Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3aeacad

Browse files
committed
Issue #28025: Convert all ssl module constants to IntEnum and IntFlags.
1 parent 0c6ab35 commit 3aeacad

3 files changed

Lines changed: 115 additions & 19 deletions

File tree

Doc/library/ssl.rst

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -515,6 +515,10 @@ Certificate handling
515515
Constants
516516
^^^^^^^^^
517517

518+
All constants are now :class:`enum.IntEnum` or :class:`enum.IntFlag` collections.
519+
520+
.. versionadded:: 3.6
521+
518522
.. data:: CERT_NONE
519523

520524
Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs``
@@ -548,6 +552,12 @@ Constants
548552
be passed, either to :meth:`SSLContext.load_verify_locations` or as a
549553
value of the ``ca_certs`` parameter to :func:`wrap_socket`.
550554

555+
.. class:: VerifyMode
556+
557+
:class:`enum.IntEnum` collection of CERT_* constants.
558+
559+
.. versionadded:: 3.6
560+
551561
.. data:: VERIFY_DEFAULT
552562

553563
Possible value for :attr:`SSLContext.verify_flags`. In this mode, certificate
@@ -588,6 +598,12 @@ Constants
588598

589599
.. versionadded:: 3.4.4
590600

601+
.. class:: VerifyFlags
602+
603+
:class:`enum.IntFlag` collection of VERIFY_* constants.
604+
605+
.. versionadded:: 3.6
606+
591607
.. data:: PROTOCOL_TLS
592608

593609
Selects the highest protocol version that both the client and server support.
@@ -757,6 +773,12 @@ Constants
757773

758774
.. versionadded:: 3.3
759775

776+
.. class:: Options
777+
778+
:class:`enum.IntFlag` collection of OP_* constants.
779+
780+
.. versionadded:: 3.6
781+
760782
.. data:: HAS_ALPN
761783

762784
Whether the OpenSSL library has built-in support for the *Application-Layer
@@ -839,6 +861,12 @@ Constants
839861

840862
.. versionadded:: 3.4
841863

864+
.. class:: AlertDescription
865+
866+
:class:`enum.IntEnum` collection of ALERT_DESCRIPTION_* constants.
867+
868+
.. versionadded:: 3.6
869+
842870
.. data:: Purpose.SERVER_AUTH
843871

844872
Option for :func:`create_default_context` and
@@ -857,6 +885,12 @@ Constants
857885

858886
.. versionadded:: 3.4
859887

888+
.. class:: SSLErrorNumber
889+
890+
:class:`enum.IntEnum` collection of SSL_ERROR_* constants.
891+
892+
.. versionadded:: 3.6
893+
860894

861895
SSL Sockets
862896
-----------
@@ -1540,6 +1574,12 @@ to speed up repeated connections from the same clients.
15401574
to set options, not to clear them. Attempting to clear an option
15411575
(by resetting the corresponding bits) will raise a ``ValueError``.
15421576

1577+
.. versionchanged:: 3.6
1578+
:attr:`SSLContext.options` returns :class:`Options` flags:
1579+
1580+
>>> ssl.create_default_context().options
1581+
<Options.OP_ALL|OP_NO_SSLv3|OP_NO_SSLv2|OP_NO_COMPRESSION: 2197947391>
1582+
15431583
.. attribute:: SSLContext.protocol
15441584

15451585
The protocol version chosen when constructing the context. This attribute
@@ -1554,12 +1594,23 @@ to speed up repeated connections from the same clients.
15541594

15551595
.. versionadded:: 3.4
15561596

1597+
.. versionchanged:: 3.6
1598+
:attr:`SSLContext.verify_flags` returns :class:`VerifyFlags` flags:
1599+
1600+
>>> ssl.create_default_context().verify_flags
1601+
<VerifyFlags.VERIFY_X509_TRUSTED_FIRST: 32768>
1602+
15571603
.. attribute:: SSLContext.verify_mode
15581604

15591605
Whether to try to verify other peers' certificates and how to behave
15601606
if verification fails. This attribute must be one of
15611607
:data:`CERT_NONE`, :data:`CERT_OPTIONAL` or :data:`CERT_REQUIRED`.
15621608

1609+
.. versionchanged:: 3.6
1610+
:attr:`SSLContext.verify_mode` returns :class:`VerifyMode` enum:
1611+
1612+
>>> ssl.create_default_context().verify_mode
1613+
<VerifyMode.CERT_REQUIRED: 2>
15631614

