4 from _typeshed import ReadableBuffer, Self, StrOrBytesPath, WriteableBuffer
5 from typing import Any, Callable, ClassVar, Dict, Iterable, List, NamedTuple, Optional, Set, Tuple, Type, Union, overload
6 from typing_extensions import Literal, TypedDict
8 _PCTRTT = Tuple[Tuple[str, str], ...]
9 _PCTRTTT = Tuple[_PCTRTT, ...]
10 _PeerCertRetDictType = Dict[str, Union[str, _PCTRTTT, _PCTRTT]]
11 _PeerCertRetType = Union[_PeerCertRetDictType, bytes, None]
12 _EnumRetType = List[Tuple[bytes, str, Union[Set[str], bool]]]
13 _PasswordType = Union[Callable[[], Union[str, bytes]], str, bytes]
15 _SrvnmeCbType = Callable[[Union[SSLSocket, SSLObject], Optional[str], SSLSocket], Optional[int]]
17 class _Cipher(TypedDict):
30 class SSLError(OSError):
34 class SSLZeroReturnError(SSLError): ...
35 class SSLWantReadError(SSLError): ...
36 class SSLWantWriteError(SSLError): ...
37 class SSLSyscallError(SSLError): ...
38 class SSLEOFError(SSLError): ...
40 if sys.version_info >= (3, 7):
41 class SSLCertVerificationError(SSLError, ValueError):
44 CertificateError = SSLCertVerificationError
46 class CertificateError(ValueError): ...
50 keyfile: StrOrBytesPath | None = ...,
51 certfile: StrOrBytesPath | None = ...,
52 server_side: bool = ...,
54 ssl_version: int = ...,
55 ca_certs: str | None = ...,
56 do_handshake_on_connect: bool = ...,
57 suppress_ragged_eofs: bool = ...,
58 ciphers: str | None = ...,
60 def create_default_context(
61 purpose: Purpose = ...,
63 cafile: StrOrBytesPath | None = ...,
64 capath: StrOrBytesPath | None = ...,
65 cadata: str | bytes | None = ...,
68 if sys.version_info >= (3, 7):
69 def _create_unverified_context(
73 check_hostname: bool = ...,
74 purpose: Purpose = ...,
75 certfile: StrOrBytesPath | None = ...,
76 keyfile: StrOrBytesPath | None = ...,
77 cafile: StrOrBytesPath | None = ...,
78 capath: StrOrBytesPath | None = ...,
79 cadata: str | bytes | None = ...,
83 def _create_unverified_context(
86 cert_reqs: int | None = ...,
87 check_hostname: bool = ...,
88 purpose: Purpose = ...,
89 certfile: StrOrBytesPath | None = ...,
90 keyfile: StrOrBytesPath | None = ...,
91 cafile: StrOrBytesPath | None = ...,
92 capath: StrOrBytesPath | None = ...,
93 cadata: str | bytes | None = ...,
96 _create_default_https_context: Callable[..., SSLContext]
98 def RAND_bytes(__num: int) -> bytes: ...
99 def RAND_pseudo_bytes(__num: int) -> tuple[bytes, bool]: ...
100 def RAND_status() -> bool: ...
101 def RAND_egd(path: str) -> None: ...
102 def RAND_add(__s: bytes, __entropy: float) -> None: ...
103 def match_hostname(cert: _PeerCertRetType, hostname: str) -> None: ...
104 def cert_time_to_seconds(cert_time: str) -> int: ...
105 def get_server_certificate(addr: tuple[str, int], ssl_version: int = ..., ca_certs: str | None = ...) -> str: ...
106 def DER_cert_to_PEM_cert(der_cert_bytes: bytes) -> str: ...
107 def PEM_cert_to_DER_cert(pem_cert_string: str) -> bytes: ...
109 class DefaultVerifyPaths(NamedTuple):
112 openssl_cafile_env: str
114 openssl_capath_env: str
117 def get_default_verify_paths() -> DefaultVerifyPaths: ...
119 if sys.platform == "win32":
120 def enum_certificates(store_name: str) -> _EnumRetType: ...
