32 PROTOCOL_SSLv23 = 2 |
32 PROTOCOL_SSLv23 = 2 |
33 PROTOCOL_TLSv1 = 3 |
33 PROTOCOL_TLSv1 = 3 |
34 |
34 |
35 import socket, httplib |
35 import socket, httplib |
36 |
36 |
37 def ssl_wrap_socket(sock, key_file, cert_file, ssl_version=PROTOCOL_TLSv1, |
37 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, |
38 cert_reqs=CERT_REQUIRED, ca_certs=None): |
38 cert_reqs=CERT_REQUIRED, ca_certs=None): |
39 if not util.safehasattr(socket, 'ssl'): |
39 if not util.safehasattr(socket, 'ssl'): |
40 raise util.Abort(_('Python SSL support not found')) |
40 raise util.Abort(_('Python SSL support not found')) |
41 if ca_certs: |
41 if ca_certs: |
42 raise util.Abort(_( |
42 raise util.Abort(_( |
43 'certificate checking requires Python 2.6')) |
43 'certificate checking requires Python 2.6')) |
44 |
44 |
45 ssl = socket.ssl(sock, key_file, cert_file) |
45 ssl = socket.ssl(sock, keyfile, certfile) |
46 return httplib.FakeSocket(sock, ssl) |
46 return httplib.FakeSocket(sock, ssl) |
47 |
47 |
48 def _verifycert(cert, hostname): |
48 def _verifycert(cert, hostname): |
49 '''Verify that cert (in socket.getpeercert() format) matches hostname. |
49 '''Verify that cert (in socket.getpeercert() format) matches hostname. |
50 CRLs is not handled. |
50 CRLs is not handled. |