ó ú—7Tc@sãdZddlmZddlmZddlZddlm Z ddl m Z m Z ddlmZmZddlZddlZddlmZd d lmZd d lmZd d gZeZiejjej6ejjej6ejjej 6Z!iejj"ej#6ejj$ej%6ejj$ejj&ej'6Z(dddZ)ejZ*ej+Z,d„Z-d„Z.defd„ƒYZd„Z/defd„ƒYZ0de1fd„ƒYZ2d„Z3ddddddd„Z+dS(s´SSL with SNI_-support for Python 2. Follow these instructions if you would like to verify SSL certificates in Python 2. Note, the default libraries do *not* do certificate checking; you need to do additional work to validate certificates yourself. This needs the following packages installed: * pyOpenSSL (tested with 0.13) * ndg-httpsclient (tested with 0.3.2) * pyasn1 (tested with 0.1.6) You can install them with the following command: pip install pyopenssl ndg-httpsclient pyasn1 To activate certificate checking, call :func:`~urllib3.contrib.pyopenssl.inject_into_urllib3` from your Python code before you begin making HTTP requests. This can be done in a ``sitecustomize`` module, or at any other time before your application begins using ``urllib3``, like this:: try: import urllib3.contrib.pyopenssl urllib3.contrib.pyopenssl.inject_into_urllib3() except ImportError: pass Now you can use :mod:`urllib3` as you normally would, and it will support SNI when the required modules are installed. Activating this module also has the positive side effect of disabling SSL/TLS encryption in Python 2 (see `CRIME attack`_). If you want to configure the default list of supported cipher suites, you can set the ``urllib3.contrib.pyopenssl.DEFAULT_SSL_CIPHER_LIST`` variable. Module Variables ---------------- :var DEFAULT_SSL_CIPHER_LIST: The list of supported SSL/TLS cipher suites. Default: ``ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES: ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS`` .. _sni: https://en.wikipedia.org/wiki/Server_Name_Indication .. _crime attack: https://en.wikipedia.org/wiki/CRIME_(security_exploit) iÿÿÿÿ(tSUBJ_ALT_NAME_SUPPORT(tSubjectAltNameN(tdecoder(tunivt constraint(t _fileobjectttimeout(tStringIOi(t connection(tutiltinject_into_urllib3textract_from_urllib3s,ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:sAECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:s!aNULL:!MD5:!DSScCstt_tt_dS(s7Monkey-patch urllib3 with PyOpenSSL-backed SSL-support.N(tssl_wrap_socketRtHAS_SNIR (((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR fs cCstt_tt_dS(s4Undo monkey-patching by :func:`inject_into_urllib3`.N(torig_connection_ssl_wrap_socketRR torig_util_HAS_SNIR R (((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR ms RcBs*eZdZejjejddƒZRS(s0ASN.1 implementation for subjectAltNames supportii(t__name__t __module__t__doc__Rt SequenceOftsizeSpecRtValueSizeConstraint(((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRus c Cs g}ts|Stƒ}xët|jƒƒD]×}|j|ƒ}|jƒ}|dkr_q,n|jƒ}tj|d|ƒ}x€|D]x}t |tƒs¢q‡nxZtt |ƒƒD]F} |j | ƒ} | j ƒdkrâqµn|j t| jƒƒƒqµWq‡Wq,W|S(NtsubjectAltNametasn1SpectdNSName(RRtrangetget_extension_countt get_extensiontget_short_nametget_datat der_decodertdecodet isinstancetlentgetComponentByPositiontgetNametappendtstrt getComponent( t peer_certtdns_namet general_namestitexttext_nametext_datt decoded_dattnametentryt component((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pytget_subj_alt_name€s*       %t fileobjectcBs)eZd„Zdd„Zdd„ZRS(cCsFtj|jggg|jjƒƒ\}}}|sBtƒ‚ndS(N(tselectt_sockt gettimeoutR(tselftrdtwdted((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt_wait_for_sock siÿÿÿÿc Cst|j|jƒ}|j}|jddƒ|dkr±tƒ|_x^tr¦y|jj|ƒ}Wn$t j j k r‹|j