@@ -51,7 +51,7 @@ Functions, Constants, and Exceptions
5151 network connection. This error is a subtype of :exc: `socket.error `, which
5252 in turn is a subtype of :exc: `IOError `.
5353
54- .. function :: wrap_socket (sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version={see docs}, ca_certs=None)
54+ .. function :: wrap_socket (sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version={see docs}, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True )
5555
5656 Takes an instance ``sock `` of :class: `socket.socket `, and returns an instance of :class: `ssl.SSLSocket `, a subtype
5757 of :class: `socket.socket `, which wraps the underlying socket in an SSL context.
@@ -118,6 +118,18 @@ Functions, Constants, and Exceptions
118118 `* ` In some older versions of OpenSSL (for instance, 0.9.7l on OS X 10.4),
119119 an SSLv2 client could not connect to an SSLv23 server.
120120
121+ The parameter ``do_handshake_on_connect `` specifies whether to do the SSL
122+ handshake automatically after doing a :meth: `socket.connect `, or whether the
123+ application program will call it explicitly, by invoking the :meth: `SSLSocket.do_handshake `
124+ method. Calling :meth: `SSLSocket.do_handshake ` explicitly gives the program control over
125+ the blocking behavior of the socket I/O involved in the handshake.
126+
127+ The parameter ``suppress_ragged_eofs `` specifies how the :meth: `SSLSocket.read `
128+ method should signal unexpected EOF from the other end of the connection. If specified
129+ as :const: `True ` (the default), it returns a normal EOF in response to unexpected
130+ EOF errors raised from the underlying socket; if :const: `False `, it will raise
131+ the exceptions back the caller.
132+
121133.. function :: RAND_status()
122134
123135 Returns True if the SSL pseudo-random number generator has been
@@ -231,15 +243,41 @@ Functions, Constants, and Exceptions
231243SSLSocket Objects
232244-----------------
233245
234- .. method :: SSLSocket.read([ nbytes=1024] )
246+ .. method :: SSLSocket.read(nbytes=1024, buffer=None )
235247
236248 Reads up to ``nbytes `` bytes from the SSL-encrypted channel and returns them.
249+ If the ``buffer `` is specified, it will attempt to read into the buffer
250+ the minimum of the size of the buffer and ``nbytes ``, if that is specified.
251+ If no buffer is specified, an immutable buffer is allocated and returned
252+ with the data read from the socket.
237253
238254.. method :: SSLSocket.write(data)
239255
240256 Writes the ``data `` to the other side of the connection, using the
241257 SSL channel to encrypt. Returns the number of bytes written.
242258
259+ .. method :: SSLSocket.do_handshake()
260+
261+ Performs the SSL setup handshake. If the socket is non-blocking,
262+ this method may raise :exc: `SSLError ` with the value of the exception
263+ instance's ``args[0] ``
264+ being either :const: `SSL_ERROR_WANT_READ ` or
265+ :const: `SSL_ERROR_WANT_WRITE `, and should be called again until
266+ it stops raising those exceptions. Here's an example of how to do
267+ that::
268+
269+ while True:
270+ try:
271+ sock.do_handshake()
272+ break
273+ except ssl.SSLError as err:
274+ if err.args[0] == ssl.SSL_ERROR_WANT_READ:
275+ select.select([sock], [], [])
276+ elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
277+ select.select([], [sock], [])
278+ else:
279+ raise
280+
243281.. method :: SSLSocket.getpeercert(binary_form=False)
244282
245283 If there is no certificate for the peer on the other end of the
0 commit comments