caslib.validating_https

ValidatingHTTPSConnection

class caslib.validating_https.ValidatingHTTPSConnection(host, port=None, key_file=None, cert_file=None, strict=None, cert_reqs=None, ca_certs=None, check_hostname=None, ssl_version=None)

Bases: httplib.HTTPSConnection

Variant of httplib.HTTPSConnection that validates server certificates and checks that the hostname matches the certificate.

>>> class ConfiguredValidatingHTTPSConnection(ValidatingHTTPSConnection):
...     ca_certs = '/etc/pki/tls/cert.pem'
>>> opener = urllib2.build_opener(ConfiguredValidatingHTTPSConnection.HTTPSHandler)
>>> fh = opener.open('https://validcertsite/')
>>> fh = opener.open('https://invalidcertsite/')
urllib2.URLError: <urlopen error (1, '_ssl.c:485: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed')>
>>> fh = opener.open('https://validcertsitewithhostnamethatdoesnotmatch/')
urllib2.URLError: <urlopen error Name 'validcertsitewithhostnamethatdoesnotmatch' does not match any of these certificate names: ['pleasecallmegeorge']>
Parameters:
  • host – host to connect to (see httplib.HTTPConnection)
  • port – port to connect to (see httplib.HTTPConnection)
  • key_file – client ssl key file (see httplib.HTTPSConnection)
  • cert_file – client ssl cert file (see httplib.HTTPSConnection)
  • strict – HTTP response strictness (see httplib.HTTPConnection)
  • ca_certs – CA certificates file to verify against, default is self.ca_certs (see ssl)
  • cert_reqs – Certificate requirement for peer, default is self.cert_reqs (see ssl)
  • ssl_version – SSL protocol version to use, default is ssl_version (see ssl)
  • check_hostname – Whether hostname checking should be performed or not, default is self.check_hostname. Hostnames are not checked if no certificate is validated.
Raises:

NotImplementedError if the ssl module is not available

HTTPSHandler

descriptor to generate a urllib2.HTTPSHandler that uses the containing HTTPSConnection class

alias of ValidatingHTTPSConnection.HTTPSHandler

ca_certs
Default ca_certs parameter for ssl.SSLSocket
cert_reqs
Default cert_reqs parameter for ssl.SSLSocket
check_hostname
Whether to do check that hostname matches certificate (ignored if the certificate is not validated)
ssl_version
Default ssl_version parameter for ssl.SSLSocket

CertNameMismatchError

exception caslib.validating_https.CertNameMismatchError(hostname, certnames)

Bases: ssl.SSLError

certnames
The hostnames that the certificate matches
hostname
The hostname used to make the connection

Table Of Contents

Previous topic

caslib

This Page