ssl
index
/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py
Module Docs

This module provides some more Pythonic support for SSL.
 
Object types:
 
  SSLSocket -- subtype of socket.socket which does SSL over the socket
 
Exceptions:
 
  SSLError -- exception raised for I/O errors
 
Functions:
 
  cert_time_to_seconds -- convert time string used for certificate
                          notBefore and notAfter functions to integer
                          seconds past the Epoch (the time values
                          returned from time.time())
 
  fetch_server_certificate (HOST, PORT) -- fetch the certificate provided
                          by the server running on HOST at port PORT.  No
                          validation of the certificate is performed.
 
Integer constants:
 
SSL_ERROR_ZERO_RETURN
SSL_ERROR_WANT_READ
SSL_ERROR_WANT_WRITE
SSL_ERROR_WANT_X509_LOOKUP
SSL_ERROR_SYSCALL
SSL_ERROR_SSL
SSL_ERROR_WANT_CONNECT
 
SSL_ERROR_EOF
SSL_ERROR_INVALID_ERROR_CODE
 
The following group define certificate requirements that one side is
allowing/requiring from the other side:
 
CERT_NONE - no certificates from the other side are required (or will
            be looked at if provided)
CERT_OPTIONAL - certificates are not required, but if provided will be
                validated, and if validation fails, the connection will
                also fail
CERT_REQUIRED - certificates are required, and will be validated, and
                if validation fails, the connection will also fail
 
The following constants identify various SSL protocol variants:
 
PROTOCOL_SSLv2
PROTOCOL_SSLv3
PROTOCOL_SSLv23
PROTOCOL_TLSv1
PROTOCOL_TLSv1_1
PROTOCOL_TLSv1_2
 
The following constants identify various SSL alert message descriptions as per
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
 
ALERT_DESCRIPTION_CLOSE_NOTIFY
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE
ALERT_DESCRIPTION_BAD_RECORD_MAC
ALERT_DESCRIPTION_RECORD_OVERFLOW
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE
ALERT_DESCRIPTION_HANDSHAKE_FAILURE
ALERT_DESCRIPTION_BAD_CERTIFICATE
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE
ALERT_DESCRIPTION_CERTIFICATE_REVOKED
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN
ALERT_DESCRIPTION_ILLEGAL_PARAMETER
ALERT_DESCRIPTION_UNKNOWN_CA
ALERT_DESCRIPTION_ACCESS_DENIED
ALERT_DESCRIPTION_DECODE_ERROR
ALERT_DESCRIPTION_DECRYPT_ERROR
ALERT_DESCRIPTION_PROTOCOL_VERSION
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY
ALERT_DESCRIPTION_INTERNAL_ERROR
ALERT_DESCRIPTION_USER_CANCELLED
ALERT_DESCRIPTION_NO_RENEGOTIATION
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE
ALERT_DESCRIPTION_UNRECOGNIZED_NAME
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY

 
Modules
       
_ssl
base64
errno
os
re
sys
textwrap

 
Classes
       
__builtin__.tuple(__builtin__.object)
DefaultVerifyPaths
_ssl._SSLContext(__builtin__.object)
SSLContext
exceptions.ValueError(exceptions.StandardError)
CertificateError
socket._socketobject(__builtin__.object)
SSLSocket
socket.error(exceptions.IOError)
SSLError
SSLEOFError
SSLSyscallError
SSLWantReadError
SSLWantWriteError
SSLZeroReturnError
_ASN1Object(_ASN1Object)
Purpose

 
class CertificateError(exceptions.ValueError)
    
Method resolution order:
CertificateError
exceptions.ValueError
exceptions.StandardError
exceptions.Exception
exceptions.BaseException
__builtin__.object

Data descriptors defined here:
__weakref__
list of weak references to the object (if defined)

Methods inherited from exceptions.ValueError:
__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

Data and other attributes inherited from exceptions.ValueError:
__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.BaseException:
__delattr__(...)
x.__delattr__('name') <==> del x.name
__getattribute__(...)
x.__getattribute__('name') <==> x.name
__getitem__(...)
x.__getitem__(y) <==> x[y]
__getslice__(...)
x.__getslice__(i, j) <==> x[i:j]
 
Use of negative indices is not supported.
__reduce__(...)
__repr__(...)
x.__repr__() <==> repr(x)
__setattr__(...)
x.__setattr__('name', value) <==> x.name = value
__setstate__(...)
__str__(...)
x.__str__() <==> str(x)
__unicode__(...)

