tlslib.insecure.stdlib_insecure
Shims the standard library OpenSSL module into the amended PEP 543 API.
1"""Shims the standard library OpenSSL module into the amended PEP 543 API.""" 2 3from __future__ import annotations 4 5import ssl 6import warnings 7 8from ..stdlib import ( 9 OpenSSLClientContext, 10 OpenSSLServerContext, 11 OpenSSLTLSBuffer, 12 OpenSSLTLSSocket, 13 _init_context_client, 14 _init_context_server, 15 _SSLContext, 16 validate_config, 17) 18from ..tlslib import ( 19 TLSClientConfiguration, 20 TLSServerConfiguration, 21) 22from . import ( 23 InsecureConfiguration, 24 InsecureTLSImplementation, 25 SecurityWarning, 26) 27 28 29def _apply_insecure_config( 30 context: _SSLContext, insecure_config: InsecureConfiguration 31) -> _SSLContext: 32 ossl_context = context 33 if insecure_config.disable_hostname_check: 34 ossl_context.check_hostname = False 35 if insecure_config.disable_verification: 36 ossl_context.verify_mode = ssl.CERT_NONE 37 38 return ossl_context 39 40 41class OpenSSLInsecureClientContext(OpenSSLClientContext): 42 """ 43 Class allowing users to make insecure choices using the stdlib OpenSSL-based implementation. 44 """ 45 46 def __init__( 47 self, 48 tls_configuration: TLSClientConfiguration, 49 insecure_configuration: InsecureConfiguration, 50 ) -> None: 51 """ 52 Create a new insecure context object from a given TLS configuration and 53 insecure configuration.""" 54 warnings.warn( 55 "Using an insecure Client Context is insecure and should not be used in production.", 56 SecurityWarning, 57 ) 58 59 self._insecure_config = insecure_configuration 60 super().__init__(tls_configuration) 61 62 def connect(self, address: tuple[str | None, int]) -> OpenSSLTLSSocket: 63 """Create an insecure socket-like object that can be used to do TLS.""" 64 warnings.warn( 65 "You are connecting using an insecure Client Context. \ 66 This is insecure and should not be used in production.", 67 SecurityWarning, 68 ) 69 70 ossl_context = _init_context_client(self._configuration) 71 72 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 73 74 return OpenSSLTLSSocket._create( 75 parent_context=self, 76 server_side=False, 77 ssl_context=ossl_context, 78 address=address, 79 ) 80 81 def create_buffer(self, server_hostname: str) -> OpenSSLTLSBuffer: 82 """Creates an insecure TLSBuffer that acts as an in-memory channel, 83 and contains information about the TLS exchange 84 (cipher, negotiated_protocol, negotiated_tls_version, etc.).""" 85 86 warnings.warn( 87 "You are creating a TLSBuffer using an insecure Server Context. \ 88 This is insecure and should not be used in production.", 89 SecurityWarning, 90 ) 91 92 ossl_context = _init_context_client(self._configuration) 93 94 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 95 96 return OpenSSLTLSBuffer._create( 97 server_hostname=server_hostname, 98 parent_context=self, 99 server_side=False, 100 ssl_context=ossl_context, 101 ) 102 103 @property 104 def insecure_configuration(self) -> InsecureConfiguration: 105 """The insecure configuration options that will make this context insecure.""" 106 return self._insecure_config 107 108 109class OpenSSLInsecureServerContext(OpenSSLServerContext): 110 """ 111 Class allowing users to make insecure choices using the stdlib OpenSSL-based implementation. 112 """ 113 114 def __init__( 115 self, 116 tls_configuration: TLSServerConfiguration, 117 insecure_configuration: InsecureConfiguration, 118 ) -> None: 119 """ 120 Create a new insecure context object from a given TLS configuration and 121 insecure configuration.""" 122 warnings.warn( 123 "Using an insecure Server Context is insecure and should not be used in production.", 124 SecurityWarning, 125 ) 126 127 self._insecure_config = insecure_configuration 128 super().