ó b@RTc@sãdZy$ddlmZddlmZWnek rKZeeƒ‚nXddl Z ddl m Z ddlmZmZddlmZmZddlZddlZdd lmZdd lmZd d gZeZie jjej6e jjej6e jj ej!6Z"ie jj#ej$6e jj%ej&6e jj%e jj'ej(6Z)d ddZ*ejZ+ej,Z-d„Z.d„Z/defd„ƒYZd„Z0de1fd„ƒYZ2d„Z3ddddddd„Z,dS(s´SSL with SNI_-support for Python 2. Follow these instructions if you would like to verify SSL certificates in Python 2. Note, the default libraries do *not* do certificate checking; you need to do additional work to validate certificates yourself. This needs the following packages installed: * pyOpenSSL (tested with 0.13) * ndg-httpsclient (tested with 0.3.2) * pyasn1 (tested with 0.1.6) You can install them with the following command: pip install pyopenssl ndg-httpsclient pyasn1 To activate certificate checking, call :func:`~urllib3.contrib.pyopenssl.inject_into_urllib3` from your Python code before you begin making HTTP requests. This can be done in a ``sitecustomize`` module, or at any other time before your application begins using ``urllib3``, like this:: try: import urllib3.contrib.pyopenssl urllib3.contrib.pyopenssl.inject_into_urllib3() except ImportError: pass Now you can use :mod:`urllib3` as you normally would, and it will support SNI when the required modules are installed. Activating this module also has the positive side effect of disabling SSL/TLS encryption in Python 2 (see `CRIME attack`_). If you want to configure the default list of supported cipher suites, you can set the ``urllib3.contrib.pyopenssl.DEFAULT_SSL_CIPHER_LIST`` variable. Module Variables ---------------- :var DEFAULT_SSL_CIPHER_LIST: The list of supported SSL/TLS cipher suites. Default: ``ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES: ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS`` .. _sni: https://en.wikipedia.org/wiki/Server_Name_Indication .. _crime attack: https://en.wikipedia.org/wiki/CRIME_(security_exploit) iÿÿÿÿ(tSUBJ_ALT_NAME_SUPPORT(tSubjectAltNameN(tdecoder(tunivt constraint(t _fileobjectttimeouti(t connection(tutiltinject_into_urllib3textract_from_urllib3s,ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:sAECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:s!aNULL:!MD5:!DSScCstt_tt_dS(s7Monkey-patch urllib3 with PyOpenSSL-backed SSL-support.N(tssl_wrap_socketRtHAS_SNIR(((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyR is cCstt_tt_dS(s4Undo monkey-patching by :func:`inject_into_urllib3`.N(torig_connection_ssl_wrap_socketRR torig_util_HAS_SNIRR (((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyR ps RcBs*eZdZejjejddƒZRS(s0ASN.1 implementation for subjectAltNames supportii(t__name__t __module__t__doc__Rt SequenceOftsizeSpecRtValueSizeConstraint(((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyRxs c Cs g}ts|Stƒ}xët|jƒƒD]×}|j|ƒ}|jƒ}|dkr_q,n|jƒ}tj|d|ƒ}x€|D]x}t |tƒs¢q‡nxZtt |ƒƒD]F} |j | ƒ} | j ƒdkrâqµn|j t| jƒƒƒqµWq‡Wq,W|S(NtsubjectAltNametasn1SpectdNSName(RRtrangetget_extension_countt get_extensiontget_short_nametget_datat der_decodertdecodet isinstancetlentgetComponentByPositiontgetNametappendtstrt getComponent( t peer_certtdns_namet general_namestitexttext_nametext_datt decoded_dattnametentryt