Create a SSLContext object for Python stdlib modules All Python stdlib modules shall use this function to create SSLContext objects in order to keep common settings in one place. The configuration is less restrict than create_default_context()'s to increase backward compatibility.
(protocol=None, *, cert_reqs=CERT_NONE,
check_hostname=False, purpose=Purpose.SERVER_AUTH,
certfile=None, keyfile=None,
cafile=None, capath=None, cadata=None)
| 728 | return context |
| 729 | |
| 730 | def _create_unverified_context(protocol=None, *, cert_reqs=CERT_NONE, |
| 731 | check_hostname=False, purpose=Purpose.SERVER_AUTH, |
| 732 | certfile=None, keyfile=None, |
| 733 | cafile=None, capath=None, cadata=None): |
| 734 | """Create a SSLContext object for Python stdlib modules |
| 735 | |
| 736 | All Python stdlib modules shall use this function to create SSLContext |
| 737 | objects in order to keep common settings in one place. The configuration |
| 738 | is less restrict than create_default_context()'s to increase backward |
| 739 | compatibility. |
| 740 | """ |
| 741 | if not isinstance(purpose, _ASN1Object): |
| 742 | raise TypeError(purpose) |
| 743 | |
| 744 | # SSLContext sets OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_COMPRESSION, |
| 745 | # OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE |
| 746 | # by default. |
| 747 | if purpose == Purpose.SERVER_AUTH: |
| 748 | # verify certs and host name in client mode |
| 749 | if protocol is None: |
| 750 | protocol = PROTOCOL_TLS_CLIENT |
| 751 | elif purpose == Purpose.CLIENT_AUTH: |
| 752 | if protocol is None: |
| 753 | protocol = PROTOCOL_TLS_SERVER |
| 754 | else: |
| 755 | raise ValueError(purpose) |
| 756 | |
| 757 | context = SSLContext(protocol) |
| 758 | context.check_hostname = check_hostname |
| 759 | if cert_reqs is not None: |
| 760 | context.verify_mode = cert_reqs |
| 761 | if check_hostname: |
| 762 | context.check_hostname = True |
| 763 | |
| 764 | if keyfile and not certfile: |
| 765 | raise ValueError("certfile must be specified") |
| 766 | if certfile or keyfile: |
| 767 | context.load_cert_chain(certfile, keyfile) |
| 768 | |
| 769 | # load CA root certs |
| 770 | if cafile or capath or cadata: |
| 771 | context.load_verify_locations(cafile, capath, cadata) |
| 772 | elif context.verify_mode != CERT_NONE: |
| 773 | # no explicit cafile, capath or cadata but the verify mode is |
| 774 | # CERT_OPTIONAL or CERT_REQUIRED. Let's try to load default system |
| 775 | # root CA certificates for the given purpose. This may fail silently. |
| 776 | context.load_default_certs(purpose) |
| 777 | # OpenSSL 1.1.1 keylog file |
| 778 | if hasattr(context, 'keylog_filename'): |
| 779 | keylogfile = os.environ.get('SSLKEYLOGFILE') |
| 780 | if keylogfile and not sys.flags.ignore_environment: |
| 781 | context.keylog_filename = keylogfile |
| 782 | return context |
| 783 | |
| 784 | # Used by http.client if no context is explicitly passed. |
| 785 | _create_default_https_context = create_default_context |
nothing calls this directly
no test coverage detected