__init__(tls_configuration) 129 130 def connect(self, address: tuple[str | None, int]) -> OpenSSLTLSSocket: 131 """Create a socket-like object that can be used to do TLS.""" 132 warnings.warn( 133 "You are connecting using an insecure Server Context. \ 134 This is insecure and should not be used in production.", 135 SecurityWarning, 136 ) 137 138 ossl_context = _init_context_server(self._configuration) 139 140 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 141 142 return OpenSSLTLSSocket._create( 143 parent_context=self, 144 server_side=True, 145 ssl_context=ossl_context, 146 address=address, 147 ) 148 149 def create_buffer(self) -> OpenSSLTLSBuffer: 150 """Creates an insecure TLSBuffer that acts as an in-memory channel, 151 and contains information about the TLS exchange 152 (cipher, negotiated_protocol, negotiated_tls_version, etc.).""" 153 warnings.warn( 154 "You are creating a TLSBuffer using an insecure Server Context. \ 155 This is insecure and should not be used in production.", 156 SecurityWarning, 157 ) 158 159 ossl_context = _init_context_server(self._configuration) 160 161 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 162 163 return OpenSSLTLSBuffer._create( 164 server_hostname=None, 165 parent_context=self, 166 server_side=True, 167 ssl_context=ossl_context, 168 ) 169 170 @property 171 def insecure_configuration(self) -> InsecureConfiguration: 172 """The insecure configuration options that will make this context insecure.""" 173 return self._insecure_config 174 175 176#: The stdlib ``InsecureTLSImplementation`` object. 177STDLIB_INSECURE_IMPLEMENTATION = InsecureTLSImplementation( 178 client_context=OpenSSLClientContext, 179 server_context=OpenSSLServerContext, 180 validate_config=validate_config, 181 insecure_client_context=OpenSSLInsecureClientContext, 182 insecure_server_context=OpenSSLInsecureServerContext, 183)
42class OpenSSLInsecureClientContext(OpenSSLClientContext): 43 """ 44 Class allowing users to make insecure choices using the stdlib OpenSSL-based implementation. 45 """ 46 47 def __init__( 48 self, 49 tls_configuration: TLSClientConfiguration, 50 insecure_configuration: InsecureConfiguration, 51 ) -> None: 52 """ 53 Create a new insecure context object from a given TLS configuration and 54 insecure configuration.""" 55 warnings.warn( 56 "Using an insecure Client Context is insecure and should not be used in production.", 57 SecurityWarning, 58 ) 59 60 self._insecure_config = insecure_configuration 61 super().__init__(tls_configuration) 62 63 def connect(self, address: tuple[str | None, int]) -> OpenSSLTLSSocket: 64 """Create an insecure socket-like object that can be used to do TLS.""" 65 warnings.warn( 66 "You are connecting using an insecure Client Context. \ 67 This is insecure and should not be used in production.", 68 SecurityWarning, 69 ) 70 71 ossl_context = _init_context_client(self._configuration) 72 73 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 74 75 return OpenSSLTLSSocket._create( 76 parent_context=self, 77 server_side=False, 78 ssl_context=ossl_context, 79 address=address, 80 ) 81 82 def create_buffer(self, server_hostname: str) -> OpenSSLTLSBuffer: 83 """Creates an insecure TLSBuffer that acts as an in-memory channel, 84 and contains information about the TLS exchange 85 (cipher, negotiated_protocol, negotiated_tls_version, etc.).""" 86 87 warnings.warn( 88 "You are creating a TLSBuffer using an insecure Server Context. \ 89 This is insecure and should not be used in production.", 90 SecurityWarning, 91 ) 92 93 ossl_context = _init_context_client(self._configuration) 94 95 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 96 97 return OpenSSLTLSBuffer._create( 98 server_hostname=server_hostname, 99 parent_context=self, 100 server_side=False, 101 ssl_context=ossl_context, 102 ) 103 104 @property 105 def insecure_configuration(self) -> InsecureConfiguration: 106 """The insecure configuration options that will make this context insecure.""" 107 return self._insecure_config
Class allowing users to make insecure choices using the stdlib OpenSSL-based implementation.