121 def enum_crls(store_name: str) -> _EnumRetType: ...
123 class VerifyMode(enum.IntEnum):
128 CERT_NONE: VerifyMode
129 CERT_OPTIONAL: VerifyMode
130 CERT_REQUIRED: VerifyMode
132 class VerifyFlags(enum.IntFlag):
134 VERIFY_CRL_CHECK_LEAF: int
135 VERIFY_CRL_CHECK_CHAIN: int
136 VERIFY_X509_STRICT: int
137 VERIFY_X509_TRUSTED_FIRST: int
139 VERIFY_DEFAULT: VerifyFlags
140 VERIFY_CRL_CHECK_LEAF: VerifyFlags
141 VERIFY_CRL_CHECK_CHAIN: VerifyFlags
142 VERIFY_X509_STRICT: VerifyFlags
143 VERIFY_X509_TRUSTED_FIRST: VerifyFlags
145 class _SSLMethod(enum.IntEnum):
150 PROTOCOL_TLSv1_1: int
151 PROTOCOL_TLSv1_2: int
153 PROTOCOL_TLS_CLIENT: int
154 PROTOCOL_TLS_SERVER: int
156 PROTOCOL_SSLv23: _SSLMethod
157 PROTOCOL_SSLv2: _SSLMethod
158 PROTOCOL_SSLv3: _SSLMethod
159 PROTOCOL_TLSv1: _SSLMethod
160 PROTOCOL_TLSv1_1: _SSLMethod
161 PROTOCOL_TLSv1_2: _SSLMethod
162 PROTOCOL_TLS: _SSLMethod
163 PROTOCOL_TLS_CLIENT: _SSLMethod
164 PROTOCOL_TLS_SERVER: _SSLMethod
166 class Options(enum.IntFlag):
174 OP_CIPHER_SERVER_PREFERENCE: int
175 OP_SINGLE_DH_USE: int
176 OP_SINGLE_ECDH_USE: int
177 OP_NO_COMPRESSION: int
179 if sys.version_info >= (3, 7):
180 OP_NO_RENEGOTIATION: int
181 if sys.version_info >= (3, 8):
182 OP_ENABLE_MIDDLEBOX_COMPAT: int
188 OP_NO_TLSv1_1: Options
189 OP_NO_TLSv1_2: Options
190 OP_NO_TLSv1_3: Options
191 OP_CIPHER_SERVER_PREFERENCE: Options
192 OP_SINGLE_DH_USE: Options
193 OP_SINGLE_ECDH_USE: Options
194 OP_NO_COMPRESSION: Options
195 OP_NO_TICKET: Options
196 if sys.version_info >= (3, 7):
197 OP_NO_RENEGOTIATION: Options
198 if sys.version_info >= (3, 8):
199 OP_ENABLE_MIDDLEBOX_COMPAT: Options
201 if sys.version_info >= (3, 7):
202 HAS_NEVER_CHECK_COMMON_NAME: bool
213 CHANNEL_BINDING_TYPES: list[str]
216 OPENSSL_VERSION_INFO: tuple[int, int, int, int, int]
217 OPENSSL_VERSION_NUMBER: int
219 class AlertDescription(enum.IntEnum):
220 ALERT_DESCRIPTION_ACCESS_DENIED: int
221 ALERT_DESCRIPTION_BAD_CERTIFICATE: int
222 ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE: int
223 ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE: int
224 ALERT_DESCRIPTION_BAD_RECORD_MAC: int
225 ALERT_DESCRIPTION_CERTIFICATE_EXPIRED: int
226 ALERT_DESCRIPTION_CERTIFICATE_REVOKED: int
227 ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN: int
228 ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE: int
229 ALERT_DESCRIPTION_CLOSE_NOTIFY: int
230 ALERT_DESCRIPTION_DECODE_ERROR: int
231 ALERT_DESCRIPTION_DECOMPRESSION_FAILURE: int
232 ALERT_DESCRIPTION_DECRYPT_ERROR: int
233 ALERT_DESCRIPTION_HANDSHAKE_FAILURE: int
234 ALERT_DESCRIPTION_ILLEGAL_PARAMETER: int
235 ALERT_DESCRIPTION_INSUFFICIENT_SECURITY: int
236 ALERT_DESCRIPTION_INTERNAL_ERROR: int
237 ALERT_DESCRIPTION_NO_RENEGOTIATION: int
238 ALERT_DESCRIPTION_PROTOCOL_VERSION: int
239 ALERT_DESCRIPTION_RECORD_OVERFLOW: int
240 ALERT_DESCRIPTION_UNEXPECTED_MESSAGE: int
241 ALERT_DESCRIPTION_UNKNOWN_CA: int