component((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pytget_subj_alt_nameƒs*       %t WrappedSocketcBsqeZdZed„Zd„Zdd„Zd„Zd„Zd„Z d„Z e d „Z d „Z d „ZRS( s§API-compatibility wrapper for Python OpenSSL's Connection-class. Note: _makefile_refs, _drop() and _reuse() are needed for the garbage collector of pypy. cCs(||_||_||_d|_dS(Ni(Rtsockettsuppress_ragged_eofst_makefile_refs(tselfRR3R4((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyt__init__¨s   cCs |jjƒS(N(R3tfileno(R6((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyR8®siÿÿÿÿcCs%|jd7_t|||dtƒS(Nitclose(R5RtTrue(R6tmodetbufsize((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pytmakefile±scOsÇy|jj||Ž}Wn£tjjk rS}|jrM|jdkrMdS‚nptjjk r¾tj|j ggg|j j ƒƒ\}}}|s«t dƒ‚qÃ|j||ŽSnX|SdS(NiÿÿÿÿsUnexpected EOFtsThe read operation timed out(iÿÿÿÿsUnexpected EOF( RtrecvtOpenSSLtSSLt SysCallErrorR4targst WantReadErrortselectR3t gettimeoutR(R6RCtkwargstdatatetrdtwdted((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyR?µs*cCs|jj|ƒS(N(R3t settimeout(R6R((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyRMÇscCs|jj|ƒS(N(Rtsendall(R6RH((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyRNÊscCs/|jdkr|jjƒS|jd8_dS(Ni(R5Rtshutdown(R6((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyR9Ís cCs~|jjƒ}|s|S|r8tjjtjj|ƒSid|jƒjfffd6gt|ƒD]}d|f^qdd6S(Nt commonNametsubjecttDNSR( Rtget_peer_certificateR@tcryptotdump_certificatet FILETYPE_ASN1t get_subjecttCNR1(R6t binary_formtx509tvalue((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyt getpeercertÓs  cCs|jd7_dS(Ni(R5(R6((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyt_reuseèscCs/|jdkr|jƒn|jd8_dS(Ni(R5R9(R6((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyt_dropës (RRRR:R7R8R=R?RMRNR9tFalseR\R]R^(((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyR2¡s         cCs |dkS(Ni((tcnxRZterr_not err_deptht return_code((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyt_verify_callbackòsc Cs“tjjt|ƒ}|r,|j|ƒn|rB|j|ƒn|tjkrh|jt |t ƒn|r·y|j |dƒWqÁtjj k r³}tjd||ƒ‚qÁXn |jƒd} |j| ƒ|jtƒtjj||ƒ} | j|ƒ| jƒxvtr…y| jƒWnZtjjk rVtj|gggƒqn+tjj k r€}tjd|ƒ‚nXPqWt| |ƒS(Nsbad ca_certs: %ris bad handshake(R@RAtContextt_openssl_versionstuse_certificate_filetuse_privatekey_filetsslt CERT_NONEt set_verifyt_openssl_verifyRdtload_verify_locationstNonetErrortSSLErrortset_default_verify_pathst set_optionstset_cipher_listtDEFAULT_SSL_CIPHER_LISTt Connectiontset_tlsext_host_nametset_connect_stateR:t do_handshakeRDRER2( tsocktkeyfiletcertfilet cert_reqstca_certstserver_hostnamet ssl_versiontctxRItOP_NO_COMPRESSIONR`((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyR ös:      (5Rt%ndg.httpsclient.ssl_peer_verificationRtndg.httpsclient.subj_alt_nameRtBaseSubjectAltNamet SyntaxErrorRIt ImportErrort OpenSSL.SSLR@tpyasn1.codec.derRRt pyasn1.typeRRR3RRRiRER>RRt__all__R RAt SSLv23_METHODtPROTOCOL_SSLv23t SSLv3_METHODtPROTOCOL_SSLv3t TLSv1_METHODtPROTOCOL_TLSv1Rft VERIFY_NONERjt VERIFY_PEERt CERT_OPTIONALtVERIFY_FAIL_IF_NO_PEER_CERTt CERT_REQUIREDRlRtRR R R R R1tobjectR2RdRn(((sX/opt/freeware/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.pyt/sJ          Q