OpenSSLInsecureClientContext( tls_configuration: tlslib.tlslib.TLSClientConfiguration, insecure_configuration: tlslib.insecure.InsecureConfiguration)
47 def __init__( 48 self, 49 tls_configuration: TLSClientConfiguration, 50 insecure_configuration: InsecureConfiguration, 51 ) -> None: 52 """ 53 Create a new insecure context object from a given TLS configuration and 54 insecure configuration.""" 55 warnings.warn( 56 "Using an insecure Client Context is insecure and should not be used in production.", 57 SecurityWarning, 58 ) 59 60 self._insecure_config = insecure_configuration 61 super().__init__(tls_configuration)
Create a new insecure context object from a given TLS configuration and insecure configuration.
63 def connect(self, address: tuple[str | None, int]) -> OpenSSLTLSSocket: 64 """Create an insecure socket-like object that can be used to do TLS.""" 65 warnings.warn( 66 "You are connecting using an insecure Client Context. \ 67 This is insecure and should not be used in production.", 68 SecurityWarning, 69 ) 70 71 ossl_context = _init_context_client(self._configuration) 72 73 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 74 75 return OpenSSLTLSSocket._create( 76 parent_context=self, 77 server_side=False, 78 ssl_context=ossl_context, 79 address=address, 80 )
Create an insecure socket-like object that can be used to do TLS.
82 def create_buffer(self, server_hostname: str) -> OpenSSLTLSBuffer: 83 """Creates an insecure TLSBuffer that acts as an in-memory channel, 84 and contains information about the TLS exchange 85 (cipher, negotiated_protocol, negotiated_tls_version, etc.).""" 86 87 warnings.warn( 88 "You are creating a TLSBuffer using an insecure Server Context. \ 89 This is insecure and should not be used in production.", 90 SecurityWarning, 91 ) 92 93 ossl_context = _init_context_client(self._configuration) 94 95 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 96 97 return OpenSSLTLSBuffer._create( 98 server_hostname=server_hostname, 99 parent_context=self, 100 server_side=False, 101 ssl_context=ossl_context, 102 )
Creates an insecure TLSBuffer that acts as an in-memory channel, and contains information about the TLS exchange (cipher, negotiated_protocol, negotiated_tls_version, etc.).
insecure_configuration: tlslib.insecure.InsecureConfiguration
104 @property 105 def insecure_configuration(self) -> InsecureConfiguration: 106 """The insecure configuration options that will make this context insecure.""" 107 return self._insecure_config
The insecure configuration options that will make this context insecure.