242 ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY: int
243 ALERT_DESCRIPTION_UNRECOGNIZED_NAME: int
244 ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE: int
245 ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION: int
246 ALERT_DESCRIPTION_USER_CANCELLED: int
248 ALERT_DESCRIPTION_HANDSHAKE_FAILURE: AlertDescription
249 ALERT_DESCRIPTION_INTERNAL_ERROR: AlertDescription
250 ALERT_DESCRIPTION_ACCESS_DENIED: AlertDescription
251 ALERT_DESCRIPTION_BAD_CERTIFICATE: AlertDescription
252 ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE: AlertDescription
253 ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE: AlertDescription
254 ALERT_DESCRIPTION_BAD_RECORD_MAC: AlertDescription
255 ALERT_DESCRIPTION_CERTIFICATE_EXPIRED: AlertDescription
256 ALERT_DESCRIPTION_CERTIFICATE_REVOKED: AlertDescription
257 ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN: AlertDescription
258 ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE: AlertDescription
259 ALERT_DESCRIPTION_CLOSE_NOTIFY: AlertDescription
260 ALERT_DESCRIPTION_DECODE_ERROR: AlertDescription
261 ALERT_DESCRIPTION_DECOMPRESSION_FAILURE: AlertDescription
262 ALERT_DESCRIPTION_DECRYPT_ERROR: AlertDescription
263 ALERT_DESCRIPTION_ILLEGAL_PARAMETER: AlertDescription
264 ALERT_DESCRIPTION_INSUFFICIENT_SECURITY: AlertDescription
265 ALERT_DESCRIPTION_NO_RENEGOTIATION: AlertDescription
266 ALERT_DESCRIPTION_PROTOCOL_VERSION: AlertDescription
267 ALERT_DESCRIPTION_RECORD_OVERFLOW: AlertDescription
268 ALERT_DESCRIPTION_UNEXPECTED_MESSAGE: AlertDescription
269 ALERT_DESCRIPTION_UNKNOWN_CA: AlertDescription
270 ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY: AlertDescription
271 ALERT_DESCRIPTION_UNRECOGNIZED_NAME: AlertDescription
272 ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE: AlertDescription
273 ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION: AlertDescription
274 ALERT_DESCRIPTION_USER_CANCELLED: AlertDescription
276 class _ASN1Object(NamedTuple):
282 def fromnid(cls: Type[Self], nid: int) -> Self: ...
284 def fromname(cls: Type[Self], name: str) -> Self: ...
286 class Purpose(_ASN1Object, enum.Enum):
287 SERVER_AUTH: _ASN1Object
288 CLIENT_AUTH: _ASN1Object
290 class SSLSocket(socket.socket):
293 server_hostname: str | None
294 session: SSLSession | None
295 session_reused: bool | None
296 if sys.version_info < (3, 7):
299 sock: socket.socket | None = ...,
300 keyfile: str | None = ...,
301 certfile: str | None = ...,
302 server_side: bool = ...,
303 cert_reqs: int = ...,
304 ssl_version: int = ...,
305 ca_certs: str | None = ...,
306 do_handshake_on_connect: bool = ...,
310 fileno: int | None = ...,
311 suppress_ragged_eofs: bool = ...,
312 npn_protocols: Iterable[str] | None = ...,
313 ciphers: str | None = ...,
314 server_hostname: str | None = ...,
315 _context: SSLContext | None = ...,
316 _session: Any | None = ...,
319 def __init__(self, *args: Any, **kwargs: Any) -> None: ...