Data descriptors inherited from exceptions.BaseException:
__dict__
args
message

 
class DefaultVerifyPaths(__builtin__.tuple)
    DefaultVerifyPaths(cafile, capath, openssl_cafile_env, openssl_cafile, openssl_capath_env, openssl_capath)
 
 
Method resolution order:
DefaultVerifyPaths
__builtin__.tuple
__builtin__.object

Methods defined here:
__getnewargs__(self)
Return self as a plain tuple.  Used by copy and pickle.
__getstate__(self)
Exclude the OrderedDict from pickling
__repr__(self)
Return a nicely formatted representation string
_asdict(self)
Return a new OrderedDict which maps field names to their values
_replace(_self, **kwds)
Return a new DefaultVerifyPaths object replacing specified fields with new values

Class methods defined here:
_make(cls, iterable, new=<built-in method __new__ of type object>, len=<built-in function len>) from __builtin__.type
Make a new DefaultVerifyPaths object from a sequence or iterable

Static methods defined here:
__new__(_cls, cafile, capath, openssl_cafile_env, openssl_cafile, openssl_capath_env, openssl_capath)
Create new instance of DefaultVerifyPaths(cafile, capath, openssl_cafile_env, openssl_cafile, openssl_capath_env, openssl_capath)

Data descriptors defined here:
__dict__
Return a new OrderedDict which maps field names to their values
cafile
Alias for field number 0
capath
Alias for field number 1
openssl_cafile
Alias for field number 3
openssl_cafile_env
Alias for field number 2
openssl_capath
Alias for field number 5
openssl_capath_env
Alias for field number 4

Data and other attributes defined here:
_fields = ('cafile', 'capath', 'openssl_cafile_env', 'openssl_cafile', 'openssl_capath_env', 'openssl_capath')

Methods inherited from __builtin__.tuple:
__add__(...)
x.__add__(y) <==> x+y
__contains__(...)
x.__contains__(y) <==> y in x
__eq__(...)
x.__eq__(y) <==> x==y
__ge__(...)
x.__ge__(y) <==> x>=y
__getattribute__(...)
x.__getattribute__('name') <==> x.name
__getitem__(...)
x.__getitem__(y) <==> x[y]
__getslice__(...)
x.__getslice__(i, j) <==> x[i:j]
 
Use of negative indices is not supported.
__gt__(...)
x.__gt__(y) <==> x>y
__hash__(...)
x.__hash__() <==> hash(x)
__iter__(...)
x.__iter__() <==> iter(x)
__le__(...)
x.__le__(y) <==> x<=y
__len__(...)
x.__len__() <==> len(x)
__lt__(...)
x.__lt__(y) <==> x<y
__mul__(...)
x.__mul__(n) <==> x*n
__ne__(...)
x.__ne__(y) <==> x!=y
__rmul__(...)
x.__rmul__(n) <==> n*x
count(...)
T.count(value) -> integer -- return number of occurrences of value
index(...)
T.index(value, [start, [stop]]) -> integer -- return first index of value.
Raises ValueError if the value is not present.

 
class Purpose(_ASN1Object)
    SSLContext purpose flags with X509v3 Extended Key Usage objects
 
 
Method resolution order:
Purpose
_ASN1Object
_ASN1Object
__builtin__.tuple
__builtin__.object

Data descriptors defined here:
__dict__
dictionary for instance variables (if defined)

