Python ssl.create_default_context() Examples
The following are 30
code examples of ssl.create_default_context().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ssl
, or try the search function
.
.
Example #1
| Source File: serializekiller.py From serializekiller with The Unlicense | 10 votes |
|
def jenkins(url, port):
try:
cli_port = False
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
try:
output = urllib2.urlopen('https://'+url+':'+port+"/jenkins/", context=ctx, timeout=8).info()
cli_port = int(output['X-Jenkins-CLI-Port'])
except urllib2.HTTPError, e:
if e.getcode() == 404:
try:
output = urllib2.urlopen('https://'+url+':'+port, context=ctx, timeout=8).info()
cli_port = int(output['X-Jenkins-CLI-Port'])
except:
pass
except:
pass
Example #2
| Source File: microWebSrv2.py From MicroWebSrv2 with MIT License | 7 votes |
|
def EnableSSL(self, certFile, keyFile, caFile=None) :
import ssl
if not hasattr(ssl, 'SSLContext') :
raise MicroWebSrv2Exception('Unable to use SSL (implementation not supported).')
if not isinstance(certFile, str) or len(certFile) == 0 :
raise ValueError('"certFile" must be a not empty string.')
if not isinstance(keyFile, str) or len(keyFile) == 0 :
raise ValueError('"keyFile" must be a not empty string.')
if caFile is not None and not isinstance(caFile, str) :
raise ValueError('"caFile" must be a string or None.')
self._validateChangeConf()
try :
ctx = ssl.create_default_context( ssl.Purpose.CLIENT_AUTH,
cafile = caFile )
except :
raise ValueError('"caFile" must indicate a valid PEM file.')
try :
ctx.load_cert_chain(certfile=certFile, keyfile=keyFile)
except :
raise ValueError('"certFile" and "keyFile" must indicate the valid certificate and key files.')
self._sslContext = ctx
if self._bindAddr[1] == 80 :
self._bindAddr = (self._bindAddr[0], 443)
# ------------------------------------------------------------------------
Example #3
| Source File: http.py From Sony-PMCA-RE with MIT License | 6 votes |
|
def request(url, data=None, headers={}, cookies={}, auth=None):
if cookies:
headers['Cookie'] = '; '.join(quote(k) + '=' + quote(v) for (k, v) in cookies.items())
request = Request(str(url), data, headers)
manager = HTTPPasswordMgrWithDefaultRealm()
if auth:
manager.add_password(None, request.get_full_url(), auth[0], auth[1])
handlers = [HTTPBasicAuthHandler(manager), HTTPDigestAuthHandler(manager)]
try:
import certifi, ssl
handlers.append(HTTPSHandler(context=ssl.create_default_context(cafile=certifi.where())))
except:
# App engine
pass
response = build_opener(*handlers).open(request)
cj = CookieJar()
cj.extract_cookies(response, request)
headers = dict(response.headers)
raw_contents = response.read()
contents = raw_contents.decode(headers.get('charset', 'latin1'))
return HttpResponse(urlparse(response.geturl()), contents, raw_contents, headers, dict((c.name, c.value) for c in cj))
Example #4
| Source File: connections.py From ServerlessCrawler-VancouverRealState with MIT License | 6 votes |
|
def _create_ssl_ctx(self, sslp):
if isinstance(sslp, ssl.SSLContext):
return sslp
ca = sslp.get('ca')
capath = sslp.get('capath')
hasnoca = ca is None and capath is None
ctx = ssl.create_default_context(cafile=ca, capath=capath)
ctx.check_hostname = not hasnoca and sslp.get('check_hostname', True)
ctx.verify_mode = ssl.CERT_NONE if hasnoca else ssl.CERT_REQUIRED
if 'cert' in sslp:
ctx.load_cert_chain(sslp['cert'], keyfile=sslp.get('key'))
if 'cipher' in sslp:
ctx.set_ciphers(sslp['cipher'])
ctx.options |= ssl.OP_NO_SSLv2
ctx.options |= ssl.OP_NO_SSLv3
return ctx
Example #5
| Source File: connections.py From python-gvm with GNU General Public License v3.0 | 6 votes |