15641615
.. index:: single: certificates
15651616

Lib/ssl.py

Lines changed: 61 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@
9494
import sys
9595
import os
9696
from collections import namedtuple
97-
from enum import Enum as _Enum, IntEnum as _IntEnum
97+
from enum import Enum as _Enum, IntEnum as _IntEnum, IntFlag as _IntFlag
9898

9999
import _ssl # if we can't import it, let the error propagate
100100

@@ -104,7 +104,6 @@
104104
SSLError, SSLZeroReturnError, SSLWantReadError, SSLWantWriteError,
105105
SSLSyscallError, SSLEOFError,
106106
)
107-
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
108107
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
109108
from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
110109
try:
@@ -113,32 +112,47 @@
113112
# LibreSSL does not provide RAND_egd
114113
pass
115114

116-
def _import_symbols(prefix):
117-
for n in dir(_ssl):
118-
if n.startswith(prefix):
119-
globals()[n] = getattr(_ssl, n)
120-
121-
_import_symbols('OP_')
122-
_import_symbols('ALERT_DESCRIPTION_')
123-
_import_symbols('SSL_ERROR_')
124-
_import_symbols('VERIFY_')
125115

126116
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN
127-
128117
from _ssl import _OPENSSL_API_VERSION
129118

119+
120+
_IntEnum._convert(
121+
'_SSLMethod', __name__,
122+
lambda name: name.startswith('PROTOCOL_') and name != 'PROTOCOL_SSLv23',
123+
source=_ssl)
124+
125+
_IntFlag._convert(
126+
'Options', __name__,
127+
lambda name: name.startswith('OP_'),
128+
source=_ssl)
129+
130130
_IntEnum._convert(
131-
'_SSLMethod', __name__,
132-
lambda name: name.startswith('PROTOCOL_') and name != 'PROTOCOL_SSLv23',
133-
source=_ssl)
131+
'AlertDescription', __name__,
132+
lambda name: name.startswith('ALERT_DESCRIPTION_'),
133+
source=_ssl)
134+
135+
_IntEnum._convert(
136+
'SSLErrorNumber', __name__,
137+
lambda name: name.startswith('SSL_ERROR_'),
138+
source=_ssl)
139+
140+
_IntFlag._convert(
141+
'VerifyFlags', __name__,
142+
lambda name: name.startswith('VERIFY_'),
143+
source=_ssl)
144+
145+
_IntEnum._convert(
146+
'VerifyMode', __name__,
147+
lambda name: name.startswith('CERT_'),
148+
source=_ssl)
149+
134150

135151
PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_TLS
136152
_PROTOCOL_NAMES = {value: name for name, value in _SSLMethod.__members__.items()}
137153

138-
try:
139-
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2
140-
except NameError:
141-
_SSLv2_IF_EXISTS = None
154+
_SSLv2_IF_EXISTS = getattr(_SSLMethod, 'PROTOCOL_SSLv2', None)
155+
142156

143157
if sys.platform == "win32":
144158
from _ssl import enum_certificates, enum_crls
@@ -434,6 +448,34 @@ def load_default_certs(self, purpose=Purpose.SERVER_AUTH):
434448
self._load_windows_store_certs(storename, purpose)
435449
self.set_default_verify_paths()
436450

451+
@property
452+
def options(self):
453+
return Options(super().options)
454+
455+
@options.setter
456+
def options(self, value):
457+
super(SSLContext, SSLContext).options.__set__(self, value)
458+
459+
@property
460+
def verify_flags(self):
461+
return VerifyFlags(super().verify_flags)
462+
463+
@verify_flags.setter
464+
def verify_flags(self, value):
465+
super(SSLContext, SSLContext).verify_flags.__set__(self, value)
466+
467+
@property
468+
def verify_mode(self):
469+
value = super().verify_mode
470+
try:
471+
return VerifyMode(value)
472+
except ValueError:
473+
return value
474+
475+
@verify_mode.setter
476+
def verify_mode(self, value):
477+
super(SSLContext, SSLContext).verify_mode.__set__(self, value)
478+
437479

438480
def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
439481
capath=None, cadata=None):

Misc/NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122,6 +122,9 @@ Core and Builtins
122122
Library
123123
-------
124124

125+
- Issue #28025: Convert all ssl module constants to IntEnum and IntFlags.
126+
SSLContext properties now return flags and enums.
127+
125128
- Issue #433028: Added support of modifier spans in regular expressions.
126129

127130
- Issue #24594: Validates persist parameter when opening MSI database

0 commit comments

Comments
 (0)