Home | Trees | Index | Help |
---|
Package tlslite :: Module TLSConnection :: Class TLSConnection |
|
TLSRecordLayer
--+
|
TLSConnection
This class wraps a socket and provides TLS handshaking and data transfer.
To use this class, create a new instance, passing a connected socket into the constructor. Then call some handshake function. If the handshake completes without raising an exception, then a TLS connection has been negotiated. You can transfer data over this connection as if it were a socket.
This class provides both synchronous and asynchronous versions of its key functions. The synchronous versions should be used when writing single-or multi-threaded code using blocking sockets. The asynchronous versions should be used when performing asynchronous, event-based I/O with non-blocking sockets.
Asynchronous I/O is a complicated subject; typically, you should not use the asynchronous functions directly, but should use some framework like asyncore or Twisted which TLS Lite integrates with (seetlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
or tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
).
Method Summary | |
---|---|
Create a new TLSConnection instance. | |
None or an iterable |
Perform a certificate-based handshake in the role of client. |
None or an iterable |
Perform a shared-key handshake in the role of client. |
None or an iterable |
Perform an SRP handshake in the role of client. |
None or an iterable |
Perform a to-be-determined type of handshake in the role of client. |
Perform a handshake in the role of server. | |
iterable |
Start a server handshake operation on the TLS connection. |
_getKeyFromChain(self,
certificate,
settings)
| |
_handshakeClientAsync(self,
srpParams,
certParams,
unknownParams,
sharedKeyParams,
session,
settings,
checker,
recursive)
| |
_handshakeClientAsyncHelper(self,
srpParams,
certParams,
unknownParams,
sharedKeyParams,
session,
settings,
recursive)
| |
_handshakeServerAsyncHelper(self,
sharedKeyDB,
verifierDB,
certChain,
privateKey,
reqCert,
sessionCache,
settings)
| |
_handshakeWrapperAsync(self,
handshaker,
checker)
| |
Inherited from TLSRecordLayer | |
Close the TLS connection. | |
iterable |
Start a close operation on the TLS connection. |
str |
Get the name of the cipher implementation used with this connection. |
str |
Get the name of the cipher used with this connection. |
Return the remote address to which the socket is connected (socket emulation). | |
Return the socket's own address (socket emulation). | |
Return the timeout associated with socket operations (socket emulation). | |
tlslite.FileObject.FileObject
|
Create a file object for the TLS connection (socket emulation). |
str |
Read some data from the TLS connection. |
iterable |
Start a read operation on the TLS connection. |
Get some data from the TLS connection (socket emulation). | |
Send data to the TLS connection (socket emulation). | |
Send data to the TLS connection (socket emulation). | |
Set the value of the given socket option (socket emulation). | |
Set a timeout on blocking socket operations (socket emulation). | |
Write some data to the TLS connection. | |
iterable |
Start a write operation on the TLS connection. |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
Instance Variable Summary | |
---|---|
Inherited from TLSRecordLayer | |
str or None | allegedSharedKeyUsername : This is set to the shared-key username asserted by the client, whether
the handshake succeeded or not. |
str or None | allegedSrpUsername : This is set to the SRP username asserted by the client, whether the
handshake succeeded or not. |
bool | closed : If this connection is closed. |
bool | closeSocket : If the socket should be closed when the connection is closed
(writable). |
bool | ignoreAbruptClose : If an abrupt close of the socket should raise an error (writable). |
bool | resumed : If this connection is based on a resumed session. |
tlslite.Session.Session |
session : The session corresponding to this connection. |
socket.socket | sock : The underlying socket object. |
tuple | version : The TLS version being used for this connection. |
Method Details |
---|
__init__(self,
sock)
Create a new TLSConnection instance.
|
handshakeClientCert(self, certChain=None, privateKey=None, session=None, settings=None, checker=None, async=False)Perform a certificate-based handshake in the role of client. This function performs an SSL or TLS handshake. The server will authenticate itself using an X.509 or cryptoID certificate chain. If the handshake succeeds, the server's certificate chain will be stored in the session's serverCertChain attribute. Unless a checker object is passed in, this function does no validation or checking of the server's certificate chain. If the server requests client authentication, the client will send the passed-in certificate chain, and use the passed-in private key to authenticate itself. If no certificate chain and private key were passed in, the client will attempt to proceed without client authentication. The server may or may not allow this. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open).
|
handshakeClientSharedKey(self, username, sharedKey, settings=None, checker=None, async=False)Perform a shared-key handshake in the role of client. This function performs a shared-key handshake. Using shared symmetric keys of high entropy (128 bits or greater) mutually authenticates both parties to each other. TLS with shared-keys is non-standard. Most TLS implementations don't support it. See http://www.ietf.org/html.charters/tls-charter.html for the latest information on TLS with shared-keys. If the shared-keys Internet-Draft changes or is superceded, TLS Lite will track those changes, so the shared-key support in later versions of TLS Lite may become incompatible with this version. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open).
|
handshakeClientSRP(self, username, password, session=None, settings=None, checker=None, async=False)Perform an SRP handshake in the role of client. This function performs a TLS/SRP handshake. SRP mutually authenticates both parties to each other using only a username and password. This function may also perform a combined SRP and server-certificate handshake, if the server chooses to authenticate itself with a certificate chain in addition to doing SRP. TLS/SRP is non-standard. Most TLS implementations don't support it. See http://www.ietf.org/html.charters/tls-charter.html or http://trevp.net/tlssrp/ for the latest information on TLS/SRP. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open).
|
handshakeClientUnknown(self, srpCallback=None, certCallback=None, session=None, settings=None, checker=None, async=False)Perform a to-be-determined type of handshake in the role of client. This function performs an SSL or TLS handshake. If the server requests client certificate authentication, the certCallback will be invoked and should return a (certChain, privateKey) pair. If the callback returns None, the library will attempt to proceed without client authentication. The server may or may not allow this. If the server requests SRP authentication, the srpCallback will be invoked and should return a (username, password) pair. If the callback returns None, the local implementation will signal a user_canceled error alert. After the handshake completes, the client can inspect the connection's session attribute to determine what type of authentication was performed. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open).
|
handshakeServer(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None)Perform a handshake in the role of server. This function performs an SSL or TLS handshake. Depending on the arguments and the behavior of the client, this function can perform a shared-key, SRP, or certificate-based handshake. It can also perform a combined SRP and server-certificate handshake. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. This function does not send a Hello Request message before performing the handshake, so if re-handshaking is required, the server must signal the client to begin the re-handshake through some other means. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open).
|
handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None)Start a server handshake operation on the TLS connection. This function returns a generator which behaves similarly to handshakeServer(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or it will raise StopIteration if the handshake operation is complete.
|
Home | Trees | Index | Help |
---|
Generated by Epydoc 2.0 on Sun Mar 21 00:04:58 2004 | http://epydoc.sf.net |