|
def _new_socket(self):
transport_socket = socketlib.socket(
socketlib.AF_INET, socketlib.SOCK_STREAM
)
if self.certfile and self.cafile and self.keyfile:
context = ssl.create_default_context(
ssl.Purpose.SERVER_AUTH, cafile=self.cafile
)
context.check_hostname = False
context.load_cert_chain(
certfile=self.certfile,
keyfile=self.keyfile,
password=self.password,
)
sock = context.wrap_socket(transport_socket, server_side=False)
else:
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
sock = context.wrap_socket(transport_socket)
sock.settimeout(self._timeout)
return sock
Example #6
| Source File: ca_certs_locater.py From misp42splunk with GNU Lesser General Public License v3.0 | 6 votes |
|
def _read_ssl_default_ca_certs():
# it's not guaranteed to return PEM formatted certs when `binary_form` is False
der_certs = ssl.create_default_context().get_ca_certs(binary_form=True)
pem_certs = [ssl.DER_cert_to_PEM_cert(der_cert_bytes) for der_cert_bytes in der_certs]
return '\n'.join(pem_certs)
Example #7
| Source File: ssl_servers.py From ironpython2 with Apache License 2.0 | 6 votes |
|
def make_https_server(case, context=None, certfile=CERTFILE,
host=HOST, handler_class=None):
if context is None:
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
# We assume the certfile contains both private key and certificate
context.load_cert_chain(certfile)
server = HTTPSServerThread(context, host, handler_class)
flag = threading.Event()
server.start(flag)
flag.wait()
def cleanup():
if support.verbose:
sys.stdout.write('stopping HTTPS server\n')
server.stop()
if support.verbose:
sys.stdout.write('joining HTTPS thread\n')
server.join()
case.addCleanup(cleanup)
return server
Example #8
| Source File: urllib2.py From ironpython2 with Apache License 2.0 | 6 votes |
|
def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
cafile=None, capath=None, cadefault=False, context=None):
global _opener
if cafile or capath or cadefault:
if context is not None:
raise ValueError(
"You can't pass both context and any of cafile, capath, and "
"cadefault"
)
if not _have_ssl:
raise ValueError('SSL support not available')
context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH,
cafile=cafile,
capath=capath)
https_handler = HTTPSHandler(context=context)
opener = build_opener(https_handler)
elif context:
https_handler = HTTPSHandler(context=context)
opener = build_opener(https_handler)
elif _opener is None:
_opener = opener = build_opener()
else:
opener = _opener
return opener.open(url, data, timeout)
Example #9
| Source File: cloudscraper.py From a4kScrapers with MIT License | 6 votes |
|
def __init__(self, *args, **kwargs):
self.ssl_context = kwargs.pop('ssl_context', None)
self.cipherSuite = kwargs.pop('cipherSuite', None)
self.source_address = kwargs.pop('source_address', None)
if self.source_address:
if isinstance(self.source_address, str):
self.source_address = (self.source_address, 0)
if not isinstance(self.source_address, tuple):
raise TypeError(
"source_address must be IP address string or (ip, port) tuple"
)
if not self.ssl_context:
self.ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
self.ssl_context.set_ciphers(self.cipherSuite)
self.ssl_context.set_ecdh_curve('prime256v1')
self.ssl_context.options |= (ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1)
super(CipherSuiteAdapter, self).__init__(**kwargs)
# ------------------------------------------------------------------------------- #
Example #10
| Source File: __init__.py From tikapy with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def _connect(self):
"""
Connects a ssl socket.
