2018-07-04 09:06:45 +00:00
|
|
|
|
# Copyright (C) 2001-2018, Python Software Foundation
|
2018-07-04 09:08:42 +00:00
|
|
|
|
# For licence information, see README file.
|
2016-10-30 09:46:26 +00:00
|
|
|
|
#
|
|
|
|
|
msgid ""
|
|
|
|
|
msgstr ""
|
2019-12-05 22:15:54 +00:00
|
|
|
|
"Project-Id-Version: Python 3\n"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"Report-Msgid-Bugs-To: \n"
|
2023-07-23 12:39:39 +00:00
|
|
|
|
"POT-Creation-Date: 2023-07-23 14:38+0200\n"
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"PO-Revision-Date: 2020-03-30 22:31+0200\n"
|
|
|
|
|
"Last-Translator: Mathieu Dupuy <deronnax@gmail.com>\n"
|
2018-07-04 09:14:25 +00:00
|
|
|
|
"Language-Team: FRENCH <traductions@lists.afpy.org>\n"
|
2017-05-23 22:40:56 +00:00
|
|
|
|
"Language: fr\n"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"MIME-Version: 1.0\n"
|
|
|
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
|
|
|
"Content-Transfer-Encoding: 8bit\n"
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"X-Generator: Poedit 2.3\n"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2020-07-20 08:45:25 +00:00
|
|
|
|
#: library/ssl.rst:2
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":mod:`ssl` --- TLS/SSL wrapper for socket objects"
|
2020-04-01 20:58:07 +00:00
|
|
|
|
msgstr ":mod:`ssl` — Emballage TLS/SSL pour les objets connecteurs"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2020-07-20 08:45:25 +00:00
|
|
|
|
#: library/ssl.rst:10
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "**Source code:** :source:`Lib/ssl.py`"
|
|
|
|
|
msgstr "**Code source :** :source:`Lib/ssl.py`"
|
|
|
|
|
|
2020-07-20 08:45:25 +00:00
|
|
|
|
#: library/ssl.rst:18
|
2021-09-24 08:20:01 +00:00
|
|
|
|
#, fuzzy
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This module provides access to Transport Layer Security (often known as "
|
|
|
|
|
"\"Secure Sockets Layer\") encryption and peer authentication facilities for "
|
|
|
|
|
"network sockets, both client-side and server-side. This module uses the "
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"OpenSSL library. It is available on all modern Unix systems, Windows, macOS, "
|
|
|
|
|
"and probably additional platforms, as long as OpenSSL is installed on that "
|
|
|
|
|
"platform."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Ce module fournit un accès aux fonctions de chiffrement et "
|
|
|
|
|
"d'authentification entre pairs : « *Transport Layer Security* » (souvent "
|
|
|
|
|
"appelé « *Secure Sockets Layer* ») pour les connecteurs réseau, côté client "
|
|
|
|
|
"et côté serveur. Ce module utilise la bibliothèque OpenSSL. Il est "
|
|
|
|
|
"disponible sur tous les systèmes Unix modernes, Windows, Mac OS X et "
|
|
|
|
|
"probablement sur d'autres plates-formes, à condition qu'OpenSSL soit "
|
|
|
|
|
"installé sur cette plate-forme."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2020-07-20 08:45:25 +00:00
|
|
|
|
#: library/ssl.rst:26
|
2021-09-24 08:20:01 +00:00
|
|
|
|
#, fuzzy
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Some behavior may be platform dependent, since calls are made to the "
|
|
|
|
|
"operating system socket APIs. The installed version of OpenSSL may also "
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"cause variations in behavior. For example, TLSv1.3 with OpenSSL version "
|
|
|
|
|
"1.1.1."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Certains comportements peuvent dépendre de la plate-forme, car des appels "
|
|
|
|
|
"sont passés aux API de connexions du système d'exploitation. La version "
|
|
|
|
|
"installée de OpenSSL peut également entraîner des variations de "
|
|
|
|
|
"comportement. Par exemple, TLSv1.1 et TLSv1.2 sont livrés avec la version "
|
|
|
|
|
"1.0.1 de OpenSSL."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2020-07-20 08:45:25 +00:00
|
|
|
|
#: library/ssl.rst:32
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Don't use this module without reading the :ref:`ssl-security`. Doing so may "
|
|
|
|
|
"lead to a false sense of security, as the default settings of the ssl module "
|
|
|
|
|
"are not necessarily appropriate for your application."
|
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"N’utilisez pas ce module sans lire :ref:`ssl-security`. Cela pourrait créer "
|
|
|
|
|
"un faux sentiment de sécurité, car les paramètres par défaut du module *ssl* "
|
|
|
|
|
"ne sont pas nécessairement appropriés pour votre application."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-04-14 11:20:40 +00:00
|
|
|
|
#: includes/wasm-notavail.rst:3
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#, fuzzy
|
|
|
|
|
msgid ":ref:`Availability <availability>`: not Emscripten, not WASI."