320 def connect(self, addr: socket._Address | bytes) -> None: ...
321 def connect_ex(self, addr: socket._Address | bytes) -> int: ...
322 def recv(self, buflen: int = ..., flags: int = ...) -> bytes: ...
323 def recv_into(self, buffer: WriteableBuffer, nbytes: int | None = ..., flags: int = ...) -> int: ...
324 def recvfrom(self, buflen: int = ..., flags: int = ...) -> tuple[bytes, socket._RetAddress]: ...
326 self, buffer: WriteableBuffer, nbytes: int | None = ..., flags: int = ...
327 ) -> tuple[int, socket._RetAddress]: ...
328 def send(self, data: ReadableBuffer, flags: int = ...) -> int: ...
329 def sendall(self, data: ReadableBuffer, flags: int = ...) -> None: ...
331 def sendto(self, data: ReadableBuffer, flags_or_addr: socket._Address) -> int: ...
333 def sendto(self, data: ReadableBuffer, flags_or_addr: int | socket._Address, addr: socket._Address | None = ...) -> int: ...
334 def shutdown(self, how: int) -> None: ...
335 def read(self, len: int = ..., buffer: bytearray | None = ...) -> bytes: ...
336 def write(self, data: bytes) -> int: ...
337 def do_handshake(self, block: bool = ...) -> None: ... # block is undocumented
339 def getpeercert(self, binary_form: Literal[False] = ...) -> _PeerCertRetDictType | None: ...
341 def getpeercert(self, binary_form: Literal[True]) -> bytes | None: ...
343 def getpeercert(self, binary_form: bool) -> _PeerCertRetType: ...
344 def cipher(self) -> tuple[str, str, int] | None: ...
345 def shared_ciphers(self) -> list[tuple[str, str, int]] | None: ...
346 def compression(self) -> str | None: ...
347 def get_channel_binding(self, cb_type: str = ...) -> bytes | None: ...
348 def selected_alpn_protocol(self) -> str | None: ...
349 def selected_npn_protocol(self) -> str | None: ...
350 def accept(self) -> tuple[SSLSocket, socket._RetAddress]: ...
351 def unwrap(self) -> socket.socket: ...
352 def version(self) -> str | None: ...
353 def pending(self) -> int: ...
354 if sys.version_info >= (3, 8):
355 def verify_client_post_handshake(self) -> None: ...
357 if sys.version_info >= (3, 7):
358 class TLSVersion(enum.IntEnum):
359 MINIMUM_SUPPORTED: int
360 MAXIMUM_SUPPORTED: int
370 verify_flags: VerifyFlags
371 verify_mode: VerifyMode
373 def protocol(self) -> _SSLMethod: ...
374 if sys.version_info >= (3, 7):
375 hostname_checks_common_name: bool
376 maximum_version: TLSVersion
377 minimum_version: TLSVersion
378 sni_callback: Callable[[SSLObject, str, SSLContext], None | int] | None
379 sslobject_class: ClassVar[Type[SSLObject]]
380 sslsocket_class: ClassVar[Type[SSLSocket]]
381 if sys.version_info >= (3, 8):
383 post_handshake_auth: bool
384 def __new__(cls, protocol: int = ..., *args: Any, **kwargs: Any) -> SSLContext: ...
385 def __init__(self, protocol: int = ...) -> None: ...
386 def cert_store_stats(self) -> dict[str, int]: ...
388 self, certfile: StrOrBytesPath, keyfile: StrOrBytesPath | None = ..., password: _PasswordType | None = ...
390 def load_default_certs(self, purpose: Purpose = ...) -> None: ...
391 def load_verify_locations(
392 self, cafile: StrOrBytesPath | None = ..., capath: StrOrBytesPath | None = ..., cadata: str | bytes | None = ...
394 def get_ca_certs(self, binary_form: bool = ...) -> list[_PeerCertRetDictType] | list[bytes]: ...
395 def get_ciphers(self) -> list[_Cipher]: ...
