From: Benjamin Peterson <benjamin@python.org>
Date: Mon, 3 Nov 2014 19:36:48 +0000 (-0500)
Subject: merge 3.4 (#22417)
X-Git-Tag: v3.5.0a1~530
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1cca273669598978f6dfc1d1aad92e02a84bbe04;p=thirdparty%2FPython%2Fcpython.git

merge 3.4 (#22417)
---

1cca273669598978f6dfc1d1aad92e02a84bbe04
diff --cc Lib/ssl.py
index d2ad402b39a7,b6e6f1695d06..726bc7b106fc
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@@ -478,129 -479,14 +477,136 @@@ def _create_unverified_context(protocol
  
      return context
  
+ # Used by http.client if no context is explicitly passed.
+ _create_default_https_context = create_default_context
+ 
+ 
+ # Backwards compatibility alias, even though it's not a public name.
+ _create_stdlib_context = _create_unverified_context
+ 
  
 +class SSLObject:
 +    """This class implements an interface on top of a low-level SSL object as
 +    implemented by OpenSSL. This object captures the state of an SSL connection
 +    but does not provide any network IO itself. IO needs to be performed
 +    through separate "BIO" objects which are OpenSSL's IO abstraction layer.
 +
 +    This class does not have a public constructor. Instances are returned by
 +    ``SSLContext.wrap_bio``. This class is typically used by framework authors
 +    that want to implement asynchronous IO for SSL through memory buffers.
 +
 +    When compared to ``SSLSocket``, this object lacks the following features:
 +
 +     * Any form of network IO incluging methods such as ``recv`` and ``send``.
 +     * The ``do_handshake_on_connect`` and ``suppress_ragged_eofs`` machinery.
 +    """
 +
 +    def __init__(self, sslobj, owner=None):
 +        self._sslobj = sslobj
 +        # Note: _sslobj takes a weak reference to owner
 +        self._sslobj.owner = owner or self
 +
 +    @property
 +    def context(self):
 +        """The SSLContext that is currently in use."""
 +        return self._sslobj.context
 +
 +    @context.setter
 +    def context(self, ctx):
 +        self._sslobj.context = ctx
 +
 +    @property
 +    def server_side(self):
 +        """Whether this is a server-side socket."""
 +        return self._sslobj.server_side
 +
 +    @property
 +    def server_hostname(self):
 +        """The currently set server hostname (for SNI), or ``None`` if no
 +        server hostame is set."""
 +        return self._sslobj.server_hostname
 +
 +    def read(self, len=0, buffer=None):
 +        """Read up to 'len' bytes from the SSL object and return them.
 +
 +        If 'buffer' is provided, read into this buffer and return the number of
 +        bytes read.
 +        """
 +        if buffer is not None:
 +            v = self._sslobj.read(len, buffer)
 +        else:
 +            v = self._sslobj.read(len or 1024)
 +        return v
 +
 +    def write(self, data):
 +        """Write 'data' to the SSL object and return the number of bytes
 +        written.
 +
 +        The 'data' argument must support the buffer interface.
 +        """
 +        return self._sslobj.write(data)
 +
 +    def getpeercert(self, binary_form=False):
 +        """Returns a formatted version of the data in the certificate provided
 +        by the other end of the SSL channel.
 +
 +        Return None if no certificate was provided, {} if a certificate was
 +        provided, but not validated.
 +        """
 +        return self._sslobj.peer_certificate(binary_form)
 +
 +    def selected_npn_protocol(self):
 +        """Return the currently selected NPN protocol as a string, or ``None``
 +        if a next protocol was not negotiated or if NPN is not supported by one
 +        of the peers."""
 +        if _ssl.HAS_NPN:
 +            return self._sslobj.selected_npn_protocol()
 +
 +    def cipher(self):
 +        """Return the currently selected cipher as a 3-tuple ``(name,
 +        ssl_version, secret_bits)``."""
 +        return self._sslobj.cipher()
 +
 +    def compression(self):
 +        """Return the current compression algorithm in use, or ``None`` if
 +        compression was not negotiated or not supported by one of the peers."""
 +        return self._sslobj.compression()
 +
 +    def pending(self):
 +        """Return the number of bytes that can be read immediately."""
 +        return self._sslobj.pending()
 +
 +    def do_handshake(self):
 +        """Start the SSL/TLS handshake."""
 +        self._sslobj.do_handshake()
 +        if self.context.check_hostname:
 +            if not self.server_hostname:
 +                raise ValueError("check_hostname needs server_hostname "
 +                                 "argument")
 +            match_hostname(self.getpeercert(), self.server_hostname)
 +
 +    def unwrap(self):
 +        """Start the SSL shutdown handshake."""
 +        return self._sslobj.shutdown()
 +
 +    def get_channel_binding(self, cb_type="tls-unique"):
 +        """Get channel binding data for current connection.  Raise ValueError
 +        if the requested `cb_type` is not supported.  Return bytes of the data
 +        or None if the data is not available (e.g. before the handshake)."""
 +        if cb_type not in CHANNEL_BINDING_TYPES:
 +            raise ValueError("Unsupported channel binding type")
 +        if cb_type != "tls-unique":
 +            raise NotImplementedError(
 +                            "{0} channel binding type not implemented"
 +                            .format(cb_type))
 +        return self._sslobj.tls_unique_cb()
 +
 +    def version(self):
 +        """Return a string identifying the protocol version used by the
 +        current SSL channel. """
 +        return self._sslobj.version()
 +
 +
  class SSLSocket(socket):
      """This class implements a subtype of socket.socket that wraps
      the underlying OS socket in an SSL context when necessary, and