3 �Qgݭ � @ sp d Z ddlZddlZddlZddlZddlZddlmZ ddlm Z mZm Z ddlZddlmZmZmZ ddlmZmZmZ ddlmZmZmZmZmZmZ ddlmZmZ dd lm Z m!Z!m"Z"m#Z# ydd lm$Z$ W n e%k r� Y nX ddlm&Z&m'Z'm(Z(m)Z)m*Z* ddlm+Z+ dd lm,Z, ej-de.dd� ed� ej-de.dd� ed� ej-de.dd� ed� ej-de.dd� ed� ej-de.dd� ed� ej-de.dd� ed� e/j0 Z1e/_1dd� e/j2j3� D �Z4e5e/dd�Z6ej7dk�r�dd lm8Z8m9Z9 dd!l:m:Z:m;Z;m<Z<m=Z= dd"l:m>Z>m?Z? ddl@Z@ddlAZAddlBZBeCZDejE�r>d#gZFng ZFe+ZGG d$d%� d%eH�ZIdRd'd(�ZJd)d*� ZKd+d,� ZLed-d.�ZMd/d0� ZNG d1d2� d2ed2d3��ZOG d4d5� d5eOe �ZPG d6d7� d7e�ZQePjRfdddd8�d9d:�ZSe0feTd;ePjRdddddd<�d=d>�ZUeSZVeUZWG d?d@� d@�ZXG dAdB� dBe:�ZYddd;eTe0ddCdCdf dDdE�ZZdFdG� Z[dHZ\dIZ]dJdK� Z^dLdM� Z_e0dfdNdO�Z`dPdQ� ZadS )Sa� This module provides some more Pythonic support for SSL. Object types: SSLSocket -- subtype of socket.socket which does SSL over the socket Exceptions: SSLError -- exception raised for I/O errors Functions: cert_time_to_seconds -- convert time string used for certificate notBefore and notAfter functions to integer seconds past the Epoch (the time values returned from time.time()) fetch_server_certificate (HOST, PORT) -- fetch the certificate provided by the server running on HOST at port PORT. No validation of the certificate is performed. Integer constants: SSL_ERROR_ZERO_RETURN SSL_ERROR_WANT_READ SSL_ERROR_WANT_WRITE SSL_ERROR_WANT_X509_LOOKUP SSL_ERROR_SYSCALL SSL_ERROR_SSL SSL_ERROR_WANT_CONNECT SSL_ERROR_EOF SSL_ERROR_INVALID_ERROR_CODE The following group define certificate requirements that one side is allowing/requiring from the other side: CERT_NONE - no certificates from the other side are required (or will be looked at if provided) CERT_OPTIONAL - certificates are not required, but if provided will be validated, and if validation fails, the connection will also fail CERT_REQUIRED - certificates are required, and will be validated, and if validation fails, the connection will also fail The following constants identify various SSL protocol variants: PROTOCOL_SSLv2 PROTOCOL_SSLv3 PROTOCOL_SSLv23 PROTOCOL_TLS PROTOCOL_TLS_CLIENT PROTOCOL_TLS_SERVER PROTOCOL_TLSv1 PROTOCOL_TLSv1_1 PROTOCOL_TLSv1_2 The following constants identify various SSL alert message descriptions as per http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6 ALERT_DESCRIPTION_CLOSE_NOTIFY ALERT_DESCRIPTION_UNEXPECTED_MESSAGE ALERT_DESCRIPTION_BAD_RECORD_MAC ALERT_DESCRIPTION_RECORD_OVERFLOW ALERT_DESCRIPTION_DECOMPRESSION_FAILURE ALERT_DESCRIPTION_HANDSHAKE_FAILURE ALERT_DESCRIPTION_BAD_CERTIFICATE ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE ALERT_DESCRIPTION_CERTIFICATE_REVOKED ALERT_DESCRIPTION_CERTIFICATE_EXPIRED ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN ALERT_DESCRIPTION_ILLEGAL_PARAMETER ALERT_DESCRIPTION_UNKNOWN_CA ALERT_DESCRIPTION_ACCESS_DENIED ALERT_DESCRIPTION_DECODE_ERROR ALERT_DESCRIPTION_DECRYPT_ERROR ALERT_DESCRIPTION_PROTOCOL_VERSION ALERT_DESCRIPTION_INSUFFICIENT_SECURITY ALERT_DESCRIPTION_INTERNAL_ERROR ALERT_DESCRIPTION_USER_CANCELLED ALERT_DESCRIPTION_NO_RENEGOTIATION ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE ALERT_DESCRIPTION_UNRECOGNIZED_NAME ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY � N)� namedtuple)�Enum�IntEnum�IntFlag)�OPENSSL_VERSION_NUMBER�OPENSSL_VERSION_INFO�OPENSSL_VERSION)�_SSLContext� MemoryBIO� SSLSession)�SSLError�SSLZeroReturnError�SSLWantReadError�SSLWantWriteError�SSLSyscallError�SSLEOFError)�txt2obj�nid2obj)�RAND_status�RAND_add� RAND_bytes�RAND_pseudo_bytes)�RAND_egd)�HAS_SNI�HAS_ECDH�HAS_NPN�HAS_ALPN�HAS_TLSv1_3)�_DEFAULT_CIPHERS)�_OPENSSL_API_VERSION� _SSLMethodc C s | j d�o| dkS )NZ PROTOCOL_�PROTOCOL_SSLv23)� startswith)�name� r$ �/usr/lib64/python3.6/ssl.py�<lambda>} s r&