|
|
|
|
|
msgstr ":ref:`Disponibilité <availability>` : Windows."
|
|
|
|
|
|
|
|
|
|
#: includes/wasm-notavail.rst:5
|
|
|
|
|
msgid ""
|
|
|
|
|
"This module does not work or is not available on WebAssembly platforms "
|
|
|
|
|
"``wasm32-emscripten`` and ``wasm32-wasi``. See :ref:`wasm-availability` for "
|
|
|
|
|
"more information."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: library/ssl.rst:38
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This section documents the objects and functions in the ``ssl`` module; for "
|
|
|
|
|
"more general information about TLS, SSL, and certificates, the reader is "
|
|
|
|
|
"referred to the documents in the \"See Also\" section at the bottom."
|
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Cette section documente les objets et les fonctions du module ``ssl``. Pour "
|
|
|
|
|
"des informations plus générales sur TLS, SSL et les certificats, le lecteur "
|
|
|
|
|
"est prié de se référer aux documents de la section « Voir Aussi » au bas de "
|
|
|
|
|
"cette page."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:42
|
2020-05-24 14:31:50 +00:00
|
|
|
|
#, fuzzy
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This module provides a class, :class:`ssl.SSLSocket`, which is derived from "
|
|
|
|
|
"the :class:`socket.socket` type, and provides a socket-like wrapper that "
|
|
|
|
|
"also encrypts and decrypts the data going over the socket with SSL. It "
|
|
|
|
|
"supports additional methods such as :meth:`getpeercert`, which retrieves the "
|
2020-05-24 14:31:50 +00:00
|
|
|
|
"certificate of the other side of the connection, and :meth:`cipher`, which "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"retrieves the cipher being used for the secure connection."
|
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Ce module fournit une classe :class:`ssl.SSLSocket`, dérivée du type :class:"
|
|
|
|
|
"`socket.socket`, ainsi qu'une enveloppe (*wrapper* en anglais) qui mime un "
|
|
|
|
|
"connecteur qui chiffre et déchiffre les données passant sur le connecteur "
|
|
|
|
|
"utilisant SSL. Il prend en charge des méthodes supplémentaires telles que :"
|
|
|
|
|
"meth:`getpeercert` qui récupère le certificat de l'autre coté de la "
|
|
|
|
|
"connexion et :meth:`cipher`, qui récupère le chiffrement utilisé pour la "
|
|
|
|
|
"connexion."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:49
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"For more sophisticated applications, the :class:`ssl.SSLContext` class helps "
|
|
|
|
|
"manage settings and certificates, which can then be inherited by SSL sockets "
|
|
|
|
|
"created through the :meth:`SSLContext.wrap_socket` method."
|
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Pour les applications plus sophistiquées, la classe :class:`ssl.SSLContext` "
|
|
|
|
|
"facilite la gestion des paramètres et des certificats, qui peuvent ensuite "
|
|
|
|
|
"être hérités par les connecteurs SSL créés via la méthode :meth:`SSLContext."
|
|
|
|
|
"wrap_socket`."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:53
|
2018-06-10 09:32:30 +00:00
|
|
|
|
msgid "Updated to support linking with OpenSSL 1.1.0"
|
2020-04-01 20:58:07 +00:00
|
|
|
|
msgstr "Mise à jour pour prendre en charge la liaison avec OpenSSL 1.1.0"
|
2018-06-10 09:32:30 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:58
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"OpenSSL 0.9.8, 1.0.0 and 1.0.1 are deprecated and no longer supported. In "
|
|
|
|
|
"the future the ssl module will require at least OpenSSL 1.0.2 or 1.1.0."
|
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"OpenSSL 0.9.8, 1.0.0 et 1.0.1 sont obsolètes et ne sont plus prises en "
|
|
|
|
|
"charge. Dans l'avenir, le module *ssl* nécessitera au minimum OpenSSL 1.0.2 "
|
|
|
|
|
"ou 1.1.0."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:64
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":pep:`644` has been implemented. The ssl module requires OpenSSL 1.1.1 or "
|
|
|
|
|
"newer."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:67
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Use of deprecated constants and functions result in deprecation warnings."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:71
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Functions, Constants, and Exceptions"
|
2020-04-01 20:58:07 +00:00
|
|
|
|
msgstr "Fonctions, constantes et exceptions"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:75
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "Socket creation"
|
2020-04-01 20:58:07 +00:00
|
|
|
|
msgstr "Création de connecteurs"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:77
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Since Python 3.2 and 2.7.9, it is recommended to use the :meth:`SSLContext."