"""
self._connect_socket()
try:
ctx = ssl.create_default_context()
if not self.verify_cert:
ctx.verify_mode = ssl.CERT_OPTIONAL
if not self.verify_addr:
ctx.check_hostname = False
self._sock = ctx.wrap_socket(self._base_sock,
server_hostname=self.address)
except ssl.SSLError:
LOG.error('could not establish SSL connection')
raise ClientError('could not establish SSL connection')
Example #11
| Source File: wfapi.py From terraform-templates with Apache License 2.0 | 6 votes |
|
def _certifi_ssl_context(self):
if (sys.version_info.major == 2 and sys.hexversion >= 0x02070900 or
sys.version_info.major == 3 and sys.hexversion >= 0x03040300):
where = certifi.where()
self._log(DEBUG1, 'certifi %s: %s', certifi.__version__, where)
return ssl.create_default_context(
purpose=ssl.Purpose.SERVER_AUTH,
cafile=where)
else:
return None
#
# XXX USE OF cloud_ssl_context() IS DEPRECATED!
#
# If your operating system certificate store is out of date you can
# install certifi (https://pypi.python.org/pypi/certifi) and its CA
# bundle will be used for SSL server certificate verification when
# ssl_context is None.
#
Example #12
| Source File: urllib2.py From GDCTSCP with GNU Affero General Public License v3.0 | 6 votes |
|
def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
cafile=None, capath=None, cadefault=False, context=None):
global _opener
if cafile or capath or cadefault:
if context is not None:
raise ValueError(
"You can't pass both context and any of cafile, capath, and "
"cadefault"
)
if not _have_ssl:
raise ValueError('SSL support not available')
context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH,
cafile=cafile,
capath=capath)
https_handler = HTTPSHandler(context=context)
opener = build_opener(https_handler)
elif context:
https_handler = HTTPSHandler(context=context)
opener = build_opener(https_handler)
elif _opener is None:
_opener = opener = build_opener()
else:
opener = _opener
return opener.open(url, data, timeout)
Example #13
| Source File: tulpar.py From tulpar with GNU General Public License v3.0 | 6 votes |
|
def certificateInformation(url,dosyaAdi):
try:
context = ssl.create_default_context()
server = context.wrap_socket(socket.socket(), server_hostname=url)
server.connect((url, 443))
certificate = server.getpeercert()
print "[+]Certificate Serial Number: ",certificate.get('serialNumber')
print "[+]Certificate SSL Version:", certificate.get('version')
print "[+]Certificate:",certificate
raporIcerik="[+]Certificate Serial Number: "+str(certificate.get('serialNumber'))+"\n"
raporIcerik+="[+]Certificate SSL Version:"+str(certificate.get('version'))+"\n"
raporIcerik+="[+]Certificate:"+str(certificate)+"\n"
rapor = open(dosyaAdi, "a")
rapor.write(raporIcerik)
rapor.close()
except:
pass
Example #14
| Source File: PubSubConsumer.py From openSUSE-release-tools with GNU General Public License v2.0 | 6 votes |
|
def connect(self):
"""This method connects to RabbitMQ, returning the connection handle.
When the connection is established, the on_connection_open method
will be invoked by pika.
:rtype: pika.SelectConnection
"""
self.logger.info('Connecting to %s', self._prefix)
account = 'opensuse'
server = 'rabbit.opensuse.org'
if self._prefix == 'suse':
account = 'suse'
server = 'rabbit.suse.de'
credentials = pika.PlainCredentials(account, account)
context = ssl.create_default_context()
ssl_options = pika.SSLOptions(context, server)
parameters = pika.ConnectionParameters(server, 5671, '/', credentials, ssl_options=ssl_options, socket_timeout=10)
return pika.SelectConnection(parameters,
on_open_callback=self.on_connection_open)
Example #15
| Source File: PubSubConsumer.py From openSUSE-release-tools with GNU General Public License v2.0 | 6 votes |
|
def connect(self):
"""This method connects to RabbitMQ, returning the connection handle.
When the connection is established, the on_connection_open method
will be invoked by pika.