Data and other attributes defined here:
CLIENT_AUTH = _ASN1Object(nid=130, shortname='clientAuth', lon... Client Authentication', oid='1.3.6.1.5.5.7.3.2')
SERVER_AUTH = _ASN1Object(nid=129, shortname='serverAuth', lon... Server Authentication', oid='1.3.6.1.5.5.7.3.1')

Class methods inherited from _ASN1Object:
fromname(cls, name) from __builtin__.type
Create _ASN1Object from short name, long name or OID
fromnid(cls, nid) from __builtin__.type
Create _ASN1Object from OpenSSL numeric ID

Static methods inherited from _ASN1Object:
__new__(cls, oid)

Methods inherited from _ASN1Object:
__getnewargs__(self)
Return self as a plain tuple.  Used by copy and pickle.
__getstate__(self)
Exclude the OrderedDict from pickling
__repr__(self)
Return a nicely formatted representation string
_asdict(self)
Return a new OrderedDict which maps field names to their values
_replace(_self, **kwds)
Return a new _ASN1Object object replacing specified fields with new values

Class methods inherited from _ASN1Object:
_make(cls, iterable, new=<built-in method __new__ of type object>, len=<built-in function len>) from __builtin__.type
Make a new _ASN1Object object from a sequence or iterable

Data descriptors inherited from _ASN1Object:
longname
Alias for field number 2
nid
Alias for field number 0
oid
Alias for field number 3
shortname
Alias for field number 1

Data and other attributes inherited from _ASN1Object:
_fields = ('nid', 'shortname', 'longname', 'oid')

Methods inherited from __builtin__.tuple:
__add__(...)
x.__add__(y) <==> x+y
__contains__(...)
x.__contains__(y) <==> y in x
__eq__(...)
x.__eq__(y) <==> x==y
__ge__(...)
x.__ge__(y) <==> x>=y
__getattribute__(...)
x.__getattribute__('name') <==> x.name
__getitem__(...)
x.__getitem__(y) <==> x[y]
__getslice__(...)
x.__getslice__(i, j) <==> x[i:j]
 
Use of negative indices is not supported.
__gt__(...)
x.__gt__(y) <==> x>y
__hash__(...)
x.__hash__() <==> hash(x)
__iter__(...)
x.__iter__() <==> iter(x)
__le__(...)
x.__le__(y) <==> x<=y
__len__(...)
x.__len__() <==> len(x)
__lt__(...)
x.__lt__(y) <==> x<y
__mul__(...)
x.__mul__(n) <==> x*n
__ne__(...)
x.__ne__(y) <==> x!=y
__rmul__(...)
x.__rmul__(n) <==> n*x
count(...)
T.count(value) -> integer -- return number of occurrences of value
index(...)
T.index(value, [start, [stop]]) -> integer -- return first index of value.
Raises ValueError if the value is not present.

 
class SSLContext(_ssl._SSLContext)
    An SSLContext holds various SSL-related configuration options and
data, such as certificates and possibly a private key.
 
 
Method resolution order:
SSLContext
_ssl._SSLContext
__builtin__.object

Methods defined here:
__init__(self, protocol)
load_default_certs(self, purpose=_ASN1Object(nid=129, shortname='serverAuth', lon... Server Authentication', oid='1.3.6.1.5.5.7.3.1'))
set_alpn_protocols(self, alpn_protocols)
set_npn_protocols(self, npn_protocols)
wrap_socket(self, sock, server_side=False, do_handshake_on_connect=True, suppress_ragged_eofs=True, server_hostname=None)

Static methods defined here:
__new__(cls, protocol, *args, **kwargs)

Data descriptors defined here:
__weakref__
list of weak references to the object (if defined)
protocol

Methods inherited from _ssl._SSLContext:
cert_store_stats(...)
cert_store_stats() -> {'crl': int, 'x509_ca': int, 'x509': int}
 