|
|
|
|
|
"wrap_socket` of an :class:`SSLContext` instance to wrap sockets as :class:"
|
|
|
|
|
"`SSLSocket` objects. The helper functions :func:`create_default_context` "
|
|
|
|
|
"returns a new context with secure default settings. The old :func:"
|
|
|
|
|
"`wrap_socket` function is deprecated since it is both inefficient and has no "
|
|
|
|
|
"support for server name indication (SNI) and hostname matching."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Depuis Python 3.2 et 2.7.9, il est recommandé d'utiliser :meth:`SSLContext."
|
|
|
|
|
"wrap_socket` d'une instance :class:`SSLContext` pour encapsuler des "
|
|
|
|
|
"connecteurs en tant qu'objets :class:`SSLSocket`. Les fonctions auxiliaires :"
|
|
|
|
|
"func:`create_default_context` renvoient un nouveau contexte avec des "
|
|
|
|
|
"paramètres par défaut sécurisés. L'ancienne fonction :func:`wrap_socket` est "
|
|
|
|
|
"obsolète car elle est à la fois inefficace et ne prend pas en charge "
|
|
|
|
|
"l'indication de nom de serveur (SNI) et la vérification du nom de l'hôte."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:85
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "Client socket example with default context and IPv4/IPv6 dual stack::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Exemple de connecteur client avec contexte par défaut et double pile IPv4/"
|
|
|
|
|
"IPv6 ::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:98
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "Client socket example with custom context and IPv4::"
|
2020-04-01 20:58:07 +00:00
|
|
|
|
msgstr "Exemple de connecteur client avec contexte personnalisé et IPv4 ::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:110
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "Server socket example listening on localhost IPv4::"
|
2020-04-01 20:58:07 +00:00
|
|
|
|
msgstr "Exemple de connecteur serveur à l'écoute sur IPv4 *localhost* ::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:124
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "Context creation"
|
2020-04-01 20:58:07 +00:00
|
|
|
|
msgstr "Création de contexte"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:126
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"A convenience function helps create :class:`SSLContext` objects for common "
|
|
|
|
|
"purposes."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Une fonction utilitaire permettant de créer facilement des objets :class:"
|
|
|
|
|
"`SSLContext` pour des usages classiques."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:131
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"Return a new :class:`SSLContext` object with default settings for the given "
|
|
|
|
|
"*purpose*. The settings are chosen by the :mod:`ssl` module, and usually "
|
|
|
|
|
"represent a higher security level than when calling the :class:`SSLContext` "
|
|
|
|
|
"constructor directly."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Renvoie un nouvel objet :class:`SSLContext`. Le paramètre *purpose* permet "
|
|
|
|
|
"de choisir parmi un ensemble de paramètres par défaut en fonction de l'usage "
|
|
|
|
|
"souhaité. Les paramètres sont choisis par le module :mod:`ssl` et "
|
|
|
|
|
"représentent généralement un niveau de sécurité supérieur à celui utilisé "
|
|
|
|
|
"lorsque vous appelez directement le constructeur :class:`SSLContext`."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:136
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"*cafile*, *capath*, *cadata* represent optional CA certificates to trust for "
|
|
|
|
|
"certificate verification, as in :meth:`SSLContext.load_verify_locations`. "
|
|
|
|
|
"If all three are :const:`None`, this function can choose to trust the "
|
|
|
|
|
"system's default CA certificates instead."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"*cafile*, *capath*, *cadata* représentent des certificats d'autorité de "
|
|
|
|
|
"certification facultatifs approuvés pour la vérification de certificats, "
|
|
|
|
|
"comme dans :meth:`SSLContext.load_verify_locations`. Si les trois sont à :"
|
|
|
|
|
"const:`None`, cette fonction peut choisir de faire confiance aux certificats "
|
|
|
|
|
"d'autorité de certification par défaut du système."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:142
|
2021-09-24 08:20:01 +00:00
|
|
|
|
#, fuzzy
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"The settings are: :data:`PROTOCOL_TLS_CLIENT` or :data:"
|
|
|
|
|
"`PROTOCOL_TLS_SERVER`, :data:`OP_NO_SSLv2`, and :data:`OP_NO_SSLv3` with "
|
|
|
|
|
"high encryption cipher suites without RC4 and without unauthenticated cipher "
|
2023-07-23 12:39:39 +00:00
|
|
|
|
"suites. Passing :const:`~Purpose.SERVER_AUTH` as *purpose* sets :data:"
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"`~SSLContext.verify_mode` to :data:`CERT_REQUIRED` and either loads CA "
|
|
|
|
|
"certificates (when at least one of *cafile*, *capath* or *cadata* is given) "
|
|
|
|
|
"or uses :meth:`SSLContext.load_default_certs` to load default CA "
|
|
|
|
|
"certificates."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Les paramètres sont : :data:`PROTOCOL_TLS`, :data:`OP_NO_SSLv2` et :data:"
|
|
|
|
|
"`OP_NO_SSLv3` avec des algorithmes de chiffrement de grande robustesse, "
|
|
|
|
|
"n'utilisant pas RC4 et n'utilisant pas les suites cryptographiques sans "
|
|
|
|
|
"authentification. Passer :data:`~Purpose.SERVER_AUTH` en tant que *purpose* "
|
|
|
|
|
"définit :data:`~SSLContext.verify_mode` sur :data:`CERT_REQUIRED` et charge "
|
|
|
|
|
"les certificats de l'autorité de certification (lorsqu'au moins un des "
|
|
|
|
|
"paramètres *cafile*, *capath* ou *cadata* est renseigné) ou utilise :meth:"
|
|
|
|
|
"`SSLContext.load_default_certs` pour charger les certificats des autorités "
|
|
|
|
|
"de certification par défaut."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:151
|
2019-09-04 09:35:23 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"When :attr:`~SSLContext.keylog_filename` is supported and the environment "
|
|
|
|
|
"variable :envvar:`SSLKEYLOGFILE` is set, :func:`create_default_context` "
|
|
|
|
|
"enables key logging."
