^Wc@@sdZddlmZy$ddlmZddlmZWnek r[Z e e nXddl Z ddl mZddlmZmZddlmZmZydd lmZWn'e k rdZdd lmZnXddlZddlZddlZd d lmZd d lm Z ddgZ!eZ"ie j#j$ej%6e j#j&ej'6Z(e)edre)e j#dre j#j*e(ej+ej?Z@dZAdZBdefdYZdZCdeDfdYZEerddZFneZFeFeE_FdZGdddddddd Z?dS(!s!SSL with SNI_-support for Python 2. Follow these instructions if you would like to verify SSL certificates in Python 2. Note, the default libraries do *not* do certificate checking; you need to do additional work to validate certificates yourself. This needs the following packages installed: * pyOpenSSL (tested with 0.13) * ndg-httpsclient (tested with 0.3.2) * pyasn1 (tested with 0.1.6) You can install them with the following command: pip install pyopenssl ndg-httpsclient pyasn1 To activate certificate checking, call :func:`~urllib3.contrib.pyopenssl.inject_into_urllib3` from your Python code before you begin making HTTP requests. This can be done in a ``sitecustomize`` module, or at any other time before your application begins using ``urllib3``, like this:: try: import urllib3.contrib.pyopenssl urllib3.contrib.pyopenssl.inject_into_urllib3() except ImportError: pass Now you can use :mod:`urllib3` as you normally would, and it will support SNI when the required modules are installed. Activating this module also has the positive side effect of disabling SSL/TLS compression in Python 2 (see `CRIME attack`_). If you want to configure the default list of supported cipher suites, you can set the ``urllib3.contrib.pyopenssl.DEFAULT_SSL_CIPHER_LIST`` variable. Module Variables ---------------- :var DEFAULT_SSL_CIPHER_LIST: The list of supported SSL/TLS cipher suites. .. _sni: https://en.wikipedia.org/wiki/Server_Name_Indication .. _crime attack: https://en.wikipedia.org/wiki/CRIME_(security_exploit) i(tabsolute_import(tSUBJ_ALT_NAME_SUPPORT(tSubjectAltNameN(tdecoder(tunivt constraint(ttimeoutterror(t _fileobject(tbackport_makefilei(t connection(tutiltinject_into_urllib3textract_from_urllib3tPROTOCOL_TLSv1_1tTLSv1_1_METHODtPROTOCOL_TLSv1_2tTLSv1_2_METHODtasciii@cC@stt_tt_tt_dS(s7Monkey-patch urllib3 with PyOpenSSL-backed SSL-support.N(tssl_wrap_socketR tHAS_SNIR tTruet IS_PYOPENSSL(((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR ns  cC@stt_tt_tt_dS(s4Undo monkey-patching by :func:`inject_into_urllib3`.N(torig_connection_ssl_wrap_socketR Rtorig_util_HAS_SNIR RtFalseR(((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR vs  RcB@s*eZdZejjejddZRS(s0ASN.1 implementation for subjectAltNames supportii(t__name__t __module__t__doc__Rt SequenceOftsizeSpecRtValueSizeConstraint(((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRs c C@s g}ts|St}xt|jD]}|j|}|j}|dkr_q,n|j}tj|d|}x|D]x}t |tsqnxZtt |D]F} |j | } | j dkrqn|j t| jqWqWq,W|S(NtsubjectAltNametasn1SpectdNSName(RRtrangetget_extension_countt get_extensiontget_short_nametget_datat der_decodertdecodet isinstancetlentgetComponentByPositiontgetNametappendtstrt getComponent( t peer_certtdns_namet general_namestitexttext_nametext_datt decoded_dattnametentryt component((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pytget_subj_alt_names*       %t WrappedSocketcB@seZdZedZdZdZdZdZdZ dZ dZ d Z d Z ed Zd Zd ZRS(sAPI-compatibility wrapper for Python OpenSSL's Connection-class. Note: _makefile_refs, _drop() and _reuse() are needed for the garbage collector of pypy. cC@s1||_||_||_d|_t|_dS(Ni(R tsockettsuppress_ragged_eofst_makefile_refsRt_closed(tselfR R>R?((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt__init__s     cC@s |jjS(N(R>tfileno(RB((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRDscC@s;|jdkr!