Returns quantities of loaded X.509 certificates. X.509 certificates with a
CA extension and certificate revocation lists inside the context's cert
store.
NOTE: Certificates in a capath directory aren't loaded unless they have
been used at least once.
get_ca_certs(...)
get_ca_certs(binary_form=False) -> list of loaded certificate
 
Returns a list of dicts with information of loaded CA certs. If the
optional argument is True, returns a DER-encoded copy of the CA certificate.
NOTE: Certificates in a capath directory aren't loaded unless they have
been used at least once.
load_cert_chain(...)
load_dh_params(...)
load_verify_locations(...)
session_stats(...)
set_ciphers(...)
set_default_verify_paths(...)
set_ecdh_curve(...)
set_servername_callback(...)
set_servername_callback(method)
 
This sets a callback that will be called when a server name is provided by
the SSL/TLS client in the SNI extension.
 
If the argument is None then the callback is disabled. The method is called
with the SSLSocket, the server name as a string, and the SSLContext object.
See RFC 6066 for details of the SNI extension.

Data descriptors inherited from _ssl._SSLContext:
check_hostname
options
verify_flags
verify_mode

 
class SSLEOFError(SSLError)
    SSL/TLS connection terminated abruptly.
 
 
Method resolution order:
SSLEOFError
SSLError
socket.error
exceptions.IOError
exceptions.EnvironmentError
exceptions.StandardError
exceptions.Exception
exceptions.BaseException
__builtin__.object

Data descriptors inherited from socket.error:
__weakref__
list of weak references to the object (if defined)

Methods inherited from exceptions.IOError:
__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

Data and other attributes inherited from exceptions.IOError:
__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.EnvironmentError:
__reduce__(...)
__str__(...)
x.__str__() <==> str(x)

Data descriptors inherited from exceptions.EnvironmentError:
errno
exception errno
filename
exception filename
strerror
exception strerror

Methods inherited from exceptions.BaseException:
__delattr__(...)
x.__delattr__('name') <==> del x.name
__getattribute__(...)
x.__getattribute__('name') <==> x.name
__getitem__(...)
x.__getitem__(y) <==> x[y]
__getslice__(...)
x.__getslice__(i, j) <==> x[i:j]
 
Use of negative indices is not supported.
__repr__(...)
x.__repr__() <==> repr(x)
__setattr__(...)
x.__setattr__('name', value) <==> x.name = value
__setstate__(...)
__unicode__(...)

Data descriptors inherited from exceptions.BaseException:
__dict__
args
message

 
class SSLError(socket.error)
    An error occurred in the SSL implementation.
 
 
Method resolution order:
SSLError
socket.error
exceptions.IOError
exceptions.EnvironmentError
exceptions.StandardError
exceptions.Exception
exceptions.BaseException
__builtin__.object

Data descriptors inherited from socket.error:
__weakref__
list of weak references to the object (if defined)

Methods inherited from exceptions.IOError:
__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

Data and other attributes inherited from exceptions.IOError:
__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.EnvironmentError:
__reduce__(...)
__str__(...)
x.__str__() <==> str(x)

Data descriptors inherited from exceptions.EnvironmentError:
errno
exception errno
filename
exception filename
strerror
exception strerror

Methods inherited from exceptions.BaseException:
__delattr__(...)
x.__delattr__('name') <==> del x.name
__getattribute__(...)
x.__getattribute__('name') <==> x.name
__getitem__(...)
x.__getitem__(y) <==> x[y]
__getslice__(...)
x.__getslice__(i, j) <==> x[i:j]
 
Use of negative indices is not supported.
__repr__(...)
x.__repr__() <==> repr(x)
__setattr__(...)
x.__setattr__('name', value) <==> x.name = value
__setstate__(...)
__unicode__(...)

Data descriptors inherited from exceptions.BaseException:
__dict__
args
message

 
class SSLSocket(socket._socketobject)
    This class implements a subtype of socket.socket that wraps
the underlying OS socket in an SSL context when necessary, and
provides read and write methods over that channel.
 