|
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Lorsque :attr:`~SSLContext.keylog_filename` est pris en charge et que la "
|
|
|
|
|
"variable d'environnement :envvar:`SSLKEYLOGFILE` est définie, :func:"
|
|
|
|
|
"`create_default_context` active la journalisation des clés."
|
2019-09-04 09:35:23 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:156
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The protocol, options, cipher and other settings may change to more "
|
|
|
|
|
"restrictive values anytime without prior deprecation. The values represent "
|
|
|
|
|
"a fair balance between compatibility and security."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Le protocole, les options, l'algorithme de chiffrement et d'autres "
|
|
|
|
|
"paramètres peuvent changer pour des valeurs plus restrictives à tout moment "
|
|
|
|
|
"sans avertissement préalable. Les valeurs représentent un juste équilibre "
|
|
|
|
|
"entre compatibilité et sécurité."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:160
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"If your application needs specific settings, you should create a :class:"
|
|
|
|
|
"`SSLContext` and apply the settings yourself."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Si votre application nécessite des paramètres spécifiques, vous devez créer "
|
|
|
|
|
"une classe :class:`SSLContext` et appliquer les paramètres vous-même."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:164
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"If you find that when certain older clients or servers attempt to connect "
|
|
|
|
|
"with a :class:`SSLContext` created by this function that they get an error "
|
|
|
|
|
"stating \"Protocol or cipher suite mismatch\", it may be that they only "
|
|
|
|
|
"support SSL3.0 which this function excludes using the :data:`OP_NO_SSLv3`. "
|
|
|
|
|
"SSL3.0 is widely considered to be `completely broken <https://en.wikipedia."
|
|
|
|
|
"org/wiki/POODLE>`_. If you still wish to continue to use this function but "
|
|
|
|
|
"still allow SSL 3.0 connections you can re-enable them using::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Si vous constatez que, lorsque certains clients ou serveurs plus anciens "
|
|
|
|
|
"tentent de se connecter avec une classe :class:`SSLContext` créée par cette "
|
|
|
|
|
"fonction, une erreur indiquant « *Protocol or cipher suite "
|
|
|
|
|
"mismatch* » (« Non concordance de protocole ou d'algorithme de "
|
|
|
|
|
"chiffrement ») est détectée, il se peut qu'ils ne prennent en charge que SSL "
|
|
|
|
|
"3.0 que cette fonction exclut en utilisant :data:`OP_NO_SSLv3`. SSL3.0 est "
|
|
|
|
|
"notoirement considéré comme `totalement déficient <https://fr.wikipedia.org/"
|
|
|
|
|
"wiki/POODLE>`_. Si vous souhaitez toujours continuer à utiliser cette "
|
|
|
|
|
"fonction tout en autorisant les connexions SSL 3.0, vous pouvez les "
|
|
|
|
|
"réactiver à l'aide de ::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:180
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "RC4 was dropped from the default cipher string."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"RC4 a été supprimé de la liste des algorithmes de chiffrement par défaut."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:184
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "ChaCha20/Poly1305 was added to the default cipher string."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"*ChaCha20*/*Poly1305* a été ajouté à la liste des algorithmes de chiffrement "
|
|
|
|
|
"par défaut."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:186
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "3DES was dropped from the default cipher string."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"*3DES* a été supprimé de la liste des algorithmes de chiffrement par défaut."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:190
|
2019-09-04 09:35:23 +00:00
|
|
|
|
msgid "Support for key logging to :envvar:`SSLKEYLOGFILE` was added."
|
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"La prise en charge de la journalisation des clés dans :envvar:"
|
|
|
|
|
"`SSLKEYLOGFILE` a été ajoutée."