396 def set_default_verify_paths(self) -> None: ...
397 def set_ciphers(self, __cipherlist: str) -> None: ...
398 def set_alpn_protocols(self, alpn_protocols: Iterable[str]) -> None: ...
399 def set_npn_protocols(self, npn_protocols: Iterable[str]) -> None: ...
400 if sys.version_info >= (3, 7):
401 def set_servername_callback(self, server_name_callback: _SrvnmeCbType | None) -> None: ...
403 def set_servername_callback(self, __method: _SrvnmeCbType | None) -> None: ...
404 def load_dh_params(self, __path: str) -> None: ...
405 def set_ecdh_curve(self, __name: str) -> None: ...
409 server_side: bool = ...,
410 do_handshake_on_connect: bool = ...,
411 suppress_ragged_eofs: bool = ...,
412 server_hostname: str | None = ...,
413 session: SSLSession | None = ...,
419 server_side: bool = ...,
420 server_hostname: str | None = ...,
421 session: SSLSession | None = ...,
423 def session_stats(self) -> dict[str, int]: ...
428 server_hostname: str | None
429 session: SSLSession | None
431 if sys.version_info >= (3, 7):
432 def __init__(self, *args: Any, **kwargs: Any) -> None: ...
434 def __init__(self, sslobj: Any, owner: SSLSocket | SSLObject | None = ..., session: Any | None = ...) -> None: ...
435 def read(self, len: int = ..., buffer: bytearray | None = ...) -> bytes: ...
436 def write(self, data: bytes) -> int: ...
438 def getpeercert(self, binary_form: Literal[False] = ...) -> _PeerCertRetDictType | None: ...
440 def getpeercert(self, binary_form: Literal[True]) -> bytes | None: ...
442 def getpeercert(self, binary_form: bool) -> _PeerCertRetType: ...
443 def selected_alpn_protocol(self) -> str | None: ...
444 def selected_npn_protocol(self) -> str | None: ...
445 def cipher(self) -> tuple[str, str, int] | None: ...
446 def shared_ciphers(self) -> list[tuple[str, str, int]] | None: ...
447 def compression(self) -> str | None: ...
448 def pending(self) -> int: ...
449 def do_handshake(self) -> None: ...
450 def unwrap(self) -> None: ...
451 def version(self) -> str | None: ...
452 def get_channel_binding(self, cb_type: str = ...) -> bytes | None: ...
453 if sys.version_info >= (3, 8):
454 def verify_client_post_handshake(self) -> None: ...
459 def read(self, __size: int = ...) -> bytes: ...
460 def write(self, __buf: bytes) -> int: ...
461 def write_eof(self) -> None: ...
467 ticket_lifetime_hint: int
470 class SSLErrorNumber(enum.IntEnum):
472 SSL_ERROR_INVALID_ERROR_CODE: int
474 SSL_ERROR_SYSCALL: int
475 SSL_ERROR_WANT_CONNECT: int
476 SSL_ERROR_WANT_READ: int
477 SSL_ERROR_WANT_WRITE: int
478 SSL_ERROR_WANT_X509_LOOKUP: int
479 SSL_ERROR_ZERO_RETURN: int
481 SSL_ERROR_EOF: SSLErrorNumber # undocumented
482 SSL_ERROR_INVALID_ERROR_CODE: SSLErrorNumber # undocumented
483 SSL_ERROR_SSL: SSLErrorNumber # undocumented
484 SSL_ERROR_SYSCALL: SSLErrorNumber # undocumented
485 SSL_ERROR_WANT_CONNECT: SSLErrorNumber # undocumented
486 SSL_ERROR_WANT_READ: SSLErrorNumber # undocumented
487 SSL_ERROR_WANT_WRITE: SSLErrorNumber # undocumented
488 SSL_ERROR_WANT_X509_LOOKUP: SSLErrorNumber # undocumented
489 SSL_ERROR_ZERO_RETURN: SSLErrorNumber # undocumented
491 def get_protocol_name(protocol_code: int) -> str: ...
493 if sys.version_info < (3, 9):