Inherited Members
110class OpenSSLInsecureServerContext(OpenSSLServerContext): 111 """ 112 Class allowing users to make insecure choices using the stdlib OpenSSL-based implementation. 113 """ 114 115 def __init__( 116 self, 117 tls_configuration: TLSServerConfiguration, 118 insecure_configuration: InsecureConfiguration, 119 ) -> None: 120 """ 121 Create a new insecure context object from a given TLS configuration and 122 insecure configuration.""" 123 warnings.warn( 124 "Using an insecure Server Context is insecure and should not be used in production.", 125 SecurityWarning, 126 ) 127 128 self._insecure_config = insecure_configuration 129 super().__init__(tls_configuration) 130 131 def connect(self, address: tuple[str | None, int]) -> OpenSSLTLSSocket: 132 """Create a socket-like object that can be used to do TLS.""" 133 warnings.warn( 134 "You are connecting using an insecure Server Context. \ 135 This is insecure and should not be used in production.", 136 SecurityWarning, 137 ) 138 139 ossl_context = _init_context_server(self._configuration) 140 141 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 142 143 return OpenSSLTLSSocket._create( 144 parent_context=self, 145 server_side=True, 146 ssl_context=ossl_context, 147 address=address, 148 ) 149 150 def create_buffer(self) -> OpenSSLTLSBuffer: 151 """Creates an insecure TLSBuffer that acts as an in-memory channel, 152 and contains information about the TLS exchange 153 (cipher, negotiated_protocol, negotiated_tls_version, etc.).""" 154 warnings.warn( 155 "You are creating a TLSBuffer using an insecure Server Context. \ 156 This is insecure and should not be used in production.", 157 SecurityWarning, 158 ) 159 160 ossl_context = _init_context_server(self._configuration) 161 162 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 163 164 return OpenSSLTLSBuffer._create( 165 server_hostname=None, 166 parent_context=self, 167 server_side=True, 168 ssl_context=ossl_context, 169 ) 170 171 @property 172 def insecure_configuration(self) -> InsecureConfiguration: 173 """The insecure configuration options that will make this context insecure.""" 174 return self._insecure_config
Class allowing users to make insecure choices using the stdlib OpenSSL-based implementation.
OpenSSLInsecureServerContext( tls_configuration: tlslib.tlslib.TLSServerConfiguration, insecure_configuration: tlslib.insecure.InsecureConfiguration)
115 def __init__( 116 self, 117 tls_configuration: TLSServerConfiguration, 118 insecure_configuration: InsecureConfiguration, 119 ) -> None: 120 """ 121 Create a new insecure context object from a given TLS configuration and 122 insecure configuration.""" 123 warnings.warn( 124 "Using an insecure Server Context is insecure and should not be used in production.", 125 SecurityWarning, 126 ) 127 128 self._insecure_config = insecure_configuration 129 super().__init__(tls_configuration)
Create a new insecure context object from a given TLS configuration and insecure configuration.
131 def connect(self, address: tuple[str | None, int]) -> OpenSSLTLSSocket: 132 """Create a socket-like object that can be used to do TLS.""" 133 warnings.warn( 134 "You are connecting using an insecure Server Context. \ 135 This is insecure and should not be used in production.", 136 SecurityWarning, 137 ) 138 139 ossl_context = _init_context_server(self._configuration) 140 141 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 142 143 return OpenSSLTLSSocket._create( 144 parent_context=self, 145 server_side=True, 146 ssl_context=ossl_context, 147 address=address, 148 )
Create a socket-like object that can be used to do TLS.
150 def create_buffer(self) -> OpenSSLTLSBuffer: 151 """Creates an insecure TLSBuffer that acts as an in-memory channel, 152 and contains information about the TLS exchange 153 (cipher, negotiated_protocol, negotiated_tls_version, etc.).""" 154 warnings.warn( 155 "You are creating a TLSBuffer using an insecure Server Context. \ 156 This is insecure and should not be used in production.", 157 SecurityWarning, 158 ) 159 160 ossl_context = _init_context_server(self._configuration) 161 162 ossl_context = _apply_insecure_config(ossl_context, self._insecure_config) 163 164 return OpenSSLTLSBuffer._create( 165 server_hostname=None, 166 parent_context=self, 167 server_side=True, 168 ssl_context=ossl_context, 169 )
Creates an insecure TLSBuffer that acts as an in-memory channel, and contains information about the TLS exchange (cipher, negotiated_protocol, negotiated_tls_version, etc.).
insecure_configuration: tlslib.insecure.InsecureConfiguration
171 @property 172 def insecure_configuration(self) -> InsecureConfiguration: 173 """The insecure configuration options that will make this context insecure.""" 174 return self._insecure_config
The insecure configuration options that will make this context insecure.
Inherited Members
STDLIB_INSECURE_IMPLEMENTATION =
<tlslib.insecure.InsecureTLSImplementation object>