|
2019-09-04 09:35:23 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:194
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The context now uses :data:`PROTOCOL_TLS_CLIENT` or :data:"
|
|
|
|
|
"`PROTOCOL_TLS_SERVER` protocol instead of generic :data:`PROTOCOL_TLS`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:200
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "Exceptions"
|
2018-07-03 09:14:42 +00:00
|
|
|
|
msgstr "Exceptions"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:204
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"Raised to signal an error from the underlying SSL implementation (currently "
|
|
|
|
|
"provided by the OpenSSL library). This signifies some problem in the higher-"
|
|
|
|
|
"level encryption and authentication layer that's superimposed on the "
|
|
|
|
|
"underlying network connection. This error is a subtype of :exc:`OSError`. "
|
|
|
|
|
"The error code and message of :exc:`SSLError` instances are provided by the "
|
|
|
|
|
"OpenSSL library."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Levée pour signaler une erreur de l'implémentation SSL sous-jacente "
|
|
|
|
|
"(actuellement fournie par la bibliothèque OpenSSL). Cela signifie qu'un "
|
|
|
|
|
"problème est apparu dans la couche d'authentification et de chiffrement de "
|
|
|
|
|
"niveau supérieur qui s'appuie sur la connexion réseau sous-jacente. Cette "
|
|
|
|
|
"erreur est un sous-type de :exc:`OSError`. Le code d'erreur et le message "
|
|
|
|
|
"des instances de :exc:`SSLError` sont fournis par la bibliothèque OpenSSL."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:211
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ":exc:`SSLError` used to be a subtype of :exc:`socket.error`."
|
2020-04-01 20:58:07 +00:00
|
|
|
|
msgstr ":exc:`SSLError` était un sous-type de :exc:`socket.error`."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:216
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"A string mnemonic designating the OpenSSL submodule in which the error "
|
|
|
|
|
"occurred, such as ``SSL``, ``PEM`` or ``X509``. The range of possible "
|
|
|
|
|
"values depends on the OpenSSL version."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Une chaîne de caractères mnémonique désignant le sous-module OpenSSL dans "
|
|
|
|
|
"lequel l'erreur s'est produite, telle que ``SSL``, ``PEM`` ou ``X509``. "
|
|
|
|
|
"L'étendue des valeurs possibles dépend de la version d'OpenSSL."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:224
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"A string mnemonic designating the reason this error occurred, for example "
|
|
|
|
|
"``CERTIFICATE_VERIFY_FAILED``. The range of possible values depends on the "
|
|
|
|
|
"OpenSSL version."
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:232
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"A subclass of :exc:`SSLError` raised when trying to read or write and the "
|
|
|
|
|
"SSL connection has been closed cleanly. Note that this doesn't mean that "
|
|
|
|
|
"the underlying transport (read TCP) has been closed."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:240
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"A subclass of :exc:`SSLError` raised by a :ref:`non-blocking SSL socket <ssl-"
|
|
|
|
|
"nonblocking>` when trying to read or write data, but more data needs to be "
|
|
|
|
|
"received on the underlying TCP transport before the request can be fulfilled."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
2020-04-01 20:58:07 +00:00
|
|
|
|
"Sous-classe de :exc:`SSLError` levée par un connecteur :ref:`SSL non "
|
|
|
|
|
"bloquant <ssl-nonblocking>` lors d'une tentative de lecture ou d'écriture de "
|
|
|
|
|
"données, alors que davantage de données doivent être reçues sur la couche "
|
|
|
|
|
"TCP sous-jacente avant que la demande puisse être satisfaite."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:249
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"A subclass of :exc:`SSLError` raised by a :ref:`non-blocking SSL socket <ssl-"
|
|
|
|
|
"nonblocking>` when trying to read or write data, but more data needs to be "
|
|
|
|
|
"sent on the underlying TCP transport before the request can be fulfilled."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:258
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"A subclass of :exc:`SSLError` raised when a system error was encountered "
|
|
|
|
|
"while trying to fulfill an operation on a SSL socket. Unfortunately, there "
|
|
|
|
|
"is no easy way to inspect the original errno number."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:266
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"A subclass of :exc:`SSLError` raised when the SSL connection has been "
|
|
|
|
|
"terminated abruptly. Generally, you shouldn't try to reuse the underlying "
|
|
|
|
|
"transport when this error is encountered."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:274
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"A subclass of :exc:`SSLError` raised when certificate validation has failed."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:281
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "A numeric error number that denotes the verification error."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:285
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "A human readable string of the verification error."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:289
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "An alias for :exc:`SSLCertVerificationError`."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:291
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "The exception is now an alias for :exc:`SSLCertVerificationError`."
