Low-level helpers for the SecureTransport bindings. These are Python functions that are not directly related to the high-level APIs but are necessary to get them to work. They include a whole bunch of low-level CoreFoundation messing about and memory management. The concerns in this module are almost entirely about trying to avoid memory leaks and providing appropriate and useful assistance to the higher-level code.
Constant | TLS |
Undocumented |
Function | _assert |
Checks the return code and throws an exception if there is an error to report |
Function | _build |
Builds a TLS alert record for an unknown CA. |
Function | _cert |
Given a bundle of certs in PEM format, turns them into a CFArray of certs that can be used to validate a cert chain. |
Function | _cf |
Given a bytestring, create a CFData object from it. This CFData object must be CFReleased by the caller. |
Function | _cf |
Given a list of Python tuples, create an associated CFDictionary. |
Function | _cf |
Creates a Unicode string from a CFString object. Used entirely for error reporting. |
Function | _cfstr |
Given a Python binary data, create a CFString. The string must be CFReleased by the caller. |
Function | _create |
Given a list of Python binary data, create an associated CFMutableArray. The array must be CFReleased by the caller. |
Function | _is |
Returns True if a given CFTypeRef is a certificate. |
Function | _is |
Returns True if a given CFTypeRef is an identity. |
Function | _load |
Load certificates and maybe keys from a number of files. Has the end goal of returning a CFArray containing one SecIdentityRef, and then zero or more SecCertificateRef objects, suitable for use as a client certificate trust chain. |
Function | _load |
Given a single file, loads all the trust objects from it into arrays and the keychain. Returns a tuple of lists: the first list is a list of identities, the second a list of certs. |
Function | _temporary |
This function creates a temporary Mac keychain that we can use to work with credentials. This keychain uses a one-time password and a temporary file to store the data. We expect to have one keychain per socket... |
Constant | _PEM |
Undocumented |
Undocumented
Value |
|
Given a bundle of certs in PEM format, turns them into a CFArray of certs that can be used to validate a cert chain.
Given a bytestring, create a CFData object from it. This CFData object must be CFReleased by the caller.
Creates a Unicode string from a CFString object. Used entirely for error reporting. Yes, it annoys me quite a lot that this function is this complex.
Given a list of Python binary data, create an associated CFMutableArray. The array must be CFReleased by the caller. Raises an ssl.SSLError on failure.
Load certificates and maybe keys from a number of files. Has the end goal of returning a CFArray containing one SecIdentityRef, and then zero or more SecCertificateRef objects, suitable for use as a client certificate trust chain.
Given a single file, loads all the trust objects from it into arrays and the keychain. Returns a tuple of lists: the first list is a list of identities, the second a list of certs.
This function creates a temporary Mac keychain that we can use to work with credentials. This keychain uses a one-time password and a temporary file to store the data. We expect to have one keychain per socket. The returned SecKeychainRef must be freed by the caller, including calling SecKeychainDelete. Returns a tuple of the SecKeychainRef and the path to the temporary directory that contains it.
Undocumented
Value |
|