped socket, ssl environ dict)

• _get_library_version_environ() -> dict

• _get_optional_environ(conn) -> dict

_abc_impl = <_abc._abc_data object>

abstract _get_library_version_environ()

Get SSL library version information.

Must be implemented by subclasses to provide adapter-specific version strings.

Returns:

dict: SSL_VERSION_INTERFACE and SSL_VERSION_LIBRARY

abstract _get_optional_environ(conn)

Get optional environment variables.

Must be implemented by subclasses for adapter-specific handling of optional fields like SNI, compression, etc.

Returns:

dict: Optional SSL environment variables

abstract bind(sock)

Wrap and return the given socket.

get_environ(conn)

Return WSGI environ entries to be merged into each request.

Unified implementation used by all subclasses. This orchestrates the collection of SSL environment variables from various sources: - Core TLS info (protocol, cipher) - Library versions - Optional fields (SNI, etc.) - Session info - Client certificate - Server certificate

Note: This returns only SSL-specific variables. General server variables (SERVER_NAME, SERVER_PORT, etc.) are added by the Gateway when building the complete WSGI environ for each request.

abstract wrap(sock)

Wrap and return the given socket, plus WSGI environ entries.

class cheroot.ssl.SSLEnvironMixin

Bases: object

Mixin class providing methods for generating WSGI environment variables.

This mixin handles GENERIC SSL environment variable generation that works across all SSL implementations. Adapter-specific logic (like certificate parsing) is delegated to subclass implementations.

_get_client_cert_environ(conn, ssl_environ)

Add client certificate details to the environment.

SHOULD be overridden by subclasses for adapter-specific handling. Default implementation does nothing.

_get_core_tls_environ(conn)

Add core TLS version and cipher info to the environment.

This is generic and works for all SSL adapters since TLSSocket provides a uniform get_cipher_info() interface.

_get_server_cert_environ()

Get server certificate info from the connection.

MUST be overridden by subclasses to provide adapter-specific parsing. Returns dict of SSL_SERVER_* environ variables.

Default implementation returns empty dict.

cheroot.ssl._parse_dn_components(components, key_prefix, dn_type)

Parse Distinguished Name components into environ dict.

Args:

components: Iterable of (key, value) tuples key_prefix: ‘SSL_CLIENT’ or ‘SSL_SERVER’ dn_type: ‘S’ for subject or ‘I’ for issuer

Returns:

dict: DN and CN environment variables

cheroot.ssl.parse_pyopenssl_cert_to_environ(cert, key_prefix)

Parse a pyOpenSSL X509 certificate into WSGI environ dict.

cheroot.ssl.parse_x509_cert_to_environ(cert, key_prefix)

Parse a cryptography x509 certificate into environ dict.