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:296
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Random generation"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:300
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Return *num* cryptographically strong pseudo-random bytes. Raises an :class:"
|
|
|
|
|
"`SSLError` if the PRNG has not been seeded with enough data or if the "
|
|
|
|
|
"operation is not supported by the current RAND method. :func:`RAND_status` "
|
|
|
|
|
"can be used to check the status of the PRNG and :func:`RAND_add` can be used "
|
|
|
|
|
"to seed the PRNG."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:327
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "For almost all applications :func:`os.urandom` is preferable."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:308
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Read the Wikipedia article, `Cryptographically secure pseudorandom number "
|
|
|
|
|
"generator (CSPRNG) <https://en.wikipedia.org/wiki/"
|
|
|
|
|
"Cryptographically_secure_pseudorandom_number_generator>`_, to get the "
|
2020-07-20 08:56:42 +00:00
|
|
|
|
"requirements of a cryptographically strong generator."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:317
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Return (bytes, is_cryptographic): bytes are *num* pseudo-random bytes, "
|
|
|
|
|
"is_cryptographic is ``True`` if the bytes generated are cryptographically "
|
|
|
|
|
"strong. Raises an :class:`SSLError` if the operation is not supported by the "
|
|
|
|
|
"current RAND method."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:322
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Generated pseudo-random byte sequences will be unique if they are of "
|
|
|
|
|
"sufficient length, but are not necessarily unpredictable. They can be used "
|
|
|
|
|
"for non-cryptographic purposes and for certain purposes in cryptographic "
|
|
|
|
|
"protocols, but usually not for key generation etc."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:333
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"OpenSSL has deprecated :func:`ssl.RAND_pseudo_bytes`, use :func:`ssl."
|
|
|
|
|
"RAND_bytes` instead."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:338
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Return ``True`` if the SSL pseudo-random number generator has been seeded "
|
|
|
|
|
"with 'enough' randomness, and ``False`` otherwise. You can use :func:`ssl."
|
|
|
|
|
"RAND_egd` and :func:`ssl.RAND_add` to increase the randomness of the pseudo-"
|
|
|
|
|
"random number generator."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:345
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Mix the given *bytes* into the SSL pseudo-random number generator. The "
|
|
|
|
|
"parameter *entropy* (a float) is a lower bound on the entropy contained in "
|
|
|
|
|
"string (so you can always use :const:`0.0`). See :rfc:`1750` for more "
|
|
|
|
|
"information on sources of entropy."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:350
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Writable :term:`bytes-like object` is now accepted."
|
|
|
|
|
msgstr "N'importe quel :term:`bytes-like object` est maintenant accepté."
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:354
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Certificate handling"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:362
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Verify that *cert* (in decoded format as returned by :meth:`SSLSocket."
|
|
|
|
|
"getpeercert`) matches the given *hostname*. The rules applied are those for "
|
2017-08-01 11:29:09 +00:00
|
|
|
|
"checking the identity of HTTPS servers as outlined in :rfc:`2818`, :rfc:"
|
|
|
|
|
"`5280` and :rfc:`6125`. In addition to HTTPS, this function should be "
|
|
|
|
|
"suitable for checking the identity of servers in various SSL-based protocols "
|
|
|
|
|
"such as FTPS, IMAPS, POPS and others."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:369
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":exc:`CertificateError` is raised on failure. On success, the function "
|
|
|
|
|
"returns nothing::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:382
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The function now follows :rfc:`6125`, section 6.4.3 and does neither match "
|
|
|
|
|
"multiple wildcards (e.g. ``*.*.com`` or ``*a*.example.org``) nor a wildcard "
|
|
|
|
|
"inside an internationalized domain names (IDN) fragment. IDN A-labels such "
|
|
|
|
|
"as ``www*.xn--pthon-kva.org`` are still supported, but ``x*.python.org`` no "
|
|
|
|
|
"longer matches ``xn--tda.python.org``."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:389
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Matching of IP addresses, when present in the subjectAltName field of the "
|
|
|
|
|
"certificate, is now supported."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:393
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The function is no longer used to TLS connections. Hostname matching is now "
|
|
|
|
|
"performed by OpenSSL."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:397
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Allow wildcard when it is the leftmost and the only character in that "
|
|
|
|
|
"segment. Partial wildcards like ``www*.example.com`` are no longer supported."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:405
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Return the time in seconds since the Epoch, given the ``cert_time`` string "
|
2022-03-23 17:40:12 +00:00
|
|
|
|
"representing the \"notBefore\" or \"notAfter\" date from a certificate in "
|
|
|
|
|
"``\"%b %d %H:%M:%S %Y %Z\"`` strptime format (C locale)."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:410
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Here's an example:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:422
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "\"notBefore\" or \"notAfter\" dates must use GMT (:rfc:`5280`)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:424
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Interpret the input time as a time in UTC as specified by 'GMT' timezone in "
|
|
|
|
|
"the input string. Local timezone was used previously. Return an integer (no "
|
|
|
|
|
"fractions of a second in the input format)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:433
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Given the address ``addr`` of an SSL-protected server, as a (*hostname*, "
|
|
|
|
|
"*port-number*) pair, fetches the server's certificate, and returns it as a "
|
|
|
|
|
"PEM-encoded string. If ``ssl_version`` is specified, uses that version of "
|
|
|
|
|
"the SSL protocol to attempt to connect to the server. If ``ca_certs`` is "
|
|
|
|
|
"specified, it should be a file containing a list of root certificates, the "
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"same format as used for the same parameter in :meth:`SSLContext."
