4 Any, Dict, Callable, List, NamedTuple, Optional, Set, Tuple, Union,
\r
9 _PCTRTT = Tuple[Tuple[str, str], ...]
\r
10 _PCTRTTT = Tuple[_PCTRTT, ...]
\r
11 _PeerCertRetDictType = Dict[str, Union[str, _PCTRTTT, _PCTRTT]]
\r
12 _PeerCertRetType = Union[_PeerCertRetDictType, bytes, None]
\r
13 _EnumRetType = List[Tuple[bytes, str, Union[Set[str], bool]]]
\r
14 _PasswordType = Union[Callable[[], Union[str, bytes]], str, bytes]
\r
16 if sys.version_info >= (3, 5):
\r
17 _SC1ArgT = Union[SSLSocket, SSLObject]
\r
19 _SC1ArgT = SSLSocket
\r
20 _SrvnmeCbType = Callable[[_SC1ArgT, Optional[str], SSLSocket], Optional[int]]
\r
22 class SSLError(OSError):
\r
25 class SSLZeroReturnError(SSLError): ...
\r
26 class SSLWantReadError(SSLError): ...
\r
27 class SSLWantWriteError(SSLError): ...
\r
28 class SSLSyscallError(SSLError): ...
\r
29 class SSLEOFError(SSLError): ...
\r
30 class CertificateError(Exception): ...
\r
33 def wrap_socket(sock: socket.socket, keyfile: Optional[str] = ...,
\r
34 certfile: Optional[str] = ..., server_side: bool = ...,
\r
35 cert_reqs: int = ..., ssl_version: int = ...,
\r
36 ca_certs: Optional[str] = ...,
\r
37 do_handshake_on_connect: bool = ...,
\r
38 suppress_ragged_eofs: bool = ...,
\r
39 ciphers: Optional[str] = ...) -> SSLSocket: ...
\r
42 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
43 def create_default_context(purpose: Any = ..., *,
\r
44 cafile: Optional[str] = ...,
\r
45 capath: Optional[str] = ...,
\r
46 cadata: Optional[str] = ...) -> SSLContext: ...
\r
48 if sys.version_info >= (3, 4):
\r
49 def _create_unverified_context(protocol: int = ..., *,
\r
50 cert_reqs: int = ...,
\r
51 check_hostname: bool = ...,
\r
53 certfile: Optional[str] = ...,
\r
54 keyfile: Optional[str] = ...,
\r
55 cafile: Optional[str] = ...,
\r
56 capath: Optional[str] = ...,
\r
57 cadata: Optional[str] = ...) -> SSLContext: ...
\r
58 _create_default_https_context: Callable[..., SSLContext]
\r
60 if sys.version_info >= (3, 3):
\r
61 def RAND_bytes(num: int) -> bytes: ...
\r
62 def RAND_pseudo_bytes(num: int) -> Tuple[bytes, bool]: ...
\r
63 def RAND_status() -> bool: ...
\r
64 def RAND_egd(path: str) -> None: ...
\r
65 def RAND_add(bytes: bytes, entropy: float) -> None: ...
\r
68 def match_hostname(cert: _PeerCertRetType, hostname: str) -> None: ...
\r
69 def cert_time_to_seconds(cert_time: str) -> int: ...
\r
70 def get_server_certificate(addr: Tuple[str, int], ssl_version: int = ...,
\r
71 ca_certs: Optional[str] = ...) -> str: ...
\r
72 def DER_cert_to_PEM_cert(der_cert_bytes: bytes) -> str: ...
\r
73 def PEM_cert_to_DER_cert(pem_cert_string: str) -> bytes: ...
\r
74 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
75 DefaultVerifyPaths = NamedTuple('DefaultVerifyPaths',
\r
76 [('cafile', str), ('capath', str),
\r
77 ('openssl_cafile_env', str),
\r
78 ('openssl_cafile', str),
\r
79 ('openssl_capath_env', str),
\r
80 ('openssl_capath', str)])
\r
81 def get_default_verify_paths() -> DefaultVerifyPaths: ...
\r
83 if sys.platform == 'win32':
\r
84 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
85 def enum_certificates(store_name: str) -> _EnumRetType: ...
\r
86 def enum_crls(store_name: str) -> _EnumRetType: ...
