106 |
106 |
107 return ssl.wrap_socket(socket, **args) |
107 return ssl.wrap_socket(socket, **args) |
108 |
108 |
109 def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE, |
109 def wrapsocket(sock, keyfile, certfile, ui, cert_reqs=ssl.CERT_NONE, |
110 ca_certs=None, serverhostname=None): |
110 ca_certs=None, serverhostname=None): |
|
111 """Add SSL/TLS to a socket. |
|
112 |
|
113 This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane |
|
114 choices based on what security options are available. |
|
115 |
|
116 In addition to the arguments supported by ``ssl.wrap_socket``, we allow |
|
117 the following additional arguments: |
|
118 |
|
119 * serverhostname - The expected hostname of the remote server. If the |
|
120 server (and client) support SNI, this tells the server which certificate |
|
121 to use. |
|
122 """ |
111 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol |
123 # Despite its name, PROTOCOL_SSLv23 selects the highest protocol |
112 # that both ends support, including TLS protocols. On legacy stacks, |
124 # that both ends support, including TLS protocols. On legacy stacks, |
113 # the highest it likely goes in TLS 1.0. On modern stacks, it can |
125 # the highest it likely goes in TLS 1.0. On modern stacks, it can |
114 # support TLS 1.2. |
126 # support TLS 1.2. |
115 # |
127 # |