 
Method resolution order:
SSLSocket
socket._socketobject
__builtin__.object

Methods defined here:
__init__(self, sock=None, keyfile=None, certfile=None, server_side=False, cert_reqs=0, ssl_version=2, ca_certs=None, do_handshake_on_connect=True, family=2, type=1, proto=0, fileno=None, suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, server_hostname=None, _context=None)
accept(self)
Accepts a new connection from a remote client, and returns
tuple containing that new connection wrapped with a server-side
SSL channel, and the address of the remote client.
cipher(self)
close(self)
compression(self)
connect(self, addr)
Connects to remote ADDR, and then wraps the connection in
an SSL channel.
connect_ex(self, addr)
Connects to remote ADDR, and then wraps the connection in
an SSL channel.
do_handshake(self, block=False)
Perform a TLS/SSL handshake.
dup(self)
get_channel_binding(self, cb_type='tls-unique')
Get channel binding data for current connection.  Raise ValueError
if the requested `cb_type` is not supported.  Return bytes of the data
or None if the data is not available (e.g. before the handshake).
getpeercert(self, binary_form=False)
Returns a formatted version of the data in the
certificate provided by the other end of the SSL channel.
Return None if no certificate was provided, {} if a
certificate was provided, but not validated.
makefile(self, mode='r', bufsize=-1)
Make and return a file-like object that
works with the SSL connection.  Just use the code
from the socket module.
pending(self)
read(self, len=0, buffer=None)
Read up to LEN bytes and return them.
Return zero-length string on EOF.
recv(self, buflen=1024, flags=0)
recv_into(self, buffer, nbytes=None, flags=0)
recvfrom(self, buflen=1024, flags=0)
recvfrom_into(self, buffer, nbytes=None, flags=0)
selected_alpn_protocol(self)
selected_npn_protocol(self)
send(self, data, flags=0)
sendall(self, data, flags=0)
sendto(self, data, flags_or_addr, addr=None)
shutdown(self, how)
unwrap(self)
version(self)
Return a string identifying the protocol version used by the
current SSL channel, or None if there is no established channel.
write(self, data)
Write DATA to the underlying SSL channel.  Returns
number of bytes of DATA actually transmitted.

Data descriptors defined here:
__dict__
dictionary for instance variables (if defined)
context

Methods inherited from socket._socketobject:
bind(...)
bind(address)
 
Bind the socket to a local address.  For IP sockets, the address is a
pair (host, port); the host must refer to the local host. For raw packet
sockets the address is a tuple (ifname, proto [,pkttype [,hatype]])
fileno(...)
fileno() -> integer
 
Return the integer file descriptor of the socket.
getpeername(...)
getpeername() -> address info
 
Return the address of the remote endpoint.  For IP sockets, the address
info is a pair (hostaddr, port).
getsockname(...)
getsockname() -> address info
 
Return the address of the local endpoint.  For IP sockets, the address
info is a pair (hostaddr, port).
getsockopt(...)
getsockopt(level, option[, buffersize]) -> value
 
Get a socket option.  See the Unix manual for level and option.
If a nonzero buffersize argument is given, the return value is a
string of that length; otherwise it is an integer.
gettimeout(...)
gettimeout() -> timeout
 
Returns the timeout in seconds (float) associated with socket 
operations. A timeout of None indicates that timeouts on socket 
operations are disabled.
listen(...)
listen(backlog)
 
Enable a server to accept connections.  The backlog argument must be at
least 0 (if it is lower, it is set to 0); it specifies the number of
unaccepted connections that the system will allow before refusing new
connections.
setblocking(...)
setblocking(flag)
 
Set the socket to blocking (flag is true) or non-blocking (false).
setblocking(True) is equivalent to settimeout(None);
setblocking(False) is equivalent to settimeout(0.0).
setsockopt(...)
setsockopt(level, option, value)
 
Set a socket option.  See the Unix manual for level and option.
The value argument can either be an integer or a string.
settimeout(...)
settimeout(timeout)
 
Set a timeout on socket operations.  'timeout' can be a float,
giving in seconds, or None.  Setting a timeout of None disables
the timeout feature and is equivalent to setblocking(1).
Setting a timeout of zero is the same as setblocking(0).