|jd8_n|jr7|jndS(Nii(R@RAtclose(RB((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt_decref_socketioss cO@sy|jj||}Wntjjk rb}|jrM|jdkrMdStt|ntjj k r}|jj tjj krdSnptjj k rt j |jggg|jj\}}}|stdq |j||SnX|SdS(NisUnexpected EOFtsThe read operation timed out(isUnexpected EOF(R trecvtOpenSSLtSSLt SysCallErrorR?targst SocketErrorR/tZeroReturnErrort get_shutdowntRECEIVED_SHUTDOWNt WantReadErrortselectR>t gettimeoutR(RBRLtkwargstdatatetrdtwdted((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRHs"*cO@s y|jj||SWntjjk r`}|jrK|jdkrKdStt|ntjj k r}|jj tjj krdSnltjj k rt j |jggg|jj\}}}|stdq|j||SnXdS(NisUnexpected EOFisThe read operation timed out(isUnexpected EOF(R t recv_intoRIRJRKR?RLRMR/RNRORPRQRRR>RSR(RBRLRTRVRWRXRY((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRZs *cC@s|jj|S(N(R>t settimeout(RBR((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR[scC@sx}try|jj|SWqtjjk r{tjg|jgg|jj\}}}|st qqqXqWdS(N( RR tsendRIRJtWantWriteErrorRRR>RSR(RBRUt_twlist((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt_send_until_dones  cC@sGd}x:|t|krB|j|||t!}||7}q WdS(Ni(R+R`tSSL_WRITE_BLOCKSIZE(RBRUt total_senttsent((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pytsendallscC@s|jjdS(N(R tshutdown(RB((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRescC@sZ|jdkrGyt|_|jjSWqVtjjk rCdSXn|jd8_dS(Ni(R@RRAR RERIRJtError(RB((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyREs cC@s~|jj}|s|S|r8tjjtjj|Sid|jjfffd6gt|D]}d|f^qdd6S(Nt commonNametsubjecttDNSR ( R tget_peer_certificateRItcryptotdump_certificatet FILETYPE_ASN1t get_subjecttCNR<(RBt binary_formtx509tvalue((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt getpeercerts  cC@s|jd7_dS(Ni(R@(RB((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt_reuse#scC@s/|jdkr|jn|jd8_dS(Ni(R@RE(RB((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt_drop&s (RRRRRCRDRFRHRZR[R`RdReRERRsRtRu(((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR=s          icC@s%|jd7_t|||dtS(NiRE(R@RR(RBtmodetbufsize((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pytmakefile.scC@s |dkS(Ni((tcnxRqterr_not err_deptht return_code((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt_verify_callback7scC@stjjt|}|r8|p%|}|j|n|rN|j|n|tjkrt|jt |t n|s|ry|j ||Wqtjj k r} tj d|| qXn |jd} |j| |jttjj||} t|tjr,|jd}n| j|| jxtry| jWntjjk rtj|ggg|j\} } } | sFtdqFqFn,tjj k r} tj d| nXPqFWt| |S(Nsbad ca_certs: %risutf-8sselect timed outsbad handshake: %r( RIRJtContextt_openssl_versionstuse_certificate_filetuse_privatekey_filetsslt CERT_NONEt set_verifyt_openssl_verifyR}tload_verify_locationsRftSSLErrortset_default_verify_pathst set_optionstset_cipher_listtDEFAULT_SSL_CIPHER_LISTt ConnectionR*tsixt text_typetencodetset_tlsext_host_nametset_connect_stateRt do_handshakeRQRRRSRR=(tsocktkeyfiletcertfilet cert_reqstca_certstserver_hostnamet ssl_versiont ca_cert_dirtctxRVtOP_NO_COMPRESSIONRyRWR^((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR;sD        *(HRt __future__Rt%ndg.httpsclient.ssl_peer_verificationRtndg.httpsclient.subj_alt_nameRtBaseSubjectAltNamet SyntaxErrorRVt ImportErrort OpenSSL.SSLRItpyasn1.codec.derRR(t pyasn1.typeRRR>RRRMRtNonet#urllib3.packages.backports.makefileR RRRRRGR R t__all__RRJt SSLv23_METHODtPROTOCOL_SSLv23t TLSv1_METHODtPROTOCOL_TLSv1RthasattrRRRRtupdatet SSLv3_METHODtPROTOCOL_SSLv3tAttributeErrort VERIFY_NONERt VERIFY_PEERt CERT_OPTIONALtVERIFY_FAIL_IF_NO_PEER_CERTt CERT_REQUIREDRtssl_tDEFAULT_CIPHERSRRRaRRRR R R<tobjectR=RxR}(((s/private/var/folders/3n/6h2rwf155rn1m71wwyxn79n80000gn/T/pip-build-IcAT_k/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt-sl      !!!