:rtype: pika.SelectConnection
"""
self.logger.info('Connecting to %s', self._prefix)
account = 'opensuse'
server = 'rabbit.opensuse.org'
if self._prefix == 'suse':
account = 'suse'
server = 'rabbit.suse.de'
credentials = pika.PlainCredentials(account, account)
context = ssl.create_default_context()
ssl_options = pika.SSLOptions(context, server)
parameters = pika.ConnectionParameters(server, 5671, '/', credentials, ssl_options=ssl_options, socket_timeout=10)
return pika.SelectConnection(parameters,
on_open_callback=self.on_connection_open)
Example #16
| Source File: test_client.py From selenium-wire with MIT License | 5 votes |
|
def _configure_proxy(self, host, port):
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
https_handler = urllib.request.HTTPSHandler(context=context)
proxy_handler = urllib.request.ProxyHandler({
'http': 'http://{}:{}'.format(host, port),
'https': 'http://{}:{}'.format(host, port),
})
opener = urllib.request.build_opener(https_handler, proxy_handler)
urllib.request.install_opener(opener)
Example #17
| Source File: iostream_test.py From opendevops with GNU General Public License v3.0 | 5 votes |
|
def test_check_hostname(self):
# Test that server_hostname parameter to start_tls is being used.
# The check_hostname functionality is only available in python 2.7 and
# up and in python 3.4 and up.
server_future = self.server_start_tls(_server_ssl_options())
with ExpectLog(gen_log, "SSL Error"):
client_future = self.client_start_tls(
ssl.create_default_context(), server_hostname="127.0.0.1"
)
with self.assertRaises(ssl.SSLError):
# The client fails to connect with an SSL error.
yield client_future
with self.assertRaises(Exception):
# The server fails to connect, but the exact error is unspecified.
yield server_future
Example #18
| Source File: timeitContext.py From Learning-Concurrency-in-Python with MIT License | 5 votes |
|
def myFunction():
# We create this context so that we can crawl
# https sites
myssl = ssl.create_default_context();
myssl.check_hostname=False
myssl.verify_mode=ssl.CERT_NONE
with Timer() as t:
req = Request('https://tutorialedge.net', headers={'User-Agent': 'Mozilla/5.0'})
response = urlopen(req, context=myssl)
print("Elapsed Time: {} seconds".format(t.elapsed))
Example #19
| Source File: simple_httpclient.py From opendevops with GNU General Public License v3.0 | 5 votes |
|
def _get_ssl_options(
self, scheme: str
) -> Union[None, Dict[str, Any], ssl.SSLContext]:
if scheme == "https":
if self.request.ssl_options is not None:
return self.request.ssl_options
# If we are using the defaults, don't construct a
# new SSLContext.
if (
self.request.validate_cert
and self.request.ca_certs is None
and self.request.client_cert is None
and self.request.client_key is None
):
return _client_ssl_defaults
ssl_ctx = ssl.create_default_context(
ssl.Purpose.SERVER_AUTH, cafile=self.request.ca_certs
)
if not self.request.validate_cert:
ssl_ctx.check_hostname = False
ssl_ctx.verify_mode = ssl.CERT_NONE
if self.request.client_cert is not None:
ssl_ctx.load_cert_chain(
self.request.client_cert, self.request.client_key
)
if hasattr(ssl, "OP_NO_COMPRESSION"):
# See netutil.ssl_options_to_context
ssl_ctx.options |= ssl.OP_NO_COMPRESSION
return ssl_ctx
return None
Example #20
| Source File: netutil.py From opendevops with GNU General Public License v3.0 | 5 votes |
|
def ssl_options_to_context(
ssl_options: Union[Dict[str, Any], ssl.SSLContext]
) -> ssl.SSLContext:
"""Try to convert an ``ssl_options`` dictionary to an
`~ssl.SSLContext` object.