Data descriptors inherited from socket._socketobject:
__weakref__
list of weak references to the object (if defined)
family
the socket family
proto
the socket protocol
type
the socket type

 
class SSLSyscallError(SSLError)
    System error when attempting SSL operation.
 
 
Method resolution order:
SSLSyscallError
SSLError
socket.error
exceptions.IOError
exceptions.EnvironmentError
exceptions.StandardError
exceptions.Exception
exceptions.BaseException
__builtin__.object

Data descriptors inherited from socket.error:
__weakref__
list of weak references to the object (if defined)

Methods inherited from exceptions.IOError:
__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

Data and other attributes inherited from exceptions.IOError:
__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.EnvironmentError:
__reduce__(...)
__str__(...)
x.__str__() <==> str(x)

Data descriptors inherited from exceptions.EnvironmentError:
errno
exception errno
filename
exception filename
strerror
exception strerror

Methods inherited from exceptions.BaseException:
__delattr__(...)
x.__delattr__('name') <==> del x.name
__getattribute__(...)
x.__getattribute__('name') <==> x.name
__getitem__(...)
x.__getitem__(y) <==> x[y]
__getslice__(...)
x.__getslice__(i, j) <==> x[i:j]
 
Use of negative indices is not supported.
__repr__(...)
x.__repr__() <==> repr(x)
__setattr__(...)
x.__setattr__('name', value) <==> x.name = value
__setstate__(...)
__unicode__(...)

Data descriptors inherited from exceptions.BaseException:
__dict__
args
message

 
class SSLWantReadError(SSLError)
    Non-blocking SSL socket needs to read more data
before the requested operation can be completed.
 
 
Method resolution order:
SSLWantReadError
SSLError
socket.error
exceptions.IOError
exceptions.EnvironmentError
exceptions.StandardError
exceptions.Exception
exceptions.BaseException
__builtin__.object

Data descriptors inherited from socket.error:
__weakref__
list of weak references to the object (if defined)

Methods inherited from exceptions.IOError:
__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

Data and other attributes inherited from exceptions.IOError:
__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.EnvironmentError:
__reduce__(...)
__str__(...)
x.__str__() <==> str(x)

Data descriptors inherited from exceptions.EnvironmentError:
errno
exception errno
filename
exception filename
strerror
exception strerror

Methods inherited from exceptions.BaseException:
__delattr__(...)
x.__delattr__('name') <==> del x.name
__getattribute__(...)
x.__getattribute__('name') <==> x.name
__getitem__(...)
x.__getitem__(y) <==> x[y]
__getslice__(...)
x.__getslice__(i, j) <==> x[i:j]
 
Use of negative indices is not supported.
__repr__(...)
x.__repr__() <==> repr(x)
__setattr__(...)
x.__setattr__('name', value) <==> x.name = value
__setstate__(...)
__unicode__(...)

Data descriptors inherited from exceptions.BaseException:
__dict__
args
message

 
class SSLWantWriteError(SSLError)
    Non-blocking SSL socket needs to write more data
before the requested operation can be completed.
 
 
Method resolution order:
SSLWantWriteError
SSLError
socket.error
exceptions.IOError
exceptions.EnvironmentError
exceptions.StandardError
exceptions.Exception
exceptions.BaseException
__builtin__.object

Data descriptors inherited from socket.error:
__weakref__
list of weak references to the object (if defined)

Methods inherited from exceptions.IOError:
__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

Data and other attributes inherited from exceptions.IOError:
__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.EnvironmentError:
__reduce__(...)
__str__(...)
x.__str__() <==> str(x)

Data descriptors inherited from exceptions.EnvironmentError:
errno
exception errno
filename
exception filename
strerror
exception strerror

Methods inherited from exceptions.BaseException:
__delattr__(...)
x.__delattr__('name') <==> del x.name
__getattribute__(...)
x.__getattribute__('name') <==> x.name
__getitem__(...)
x.__getitem__(y) <==> x[y]
__getslice__(...)
x.__getslice__(i, j) <==> x[i:j]
 
Use of negative indices is not supported.
__repr__(...)
x.__repr__() <==> repr(x)
__setattr__(...)
x.__setattr__('name', value) <==> x.name = value
__setstate__(...)
__unicode__(...)