|
|
|
|
|
"wrap_socket`. The call will attempt to validate the server certificate "
|
|
|
|
|
"against that set of root certificates, and will fail if the validation "
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"attempt fails. A timeout can be specified with the ``timeout`` parameter."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:444
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "This function is now IPv6-compatible."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:447
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The default *ssl_version* is changed from :data:`PROTOCOL_SSLv3` to :data:"
|
|
|
|
|
"`PROTOCOL_TLS` for maximum compatibility with modern servers."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:451
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid "The *timeout* parameter was added."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:456
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Given a certificate as a DER-encoded blob of bytes, returns a PEM-encoded "
|
|
|
|
|
"string version of the same certificate."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:461
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Given a certificate as an ASCII PEM string, returns a DER-encoded sequence "
|
|
|
|
|
"of bytes for that same certificate."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:466
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Returns a named tuple with paths to OpenSSL's default cafile and capath. The "
|
|
|
|
|
"paths are the same as used by :meth:`SSLContext.set_default_verify_paths`. "
|
|
|
|
|
"The return value is a :term:`named tuple` ``DefaultVerifyPaths``:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:471
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":attr:`cafile` - resolved path to cafile or ``None`` if the file doesn't "
|
|
|
|
|
"exist,"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:472
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":attr:`capath` - resolved path to capath or ``None`` if the directory "
|
|
|
|
|
"doesn't exist,"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:473
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":attr:`openssl_cafile_env` - OpenSSL's environment key that points to a "
|
|
|
|
|
"cafile,"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:474
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":attr:`openssl_cafile` - hard coded path to a cafile,"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:475
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":attr:`openssl_capath_env` - OpenSSL's environment key that points to a "
|
|
|
|
|
"capath,"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:476
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":attr:`openssl_capath` - hard coded path to a capath directory"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:482
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Retrieve certificates from Windows' system cert store. *store_name* may be "
|
|
|
|
|
"one of ``CA``, ``ROOT`` or ``MY``. Windows may provide additional cert "
|
|
|
|
|
"stores, too."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:486
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The function returns a list of (cert_bytes, encoding_type, trust) tuples. "
|
|
|
|
|
"The encoding_type specifies the encoding of cert_bytes. It is either :const:"
|
|
|
|
|
"`x509_asn` for X.509 ASN.1 data or :const:`pkcs_7_asn` for PKCS#7 ASN.1 "
|
|
|
|
|
"data. Trust specifies the purpose of the certificate as a set of OIDS or "
|
|
|
|
|
"exactly ``True`` if the certificate is trustworthy for all purposes."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1637 library/ssl.rst:1932
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Example::"
|
2018-07-03 09:49:47 +00:00
|
|
|
|
msgstr "Exemple ::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-04-14 11:20:40 +00:00
|
|
|
|
#: library/ssl.rst:514
|
2018-11-29 15:13:39 +00:00
|
|
|
|
msgid ":ref:`Availability <availability>`: Windows."
|
2018-11-29 16:44:15 +00:00
|
|
|
|
msgstr ":ref:`Disponibilité <availability>` : Windows."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:505
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Retrieve CRLs from Windows' system cert store. *store_name* may be one of "
|
|
|
|
|
"``CA``, ``ROOT`` or ``MY``. Windows may provide additional cert stores, too."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:509
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The function returns a list of (cert_bytes, encoding_type, trust) tuples. "
|
|
|
|
|
"The encoding_type specifies the encoding of cert_bytes. It is either :const:"
|
|
|
|
|
"`x509_asn` for X.509 ASN.1 data or :const:`pkcs_7_asn` for PKCS#7 ASN.1 data."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:523
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Takes an instance ``sock`` of :class:`socket.socket`, and returns an "
|
|
|
|
|
"instance of :class:`ssl.SSLSocket`, a subtype of :class:`socket.socket`, "
|
|
|
|
|
"which wraps the underlying socket in an SSL context. ``sock`` must be a :"
|
|
|
|
|
"data:`~socket.SOCK_STREAM` socket; other socket types are unsupported."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:528
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Internally, function creates a :class:`SSLContext` with protocol "
|
|
|
|
|
"*ssl_version* and :attr:`SSLContext.options` set to *cert_reqs*. If "
|
|
|
|
|
"parameters *keyfile*, *certfile*, *ca_certs* or *ciphers* are set, then the "
|
|
|
|
|
"values are passed to :meth:`SSLContext.load_cert_chain`, :meth:`SSLContext."
|
|
|
|
|
"load_verify_locations`, and :meth:`SSLContext.set_ciphers`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:535
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The arguments *server_side*, *do_handshake_on_connect*, and "
|
|
|
|
|
"*suppress_ragged_eofs* have the same meaning as :meth:`SSLContext."
