cpython: c32e9f9b00f7 (original) (raw)

--- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -515,6 +515,10 @@ Certificate handling Constants ^^^^^^^^^

.. data:: CERT_NONE Possible value for :attr:SSLContext.verify_mode, or the cert_reqs @@ -548,6 +552,12 @@ Constants be passed, either to :meth:SSLContext.load_verify_locations or as a value of the ca_certs parameter to :func:wrap_socket. +.. class:: VerifyMode +

.. data:: VERIFY_DEFAULT Possible value for :attr:SSLContext.verify_flags. In this mode, certificate @@ -588,6 +598,12 @@ Constants .. versionadded:: 3.4.4 +.. class:: VerifyFlags +

.. data:: PROTOCOL_TLS Selects the highest protocol version that both the client and server support. @@ -757,6 +773,12 @@ Constants .. versionadded:: 3.3 +.. class:: Options +

.. data:: HAS_ALPN Whether the OpenSSL library has built-in support for the *Application-Layer @@ -839,6 +861,12 @@ Constants .. versionadded:: 3.4 +.. class:: AlertDescription +

.. data:: Purpose.SERVER_AUTH Option for :func:create_default_context and @@ -857,6 +885,12 @@ Constants .. versionadded:: 3.4 +.. class:: SSLErrorNumber +

SSL Sockets ----------- @@ -1540,6 +1574,12 @@ to speed up repeated connections from th to set options, not to clear them. Attempting to clear an option (by resetting the corresponding bits) will raise a ValueError.

+

+ .. attribute:: SSLContext.protocol The protocol version chosen when constructing the context. This attribute @@ -1554,12 +1594,23 @@ to speed up repeated connections from th .. versionadded:: 3.4

+

+ .. attribute:: SSLContext.verify_mode Whether to try to verify other peers' certificates and how to behave if verification fails. This attribute must be one of :data:CERT_NONE, :data:CERT_OPTIONAL or :data:CERT_REQUIRED.

+

.. index:: single: certificates

--- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -94,7 +94,7 @@ import re import sys import os from collections import namedtuple -from enum import Enum as _Enum, IntEnum as _IntEnum +from enum import Enum as _Enum, IntEnum as _IntEnum, IntFlag as _IntFlag import _ssl # if we can't import it, let the error propagate @@ -104,7 +104,6 @@ from _ssl import ( SSLError, SSLZeroReturnError, SSLWantReadError, SSLWantWriteError, SSLSyscallError, SSLEOFError, ) -from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes try: @@ -113,32 +112,47 @@ except ImportError: # LibreSSL does not provide RAND_egd pass -def _import_symbols(prefix):

- -import_symbols('OP') -import_symbols('ALERT_DESCRIPTION') -import_symbols('SSL_ERROR') -import_symbols('VERIFY') from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN +from _ssl import _OPENSSL_API_VERSION -from _ssl import _OPENSSL_API_VERSION + +_IntEnum._convert(

+ +_IntFlag._convert(

_IntEnum._convert(

+ +_IntEnum._convert(

+ +_IntFlag._convert(

+ +_IntEnum._convert(

+ PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_TLS _PROTOCOL_NAMES = {value: name for name, value in _SSLMethod.members.items()} -try:

-except NameError:

+_SSLv2_IF_EXISTS = getattr(_SSLMethod, 'PROTOCOL_SSLv2', None) + if sys.platform == "win32": from _ssl import enum_certificates, enum_crls @@ -434,6 +448,34 @@ class SSLContext(_SSLContext): self._load_windows_store_certs(storename, purpose) self.set_default_verify_paths()

+

+

+

+

+

+ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, capath=None, cadata=None):

--- a/Misc/NEWS +++ b/Misc/NEWS @@ -122,6 +122,9 @@ Core and Builtins Library ------- +- Issue #28025: Convert all ssl module constants to IntEnum and IntFlags.