Data descriptors inherited from exceptions.BaseException:
__dict__
args
message

 
class SSLZeroReturnError(SSLError)
    SSL/TLS session closed cleanly.
 
 
Method resolution order:
SSLZeroReturnError
SSLError
socket.error
exceptions.IOError
exceptions.EnvironmentError
exceptions.StandardError
exceptions.Exception
exceptions.BaseException
__builtin__.object

Data descriptors inherited from socket.error:
__weakref__
list of weak references to the object (if defined)

Methods inherited from exceptions.IOError:
__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

Data and other attributes inherited from exceptions.IOError:
__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.EnvironmentError:
__reduce__(...)
__str__(...)
x.__str__() <==> str(x)

Data descriptors inherited from exceptions.EnvironmentError:
errno
exception errno
filename
exception filename
strerror
exception strerror

Methods inherited from exceptions.BaseException:
__delattr__(...)
x.__delattr__('name') <==> del x.name
__getattribute__(...)
x.__getattribute__('name') <==> x.name
__getitem__(...)
x.__getitem__(y) <==> x[y]
__getslice__(...)
x.__getslice__(i, j) <==> x[i:j]
 
Use of negative indices is not supported.
__repr__(...)
x.__repr__() <==> repr(x)
__setattr__(...)
x.__setattr__('name', value) <==> x.name = value
__setstate__(...)
__unicode__(...)

Data descriptors inherited from exceptions.BaseException:
__dict__
args
message

 
Functions
       
DER_cert_to_PEM_cert(der_cert_bytes)
Takes a certificate in binary DER format and returns the
PEM version of it as a string.
PEM_cert_to_DER_cert(pem_cert_string)
Takes a certificate in ASCII PEM format and returns the
DER-encoded version of it as a byte sequence
RAND_add(...)
RAND_add(string, entropy)
 
Mix string into the OpenSSL PRNG state.  entropy (a float) is a lower
bound on the entropy contained in string.  See RFC 1750.
RAND_egd(...)
RAND_egd(path) -> bytes
 
Queries the entropy gather daemon (EGD) on the socket named by 'path'.
Returns number of bytes read.  Raises SSLError if connection to EGD
fails or if it does not provide enough data to seed PRNG.
RAND_status(...)
RAND_status() -> 0 or 1
 
Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.
It is necessary to seed the PRNG with RAND_add() on some platforms before
using the ssl() function.
cert_time_to_seconds(cert_time)
Return the time in seconds since the Epoch, given the timestring
representing the "notBefore" or "notAfter" date from a certificate
in ``"%b %d %H:%M:%S %Y %Z"`` strptime format (C locale).
 
"notBefore" or "notAfter" dates must use UTC (RFC 5280).
 
Month is one of: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
UTC should be specified as GMT (see ASN1_TIME_print())
create_default_context(purpose=_ASN1Object(nid=129, shortname='serverAuth', lon... Server Authentication', oid='1.3.6.1.5.5.7.3.1'), cafile=None, capath=None, cadata=None)
Create a SSLContext object with default settings.
 
NOTE: The protocol and settings may change anytime without prior
      deprecation. The values represent a fair balance between maximum
      compatibility and security.
get_default_verify_paths()
Return paths to default cafile and capath.
get_protocol_name(protocol_code)
get_server_certificate(addr, ssl_version=2, ca_certs=None)
Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
If 'ssl_version' is specified, use it in the connection attempt.
match_hostname(cert, hostname)
Verify that *cert* (in decoded format as returned by
SSLSocket.getpeercert()) matches the *hostname*.  RFC 2818 and RFC 6125
rules are followed, but IP addresses are not accepted for *hostname*.
 