\r
93 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
95 VERIFY_CRL_CHECK_LEAF: int
\r
96 VERIFY_CRL_CHECK_CHAIN: int
\r
97 VERIFY_X509_STRICT: int
\r
98 VERIFY_X509_TRUSTED_FIRST: int
\r
100 PROTOCOL_SSLv23: int
\r
101 PROTOCOL_SSLv2: int
\r
102 PROTOCOL_SSLv3: int
\r
103 PROTOCOL_TLSv1: int
\r
104 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
105 PROTOCOL_TLSv1_1: int
\r
106 PROTOCOL_TLSv1_2: int
\r
107 if sys.version_info >= (3, 5):
\r
109 if sys.version_info >= (3, 6):
\r
110 PROTOCOL_TLS_CLIENT: int
\r
111 PROTOCOL_TLS_SERVER: int
\r
117 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
120 OP_CIPHER_SERVER_PREFERENCE: int
\r
121 OP_SINGLE_DH_USE: int
\r
122 OP_SINGLE_ECDH_USE: int
\r
123 OP_NO_COMPRESSION: int
\r
124 if sys.version_info >= (3, 6):
\r
127 if sys.version_info < (3,) or sys.version_info >= (3, 5):
\r
132 CHANNEL_BINDING_TYPES: List[str]
\r
134 OPENSSL_VERSION: str
\r
135 OPENSSL_VERSION_INFO: Tuple[int, int, int, int, int]
\r
136 OPENSSL_VERSION_NUMBER: int
\r
138 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
139 ALERT_DESCRIPTION_HANDSHAKE_FAILURE: int
\r
140 ALERT_DESCRIPTION_INTERNAL_ERROR: int
\r
141 ALERT_DESCRIPTION_ACCESS_DENIED: int
\r
142 ALERT_DESCRIPTION_BAD_CERTIFICATE: int
\r
143 ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE: int
\r
144 ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE: int
\r
145 ALERT_DESCRIPTION_BAD_RECORD_MAC: int
\r
146 ALERT_DESCRIPTION_CERTIFICATE_EXPIRED: int
\r
147 ALERT_DESCRIPTION_CERTIFICATE_REVOKED: int
\r
148 ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN: int
\r
149 ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE: int
\r
150 ALERT_DESCRIPTION_CLOSE_NOTIFY: int
\r
151 ALERT_DESCRIPTION_DECODE_ERROR: int
\r
152 ALERT_DESCRIPTION_DECOMPRESSION_FAILURE: int
\r
153 ALERT_DESCRIPTION_DECRYPT_ERROR: int
\r
154 ALERT_DESCRIPTION_ILLEGAL_PARAMETER: int
\r
155 ALERT_DESCRIPTION_INSUFFICIENT_SECURITY: int
\r
156 ALERT_DESCRIPTION_NO_RENEGOTIATION: int
\r
157 ALERT_DESCRIPTION_PROTOCOL_VERSION: int
\r
158 ALERT_DESCRIPTION_RECORD_OVERFLOW: int
\r
159 ALERT_DESCRIPTION_UNEXPECTED_MESSAGE: int
\r
160 ALERT_DESCRIPTION_UNKNOWN_CA: int
\r
161 ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY: int
\r
162 ALERT_DESCRIPTION_UNRECOGNIZED_NAME: int
\r
163 ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE: int
\r
164 ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION: int
\r
165 ALERT_DESCRIPTION_USER_CANCELLED: int
\r
167 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
168 _PurposeType = NamedTuple('_PurposeType',
\r
169 [('nid', int), ('shortname', str),
\r
170 ('longname', str), ('oid', str)])
\r
172 SERVER_AUTH: _PurposeType
\r
173 CLIENT_AUTH: _PurposeType
\r
176 class SSLSocket(socket.socket):
\r
177 context: SSLContext
\r
179 server_hostname: Optional[str]
\r
180 if sys.version_info >= (3, 6):
\r
181 session: Optional[SSLSession]
\r
182 session_reused: Optional[bool]
\r
184 def read(self, len: int = ...,
\r
185 buffer: Optional[bytearray] = ...) -> bytes: ...
\r
186 def write(self, buf: bytes) -> int: ...
\r
187 def do_handshake(self) -> None: ...
\r
188 def getpeercert(self, binary_form: bool = ...) -> _PeerCertRetType: ...
\r
189 def cipher(self) -> Tuple[str, int, int]: ...
\r
190 if sys.version_info >= (3, 5):
\r
191 def shared_cipher(self) -> Optional[List[Tuple[str, int, int]]]: ...
\r
192 def compression(self) -> Optional[str]: ...
\r
193 def get_channel_binding(self, cb_type: str = ...) -> Optional[bytes]: ...
\r
194 if sys.version_info < (3,) or sys.version_info >= (3, 5):
\r
195 def selected_alpn_protocol(self) -> Optional[str]: ...
\r
196 def selected_npn_protocol(self) -> Optional[str]: ...
\r
197 def unwrap(self) -> socket.socket: ...
