cheroot.ssl.tls_socket module#

A unified SSL/TLS socket layer for Cheroot.

This module provides a TLSSocket class that abstracts over different SSL/TLS implementations, such as Python’s built-in ssl module and pyOpenSSL. It offers a consistent interface for the rest of the Cheroot server code.

class cheroot.ssl.tls_socket.TLSSocket(ssl_socket, raw_socket, context)#

Bases: RawIOBase

Lightweight wrapper around SSL/TLS sockets.

Provides a uniform interface over both ssl.SSLSocket and OpenSSL.SSL.Connection objects, ensuring consistent I/O stream handling for Cheroot with proper SSL error handling.

_abc_impl = <_abc._abc_data object>#

property _closed#: Check if the connection is closed.

_safe_call(is_reader, call, *args, **kwargs)#

Wrap the given call with TLS error-trapping.

This handles transient SSL errors like WantReadError and WantWriteError by retrying with a small sleep interval.

close()#: Close the connection.

property closed#: Public closed property.

compression()#: Get compression method (usually None for modern TLS).

property family#: Get socket family.

fileno()#: Return the file descriptor of the underlying socket.

get_cipher_info()#

Get the current cipher information in a unified format.

Returns:: tuple: (cipher_name, protocol_version, secret_bits) or None

get_session()#: Get SSL session for reuse (method form).

get_verify_mode()#

Get the certificate verification mode.

Returns:: int: ssl.CERT_NONE, ssl.CERT_OPTIONAL, or ssl.CERT_REQUIRED

getpeercert(binary_form=False)#

Get the peer’s certificate.

Args:

binary_form: If True, return DER-encoded bytes;: else return dict/object

Returns:

Certificate in requested format, or None/empty dict if unavailable

getpeername()#: Return the address of the remote peer.

getsockname()#: Return the address of the local machine.

getsockopt(level, optname, buflen=None)#: Get socket option.

gettimeout()#: Get the timeout value.

makefile(*args, **kwargs)#: Create a file-like object from the connection.

property proto#: Get socket protocol.

read(size)#: Read data from the connection. Used by StreamReader.

readable()#: Return True - this I/O object supports reading.

readinto(buff)#

Read data into a buffer - called by io.BufferedReader.

This is the key method that BufferedReader calls when reading. By implementing this with error handling, we ensure SSL errors are properly handled in the buffered I/O path.

Args:: buff: Buffer to read data into (bytearray or memoryview)
Returns:: Number of bytes read, or None for EOF

recv(size)#: Receive data from the connection with SSL error handling.

property scheme#: Signal to Cheroot that this is an HTTPS connection.

seekable()#: Return False - sockets are not seekable.

send(data, flags=0)#: Send data with SSL error handling.

sendall(data, flags=0)#: Send all data with SSL error handling.

property session#: Get SSL session for reuse.

setblocking(flag)#: Set blocking mode.

settimeout(timeout)#: Set timeout on the connection.

shutdown(how)#: Perform a clean SSL shutdown.

property sni#: Get SNI hostname if available.

sock_shutdown(how)#: Shutdown the raw socket (TCP level), bypassing SSL shutdown.

property type#: Get socket type.

version()#: Get TLS version.

writable()#: Return True - this I/O object supports writing.

write(data)#: Write data to the connection with SSL error handling.