| 909 | |
| 910 | |
| 911 | class TLSUpgradeProto(asyncio.Protocol): |
| 912 | def __init__( |
| 913 | self, |
| 914 | loop: asyncio.AbstractEventLoop, |
| 915 | host: str, |
| 916 | port: int, |
| 917 | ssl_context: ssl_module.SSLContext, |
| 918 | ssl_is_advisory: bool, |
| 919 | ) -> None: |
| 920 | self.on_data = _create_future(loop) |
| 921 | self.host = host |
| 922 | self.port = port |
| 923 | self.ssl_context = ssl_context |
| 924 | self.ssl_is_advisory = ssl_is_advisory |
| 925 | |
| 926 | def data_received(self, data: bytes) -> None: |
| 927 | if data == b'S': |
| 928 | self.on_data.set_result(True) |
| 929 | elif (self.ssl_is_advisory and |
| 930 | self.ssl_context.verify_mode == ssl_module.CERT_NONE and |
| 931 | data == b'N'): |
| 932 | # ssl_is_advisory will imply that ssl.verify_mode == CERT_NONE, |
| 933 | # since the only way to get ssl_is_advisory is from |
| 934 | # sslmode=prefer. But be extra sure to disallow insecure |
| 935 | # connections when the ssl context asks for real security. |
| 936 | self.on_data.set_result(False) |
| 937 | else: |
| 938 | self.on_data.set_exception( |
| 939 | ConnectionError( |
| 940 | 'PostgreSQL server at "{host}:{port}" ' |
| 941 | 'rejected SSL upgrade'.format( |
| 942 | host=self.host, port=self.port))) |
| 943 | |
| 944 | def connection_lost(self, exc: typing.Optional[Exception]) -> None: |
| 945 | if not self.on_data.done(): |
| 946 | if exc is None: |
| 947 | exc = ConnectionError('unexpected connection_lost() call') |
| 948 | self.on_data.set_exception(exc) |
| 949 | |
| 950 | |
| 951 | _ProctolFactoryR = typing.TypeVar( |
no outgoing calls
no test coverage detected
searching dependent graphs…