\r
198 if sys.version_info < (3,) or sys.version_info >= (3, 5):
\r
199 def version(self) -> Optional[str]: ...
\r
200 def pending(self) -> int: ...
\r
204 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
205 check_hostname: bool
\r
208 def protocol(self) -> int: ...
\r
209 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
212 if sys.version_info >= (3, 5):
\r
213 def __init__(self, protocol: int = ...) -> None: ...
\r
215 def __init__(self, protocol: int) -> None: ...
\r
216 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
217 def cert_store_stats(self) -> Dict[str, int]: ...
\r
218 def load_cert_chain(self, certfile: str, keyfile: Optional[str] = ...,
\r
219 password: _PasswordType = ...) -> None: ...
\r
220 if sys.version_info < (3,) or sys.version_info >= (3, 4):
\r
221 def load_default_certs(self, purpose: _PurposeType = ...) -> None: ...
\r
222 def load_verify_locations(self, cafile: Optional[str] = ...,
\r
223 capath: Optional[str] = ...,
\r
224 cadata: Union[str, bytes, None] = ...) -> None: ...
\r
225 def get_ca_certs(self,
\r
226 binary_form: bool = ...) -> Union[List[_PeerCertRetDictType], List[bytes]]: ...
\r
228 def load_verify_locations(self,
\r
229 cafile: Optional[str] = ...,
\r
230 capath: Optional[str] = ...) -> None: ...
\r
231 def set_default_verify_paths(self) -> None: ...
\r
232 def set_ciphers(self, ciphers: str) -> None: ...
\r
233 if sys.version_info < (3,) or sys.version_info >= (3, 5):
\r
234 def set_alpn_protocols(self, protocols: List[str]) -> None: ...
\r
235 def set_npn_protocols(self, protocols: List[str]) -> None: ...
\r
236 def set_servername_callback(self,
\r
237 server_name_callback: Optional[_SrvnmeCbType]) -> None: ...
\r
238 def load_dh_params(self, dhfile: str) -> None: ...
\r
239 def set_ecdh_curve(self, curve_name: str) -> None: ...
\r
240 def wrap_socket(self, sock: socket.socket, server_side: bool = ...,
\r
241 do_handshake_on_connect: bool = ...,
\r
242 suppress_ragged_eofs: bool = ...,
\r
243 server_hostname: Optional[str] = ...) -> SSLSocket: ...
\r
244 if sys.version_info >= (3, 5):
\r
245 def wrap_bio(self, incoming: MemoryBIO, outgoing: MemoryBIO,
\r
246 server_side: bool = ...,
\r
247 server_hostname: Optional[str] = ...) -> SSLObject: ...
\r
248 def session_stats(self) -> Dict[str, int]: ...
\r
251 if sys.version_info >= (3, 5):
\r
253 context: SSLContext
\r
255 server_hostname: Optional[str]
\r
256 if sys.version_info >= (3, 6):
\r
257 session: Optional[SSLSession]
\r
258 session_reused: bool
\r
259 def read(self, len: int = ...,
\r
260 buffer: Optional[bytearray] = ...) -> bytes: ...
\r
261 def write(self, buf: bytes) -> int: ...
\r
262 def getpeercert(self, binary_form: bool = ...) -> _PeerCertRetType: ...
\r
263 def selected_npn_protocol(self) -> Optional[str]: ...
\r
264 def cipher(self) -> Tuple[str, int, int]: ...
\r
265 def shared_cipher(self) -> Optional[List[Tuple[str, int, int]]]: ...
\r
266 def compression(self) -> Optional[str]: ...
\r
267 def pending(self) -> int: ...
\r
268 def do_handshake(self) -> None: ...
\r
269 def unwrap(self) -> None: ...
\r
270 def get_channel_binding(self, cb_type: str = ...) -> Optional[bytes]: ...
\r
275 def read(self, n: int = ...) -> bytes: ...
\r
276 def write(self, buf: bytes) -> int: ...
\r
277 def write_eof(self) -> None: ...
\r
279 if sys.version_info >= (3, 6):
\r
284 ticket_lifetime_hint: int
\r
288 # TODO below documented in cpython but not in docs.python.org
\r
289 # taken from python 3.4
\r
291 SSL_ERROR_INVALID_ERROR_CODE: int
\r
293 SSL_ERROR_SYSCALL: int
\r
294 SSL_ERROR_WANT_CONNECT: int
\r
295 SSL_ERROR_WANT_READ: int
\r
296 SSL_ERROR_WANT_WRITE: int
\r
297 SSL_ERROR_WANT_X509_LOOKUP: int
\r
298 SSL_ERROR_ZERO_RETURN: int
\r
300 def get_protocol_name(protocol_code: int) -> str: ...
\r