urllib3.contrib._securetransport.low_level

module documentation
(source)

Low-level helpers for the SecureTransport bindings. These are Python functions that are not directly related to the high-level APIs but are necessary to get them to work. They include a whole bunch of low-level CoreFoundation messing about and memory management. The concerns in this module are almost entirely about trying to avoid memory leaks and providing appropriate and useful assistance to the higher-level code.

Constant TLS_PROTOCOL_VERSIONS Undocumented
Function _assert_no_error Checks the return code and throws an exception if there is an error to report
Function _build_tls_unknown_ca_alert Builds a TLS alert record for an unknown CA.
Function _cert_array_from_pem Given a bundle of certs in PEM format, turns them into a CFArray of certs that can be used to validate a cert chain.
Function _cf_data_from_bytes Given a bytestring, create a CFData object from it. This CFData object must be CFReleased by the caller.
Function _cf_dictionary_from_tuples Given a list of Python tuples, create an associated CFDictionary.
Function _cf_string_to_unicode Creates a Unicode string from a CFString object. Used entirely for error reporting.
Function _cfstr Given a Python binary data, create a CFString. The string must be CFReleased by the caller.
Function _create_cfstring_array Given a list of Python binary data, create an associated CFMutableArray. The array must be CFReleased by the caller.
Function _is_cert Returns True if a given CFTypeRef is a certificate.
Function _is_identity Returns True if a given CFTypeRef is an identity.
Function _load_client_cert_chain Load certificates and maybe keys from a number of files. Has the end goal of returning a CFArray containing one SecIdentityRef, and then zero or more SecCertificateRef objects, suitable for use as a client certificate trust chain.
Function _load_items_from_file Given a single file, loads all the trust objects from it into arrays and the keychain. Returns a tuple of lists: the first list is a list of identities, the second a list of certs.
Function _temporary_keychain This function creates a temporary Mac keychain that we can use to work with credentials. This keychain uses a one-time password and a temporary file to store the data. We expect to have one keychain per socket...
Constant _PEM_CERTS_RE Undocumented
TLS_PROTOCOL_VERSIONS: dict = (source)

Undocumented

Value
{'SSLv2': (0, 2),
 'SSLv3': (3, 0),
 'TLSv1': (3, 1),
 'TLSv1.1': (3, 2),
 'TLSv1.2': (3, 3)}
def _assert_no_error(error, exception_class=None): (source)

Checks the return code and throws an exception if there is an error to report

def _build_tls_unknown_ca_alert(version): (source)

Builds a TLS alert record for an unknown CA.

def _cert_array_from_pem(pem_bundle): (source)

Given a bundle of certs in PEM format, turns them into a CFArray of certs that can be used to validate a cert chain.

def _cf_data_from_bytes(bytestring): (source)

Given a bytestring, create a CFData object from it. This CFData object must be CFReleased by the caller.

def _cf_dictionary_from_tuples(tuples): (source)

Given a list of Python tuples, create an associated CFDictionary.

def _cf_string_to_unicode(value): (source)

Creates a Unicode string from a CFString object. Used entirely for error reporting. Yes, it annoys me quite a lot that this function is this complex.

def _cfstr(py_bstr): (source)

Given a Python binary data, create a CFString. The string must be CFReleased by the caller.

def _create_cfstring_array(lst): (source)

Given a list of Python binary data, create an associated CFMutableArray. The array must be CFReleased by the caller. Raises an ssl.SSLError on failure.

def _is_cert(item): (source)

Returns True if a given CFTypeRef is a certificate.

def _is_identity(item): (source)

Returns True if a given CFTypeRef is an identity.

def _load_client_cert_chain(keychain, *paths): (source)

Load certificates and maybe keys from a number of files. Has the end goal of returning a CFArray containing one SecIdentityRef, and then zero or more SecCertificateRef objects, suitable for use as a client certificate trust chain.

def _load_items_from_file(keychain, path): (source)

Given a single file, loads all the trust objects from it into arrays and the keychain. Returns a tuple of lists: the first list is a list of identities, the second a list of certs.

def _temporary_keychain(): (source)

This function creates a temporary Mac keychain that we can use to work with credentials. This keychain uses a one-time password and a temporary file to store the data. We expect to have one keychain per socket. The returned SecKeychainRef must be freed by the caller, including calling SecKeychainDelete. Returns a tuple of the SecKeychainRef and the path to the temporary directory that contains it.

_PEM_CERTS_RE = (source)

Undocumented

Value
re.compile(b'''-----BEGIN CERTIFICATE-----
(.*?)
-----END CERTIFICATE-----''',
           re.DOTALL)