CertificateError is raised on failure. On success, the function
returns nothing.
sslwrap_simple(sock, keyfile=None, certfile=None)
A replacement for the old socket.ssl function.  Designed
for compability with Python 2.5 and earlier.  Will disappear in
Python 3.0.
wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=0, ssl_version=2, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None)

 
Data
        AF_INET = 2
ALERT_DESCRIPTION_ACCESS_DENIED = 49
ALERT_DESCRIPTION_BAD_CERTIFICATE = 42
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE = 114
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE = 113
ALERT_DESCRIPTION_BAD_RECORD_MAC = 20
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED = 45
ALERT_DESCRIPTION_CERTIFICATE_REVOKED = 44
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN = 46
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE = 111
ALERT_DESCRIPTION_CLOSE_NOTIFY = 0
ALERT_DESCRIPTION_DECODE_ERROR = 50
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE = 30
ALERT_DESCRIPTION_DECRYPT_ERROR = 51
ALERT_DESCRIPTION_HANDSHAKE_FAILURE = 40
ALERT_DESCRIPTION_ILLEGAL_PARAMETER = 47
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY = 71
ALERT_DESCRIPTION_INTERNAL_ERROR = 80
ALERT_DESCRIPTION_NO_RENEGOTIATION = 100
ALERT_DESCRIPTION_PROTOCOL_VERSION = 70
ALERT_DESCRIPTION_RECORD_OVERFLOW = 22
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE = 10
ALERT_DESCRIPTION_UNKNOWN_CA = 48
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY = 115
ALERT_DESCRIPTION_UNRECOGNIZED_NAME = 112
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE = 43
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION = 110
ALERT_DESCRIPTION_USER_CANCELLED = 90
CERT_NONE = 0
CERT_OPTIONAL = 1
CERT_REQUIRED = 2
CHANNEL_BINDING_TYPES = ['tls-unique']
HAS_ALPN = False
HAS_ECDH = True
HAS_NPN = False
HAS_SNI = True
OPENSSL_VERSION = 'OpenSSL 0.9.8zh 14 Jan 2016'
OPENSSL_VERSION_INFO = (0, 9, 8, 29, 15)
OPENSSL_VERSION_NUMBER = 9470431L
OP_ALL = 2047
OP_CIPHER_SERVER_PREFERENCE = 4194304
OP_NO_SSLv2 = 16777216
OP_NO_SSLv3 = 33554432
OP_NO_TLSv1 = 67108864
OP_SINGLE_DH_USE = 1048576
OP_SINGLE_ECDH_USE = 524288
PEM_FOOTER = '-----END CERTIFICATE-----'
PEM_HEADER = '-----BEGIN CERTIFICATE-----'
PROTOCOL_SSLv2 = 0
PROTOCOL_SSLv23 = 2
PROTOCOL_SSLv3 = 1
PROTOCOL_TLSv1 = 3
SOCK_STREAM = 1
SOL_SOCKET = 65535
SO_TYPE = 4104
SSL_ERROR_EOF = 8
SSL_ERROR_INVALID_ERROR_CODE = 10
SSL_ERROR_SSL = 1
SSL_ERROR_SYSCALL = 5
SSL_ERROR_WANT_CONNECT = 7
SSL_ERROR_WANT_READ = 2
SSL_ERROR_WANT_WRITE = 3
SSL_ERROR_WANT_X509_LOOKUP = 4
SSL_ERROR_ZERO_RETURN = 6
VERIFY_CRL_CHECK_CHAIN = 12
VERIFY_CRL_CHECK_LEAF = 4
VERIFY_DEFAULT = 0
VERIFY_X509_STRICT = 32