ƒqInX|s–Pn|j |ƒqIW|jƒS|jƒ}||kr |jdƒ|j|ƒ}tƒ|_|jj |jƒƒ|Stƒ|_xÚtró||}y|jj|ƒ}Wn$t j j k rf|j ƒqnX|sqPnt|ƒ}||kr”| r”|S||kr´|j |ƒ~Pn||ksÖtd||fƒ‚|j |ƒ||7}~qW|jƒSdS(Niisrecv(%d) returned %d bytes(tmaxt _rbufsizetdefault_bufsizet_rbuftseekRtTrueR5trecvtOpenSSLtSSLt WantReadErrorR;twritetgetvaluettelltreadR!tAssertionError( R7tsizetrbufsizetbuftdatatbuf_lentrvtlefttn((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRI§sX                 "  c Csù|j}|jddƒ|jƒdkr”|jdƒ|j|ƒ}|jdƒsht|ƒ|krŽtƒ|_|jj|jƒƒ|S~n|dkr@|j dkre|jdƒ|jƒg}tƒ|_d}|j j }xlt rWy:x3|dkr*|dƒ}|sPn|j|ƒqøWWn$tjjk rR|jƒqìnXPqìWdj|ƒS|jddƒtƒ|_x²t r5y|j j |j ƒ}Wn$tjjk rÉ|jƒq„nX|sÔPn|jdƒ}|dkr%|d7}|j|| ƒ|jj||ƒ~Pn|j|ƒq„W|jƒS|jddƒ|jƒ}||krª|jdƒ|j|ƒ} tƒ|_|jj|jƒƒ| Stƒ|_x2t rêy|j j |j ƒ}Wn$tjjk rþ|jƒq¹nX|s Pn||} |jdd| ƒ}|dkrx|d7}|jj||ƒ|rm|j|| ƒPqx|| Snt|ƒ} | |kr›| r›|S| | krÐ|j|| ƒ|jj|| ƒPn|j|ƒ|| 7}q¹W|jƒSdS(Niis it(R?R@RHtreadlinetendswithR!RRFRIR=tNoneR5RBRAR$RCRDRER;tjointfindRG( R7RKRMtblinetbuffersRNRBtnlRORPRQRR((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRTës¨  !                             (RRR;RIRT(((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR3žs  Dt WrappedSocketcBsSeZdZd„Zd„Zdd„Zd„Zd„Zd„Ze d„Z RS( s@API-compatibility wrapper for Python OpenSSL's Connection-class.cCs||_||_dS(N(Rtsocket(R7RR]((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt__init__Ss cCs |jjƒS(N(R]tfileno(R7((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR_WsiÿÿÿÿcCst|j||ƒS(N(R3R(R7tmodetbufsize((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pytmakefileZscCs|jj|ƒS(N(R]t settimeout(R7R((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRc]scCs|jj|ƒS(N(Rtsendall(R7RN((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyRd`scCs |jjƒS(N(Rtshutdown(R7((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pytclosecscCs~|jjƒ}|s|S|r8tjjtjj|ƒSid|jƒjfffd6gt|ƒD]}d|f^qdd6S(Nt commonNametsubjecttDNSR( Rtget_peer_certificateRCtcryptotdump_certificatet FILETYPE_ASN1t get_subjecttCNR2(R7t binary_formtx509tvalue((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt getpeercertfs  ( RRRR^R_RbRcRdRftFalseRs(((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR\Ps      cCs |dkS(Ni((tcnxRqterr_not err_deptht return_code((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt_verify_callback|sc Cs“tjjt|ƒ}|r,|j|ƒn|rB|j|ƒn|tjkrh|jt |t ƒn|r·y|j |dƒWqÁtjj k r³}tjd||ƒ‚qÁXn |jƒd} |j| ƒ|jtƒtjj||ƒ} | j|ƒ| jƒxvtr…y| jƒWnZtjjk rVtj|gggƒqn+tjj k r€}tjd|ƒ‚nXPqWt| |ƒS(Nsbad ca_certs: %ris bad handshake(RCRDtContextt_openssl_versionstuse_certificate_filetuse_privatekey_filetsslt CERT_NONEt set_verifyt_openssl_verifyRytload_verify_locationsRVtErrortSSLErrortset_default_verify_pathst set_optionstset_cipher_listtDEFAULT_SSL_CIPHER_LISTt Connectiontset_tlsext_host_nametset_connect_stateRAt do_handshakeRER4R\( tsocktkeyfiletcertfilet cert_reqstca_certstserver_hostnamet ssl_versiontctxtetOP_NO_COMPRESSIONRu((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyR €s:      (5Rt%ndg.httpsclient.ssl_peer_verificationRtndg.httpsclient.subj_alt_nameRtBaseSubjectAltNamet OpenSSL.SSLRCtpyasn1.codec.derRRt pyasn1.typeRRR]RRR~R4t cStringIORRSRR t__all__R RDt SSLv23_METHODtPROTOCOL_SSLv23t SSLv3_METHODtPROTOCOL_SSLv3t TLSv1_METHODtPROTOCOL_TLSv1R{t VERIFY_NONERt VERIFY_PEERt CERT_OPTIONALtVERIFY_FAIL_IF_NO_PEER_CERTt CERT_REQUIREDRRˆRR RR R R2R3tobjectR\RyRV(((sf/var/www/otrsdash.zarafa.com/venv/build/pip/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.pyt/sH          ²,