This module provides access to Transport Layer Security (previously and widely known as “Secure Sockets Layer”) encryption and peer authentication facilities for network sockets, both client-side and server-side.
Create a context object containing settings applicable across a number of individual TLS/SSL connections (sockets). For example, this includes server certificate and private key - all connections to this server will share this certificate and key.
Set certificate and corresponding private key to use for this context:
- cert - TLS certificate in binary DER encoding. The certificate is mandatory for server and optional for client.
- key - TLS private key in binary DER encoding. The key is mandatory for server and optional for client.
Difference to CPython: CPython uses a different method and loads certificate/key from a file. In Pycopy, you need to pass the certificate/key content directly.
wrap_socket(sock, server_side=False, server_hostname=None, do_handshake=True)¶
SOCK_STREAMtype), and returns an instance of ssl.SSLSocket, which wraps the underlying stream in an SSL context. Returned object has the usual
streaminterface methods like
write(), etc. In Pycopy, the returned object does not expose socket interface and methods like
listen(), etc. In particular, a server-side SSL socket should be created from a normal socket returned from
accept()on a non-SSL listening server socket.
- server_side -
Falsefor client TLS socket,
Truefor server socket.
- server_hostname - For client sockets, hostname of the server being connected to, to allow virtual TLS hosts. This features is known as Server Name Indication (SNI).
- do_handshake - Whether to perform TLS handshake automatically, default is
True. Setting this to
Falseis required for truly non-blocking TLS handling. Difference to CPython: In CPython, this parameter is named too verbosely as do_handshake_on_connect.
Depending on the underlying module implementation in a particular Pycopy port, some or all keyword arguments above may be not supported.
- server_side -
Some implementations of
ussl module do NOT validate server certificates,
which makes an SSL connection established prone to man-in-the-middle attacks.