The ``ssl_options`` dictionary contains keywords to be passed to
`ssl.wrap_socket`. In Python 2.7.9+, `ssl.SSLContext` objects can
be used instead. This function converts the dict form to its
`~ssl.SSLContext` equivalent, and may be used when a component which
accepts both forms needs to upgrade to the `~ssl.SSLContext` version
to use features like SNI or NPN.
"""
if isinstance(ssl_options, ssl.SSLContext):
return ssl_options
assert isinstance(ssl_options, dict)
assert all(k in _SSL_CONTEXT_KEYWORDS for k in ssl_options), ssl_options
# Can't use create_default_context since this interface doesn't
# tell us client vs server.
context = ssl.SSLContext(ssl_options.get("ssl_version", ssl.PROTOCOL_SSLv23))
if "certfile" in ssl_options:
context.load_cert_chain(
ssl_options["certfile"], ssl_options.get("keyfile", None)
)
if "cert_reqs" in ssl_options:
context.verify_mode = ssl_options["cert_reqs"]
if "ca_certs" in ssl_options:
context.load_verify_locations(ssl_options["ca_certs"])
if "ciphers" in ssl_options:
context.set_ciphers(ssl_options["ciphers"])
if hasattr(ssl, "OP_NO_COMPRESSION"):
# Disable TLS compression to avoid CRIME and related attacks.
# This constant depends on openssl version 1.0.
# TODO: Do we need to do this ourselves or can we trust
# the defaults?
context.options |= ssl.OP_NO_COMPRESSION
return context
Example #21
| Source File: honeypot.py From heralding with GNU General Public License v3.0 | 5 votes |
|
def create_ssl_context(pem_file):
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.check_hostname = False
ssl_context.load_cert_chain(pem_file)
return ssl_context
Example #22
| Source File: cacert_merge.py From minemeld-core with Apache License 2.0 | 5 votes |
|
def verify_cafile(cafile=None, cadata=None):
try:
create_default_context(cafile=cafile, cadata=cadata)
except IOError as e:
if cafile:
LOG.error('Invalid cafile %s: %s' % (cafile, e))
else:
LOG.error('Invalid cadata: %s' % e)
sys.exit(1)
Example #23
| Source File: test_urllibnet.py From ironpython2 with Apache License 2.0 | 5 votes |
|
def test_context_argument(self):
context = ssl.create_default_context(cafile=CERT_selfsigned_pythontestdotnet)
response = urllib.urlopen("https://self-signed.pythontest.net", context=context)
self.assertIn("Python", response.read())
Example #24
| Source File: cacert_merge.py From minemeld-core with Apache License 2.0 | 5 votes |
|
def create_default_context(cafile, cadata):
print('WARNING: old python version (< 2.7.9) - certificate verification not performed')
Example #25
| Source File: email_.py From messages with MIT License | 5 votes |
|
def _get_tls(self):
"""Get an SMTP session with TLS."""
session = smtplib.SMTP(self.server, self.port)
session.ehlo()
session.starttls(context=ssl.create_default_context())
session.ehlo()
return session
Example #26
| Source File: email_.py From messages with MIT License | 5 votes |
|
def _get_ssl(self):
"""Get an SMTP session with SSL."""
return smtplib.SMTP_SSL(
self.server, self.port, context=ssl.create_default_context()
)
Example #27
| Source File: ssl_support.py From lambda-packs with MIT License | 5 votes |
|
def connect(self):
sock = socket.create_connection(
(self.host, self.port), getattr(self, 'source_address', None)
)
# Handle the socket if a (proxy) tunnel is present
if hasattr(self, '_tunnel') and getattr(self, '_tunnel_host', None):
self.sock = sock
self._tunnel()
# http://bugs.python.org/issue7776: Python>=3.4.1 and >=2.7.7
# change self.host to mean the proxy server host when tunneling is
# being used. Adapt, since we are interested in the destination
# host for the match_hostname() comparison.
actual_host = self._tunnel_host
else:
actual_host = self.host
if hasattr(ssl, 'create_default_context'):
ctx = ssl.create_default_context(cafile=self.ca_bundle)
self.sock = ctx.wrap_socket(sock, server_hostname=actual_host)
else:
# This is for python < 2.7.9 and < 3.4?
self.sock = ssl.wrap_socket(
sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle
)
try:
match_hostname(self.sock.getpeercert(), actual_host)
except CertificateError:
self.sock.shutdown(socket.SHUT_RDWR)
self.sock.close()
raise
Example #28
| Source File: client_rpc.py From king-phisher with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def reconnect(self): """Reconnect to the remote server.""" self.lock.acquire() if self.use_ssl: if (sys.version_info[0] == 2 and sys.version_info >= (2, 7, 9)) or sys.version_info >= (3, 4, 3): context = ssl.create_default_context() context.check_hostname = False context.verify_mode = ssl.CERT_NONE self.client = advancedhttpserver.http.client.HTTPSConnection(self.host, self.port, context=context) else: self.client = advancedhttpserver.http.client.HTTPSConnection(self.host, self.port) else: self.client = advancedhttpserver.http.client.HTTPConnection(self.host, self.port) self.lock.release()
Example #29
| Source File: api_socket.py From RouterOS-api with MIT License | 5 votes |
|
def get_socket(hostname, port, use_ssl=False, ssl_verify=True, ssl_verify_hostname=True, ssl_context=None, timeout=15.0):
api_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
api_socket.settimeout(timeout)
while True:
try:
api_socket.connect((hostname, port))
except socket.error as e:
if e.args[0] != EINTR:
raise exceptions.RouterOsApiConnectionError(e)
else:
break
set_keepalive(api_socket, after_idle_sec=10)
# A provided ssl_context overrides any options
if ssl_context is None and use_ssl:
ssl_context = ssl.create_default_context()
if ssl_verify:
ssl_context.check_hostname = ssl_verify_hostname
ssl_context.verify_mode = ssl.CERT_REQUIRED
else:
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
if ssl_context is not None:
api_socket = ssl_context.wrap_socket(api_socket,server_hostname=hostname)
return SocketWrapper(api_socket)
# http://stackoverflow.com/a/14855726
Example #30
| Source File: socketutil.py From Pyro5 with MIT License | 5 votes |
|
def get_ssl_context(servercert: str = "", serverkey: str = "", clientcert: str = "", clientkey: str = "",
cacerts: str = "", keypassword: str = "") -> ssl.SSLContext:
"""creates an SSL context and caches it, so you have to set the parameters correctly before doing anything"""
global __ssl_client_context, __ssl_server_context
if servercert:
if clientcert:
raise ValueError("can't have both server cert and client cert")
# server context
if __ssl_server_context:
return __ssl_server_context
if not os.path.isfile(servercert):
raise IOError("server cert file not found")
if serverkey and not os.path.isfile(serverkey):
raise IOError("server key file not found")
__ssl_server_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
__ssl_server_context.load_cert_chain(servercert, serverkey or None, keypassword or None) # type: ignore
if cacerts:
if os.path.isdir(cacerts):
__ssl_server_context.load_verify_locations(capath=cacerts)
else:
__ssl_server_context.load_verify_locations(cafile=cacerts)
if config.SSL_REQUIRECLIENTCERT:
__ssl_server_context.verify_mode = ssl.CERT_REQUIRED # 2-way ssl, server+client certs
else:
__ssl_server_context.verify_mode = ssl.CERT_NONE # 1-way ssl, server cert only
return __ssl_server_context
else:
# client context
if __ssl_client_context:
return __ssl_client_context
__ssl_client_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
if clientcert:
if not os.path.isfile(clientcert):
raise IOError("client cert file not found")
__ssl_client_context.load_cert_chain(clientcert, clientkey or None, keypassword or None) # type: ignore
if cacerts:
if os.path.isdir(cacerts):
__ssl_client_context.load_verify_locations(capath=cacerts)
else:
__ssl_client_context.load_verify_locations(cafile=cacerts)
return __ssl_client_context
