MCPcopy
hub / github.com/python-trio/trio / SSLStream

Class SSLStream

src/trio/_ssl.py:260–907  ·  view source on GitHub ↗

r"""Encrypted communication using SSL/TLS. :class:`SSLStream` wraps an arbitrary :class:`~trio.abc.Stream`, and allows you to perform encrypted communication over it using the usual :class:`~trio.abc.Stream` interface. You pass regular data to :meth:`send_all`, then it encrypts it a

Source from the content-addressed store, hash-verified

258
259@final
260class SSLStream(Stream, Generic[T_Stream]):
261 r"""Encrypted communication using SSL/TLS.
262
263 :class:`SSLStream` wraps an arbitrary :class:`~trio.abc.Stream`, and
264 allows you to perform encrypted communication over it using the usual
265 :class:`~trio.abc.Stream` interface. You pass regular data to
266 :meth:`send_all`, then it encrypts it and sends the encrypted data on the
267 underlying :class:`~trio.abc.Stream`; :meth:`receive_some` takes encrypted
268 data out of the underlying :class:`~trio.abc.Stream` and decrypts it
269 before returning it.
270
271 You should read the standard library's :mod:`ssl` documentation carefully
272 before attempting to use this class, and probably other general
273 documentation on SSL/TLS as well. SSL/TLS is subtle and quick to
274 anger. Really. I'm not kidding.
275
276 Args:
277 transport_stream (~trio.abc.Stream): The stream used to transport
278 encrypted data. Required.
279
280 ssl_context (~ssl.SSLContext): The :class:`~ssl.SSLContext` used for
281 this connection. Required. Usually created by calling
282 :func:`ssl.create_default_context`.
283
284 server_hostname (str, bytes, or None): The name of the server being
285 connected to. Used for `SNI
286 <https://en.wikipedia.org/wiki/Server_Name_Indication>`__ and for
287 validating the server&#x27;s certificate (if hostname checking is
288 enabled). This is effectively mandatory for clients, and actually
289 mandatory if ``ssl_context.check_hostname`` is ``True``.
290
291 server_side (bool): Whether this stream is acting as a client or
292 server. Defaults to False, i.e. client mode.
293
294 https_compatible (bool): There are two versions of SSL/TLS commonly
295 encountered in the wild: the standard version, and the version used
296 for HTTPS (HTTP-over-SSL/TLS).
297
298 Standard-compliant SSL/TLS implementations always send a
299 cryptographically signed ``close_notify`` message before closing the
300 connection. This is important because if the underlying transport
301 were simply closed, then there wouldn&#x27;t be any way for the other
302 side to know whether the connection was intentionally closed by the
303 peer that they negotiated a cryptographic connection to, or by some
304 `man-in-the-middle
305 <https://en.wikipedia.org/wiki/Man-in-the-middle_attack>`__ attacker
306 who can&#x27;t manipulate the cryptographic stream, but can manipulate
307 the transport layer (a so-called "truncation attack").
308
309 However, this part of the standard is widely ignored by real-world
310 HTTPS implementations, which means that if you want to interoperate
311 with them, then you NEED to ignore it too.
312
313 Fortunately this isn&#x27;t as bad as it sounds, because the HTTP
314 protocol already includes its own equivalent of ``close_notify``, so
315 doing this again at the SSL/TLS level is redundant. But not all
316 protocols do! Therefore, by default Trio implements the safer
317 standard-compliant version (``https_compatible=False``). But if

Callers 11

acceptMethod · 0.85
ssl_echo_serverFunction · 0.85
virtual_ssl_echo_serverFunction · 0.85
ssl_wrap_pairFunction · 0.85
test_ssl_client_basicsFunction · 0.85
test_ssl_server_basicsFunction · 0.85
test_attributesFunction · 0.85
test_ssl_over_sslFunction · 0.85
setupFunction · 0.85

Calls

no outgoing calls

Tested by 10

ssl_echo_serverFunction · 0.68
virtual_ssl_echo_serverFunction · 0.68
ssl_wrap_pairFunction · 0.68
test_ssl_client_basicsFunction · 0.68
test_ssl_server_basicsFunction · 0.68
test_attributesFunction · 0.68
test_ssl_over_sslFunction · 0.68
setupFunction · 0.68

Used in the wild real call sites across dependent graphs

searching dependent graphs…