|
|
|
|
|
"wrap_socket`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:541
|
2023-07-23 20:51:30 +00:00
|
|
|
|
#, fuzzy
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Since Python 3.2 and 2.7.9, it is recommended to use the :meth:`SSLContext."
|
|
|
|
|
"wrap_socket` instead of :func:`wrap_socket`. The top-level function is "
|
|
|
|
|
"limited and creates an insecure client socket without server name indication "
|
|
|
|
|
"or hostname matching."
|
|
|
|
|
msgstr ""
|
2023-07-23 20:51:30 +00:00
|
|
|
|
"Depuis Python 3.2 et 2.7.9, il est recommandé d'utiliser :meth:`SSLContext."
|
|
|
|
|
"wrap_socket` d'une instance :class:`SSLContext` pour encapsuler des "
|
|
|
|
|
"connecteurs en tant qu'objets :class:`SSLSocket`. Les fonctions auxiliaires :"
|
|
|
|
|
"func:`create_default_context` renvoient un nouveau contexte avec des "
|
|
|
|
|
"paramètres par défaut sécurisés. L'ancienne fonction :func:`wrap_socket` est "
|
|
|
|
|
"obsolète car elle est à la fois inefficace et ne prend pas en charge "
|
|
|
|
|
"l'indication de nom de serveur (SNI) et la vérification du nom de l'hôte."
|
2018-06-28 13:32:56 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:547
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Constants"
|
2017-03-05 09:57:28 +00:00
|
|
|
|
msgstr "Constantes"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:549
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"All constants are now :class:`enum.IntEnum` or :class:`enum.IntFlag` "
|
|
|
|
|
"collections."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:555
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs`` "
|
2018-06-17 08:43:33 +00:00
|
|
|
|
"parameter to :func:`wrap_socket`. Except for :const:`PROTOCOL_TLS_CLIENT`, "
|
|
|
|
|
"it is the default mode. With client-side sockets, just about any cert is "
|
|
|
|
|
"accepted. Validation errors, such as untrusted or expired cert, are ignored "
|
|
|
|
|
"and do not abort the TLS/SSL handshake."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:561
|
2018-06-17 08:43:33 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"In server mode, no certificate is requested from the client, so the client "
|
|
|
|
|
"does not send any for client cert authentication."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2340
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "See the discussion of :ref:`ssl-security` below."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:568
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs`` "
|
2018-06-17 08:43:33 +00:00
|
|
|
|
"parameter to :func:`wrap_socket`. In client mode, :const:`CERT_OPTIONAL` "
|
|
|
|
|
"has the same meaning as :const:`CERT_REQUIRED`. It is recommended to use :"
|
|
|
|
|
"const:`CERT_REQUIRED` for client-side sockets instead."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:573
|
2018-06-17 08:43:33 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"In server mode, a client certificate request is sent to the client. The "
|
|
|
|
|
"client may either ignore the request or send a certificate in order perform "
|
|
|
|
|
"TLS client cert authentication. If the client chooses to send a "
|
|
|
|
|
"certificate, it is verified. Any verification error immediately aborts the "
|
|
|
|
|
"TLS handshake."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:599
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Use of this setting requires a valid set of CA certificates to be passed, "
|
|
|
|
|
"either to :meth:`SSLContext.load_verify_locations` or as a value of the "
|
|
|
|
|
"``ca_certs`` parameter to :func:`wrap_socket`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:585
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs`` "
|
|
|
|
|
"parameter to :func:`wrap_socket`. In this mode, certificates are required "
|
|
|
|
|
"from the other side of the socket connection; an :class:`SSLError` will be "
|
2018-06-17 08:43:33 +00:00
|
|
|
|
"raised if no certificate is provided, or if its validation fails. This mode "
|
|
|
|
|
"is **not** sufficient to verify a certificate in client mode as it does not "
|
|
|
|
|
"match hostnames. :attr:`~SSLContext.check_hostname` must be enabled as well "
|
|
|
|
|
"to verify the authenticity of a cert. :const:`PROTOCOL_TLS_CLIENT` uses :"
|
|
|
|
|
"const:`CERT_REQUIRED` and enables :attr:`~SSLContext.check_hostname` by "
|
|
|
|
|
"default."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:595
|
2018-06-17 08:43:33 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"With server socket, this mode provides mandatory TLS client cert "
|
|
|
|
|
"authentication. A client certificate request is sent to the client and the "
|
|
|
|
|
"client must provide a valid and trusted certificate."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:605
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":class:`enum.IntEnum` collection of CERT_* constants."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:611
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_flags`. In this mode, "
|
|
|
|
|
"certificate revocation lists (CRLs) are not checked. By default OpenSSL does "
|
|
|
|
|
"neither require nor verify CRLs."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:619
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_flags`. In this mode, only the "
|
2019-10-09 16:10:12 +00:00
|
|
|
|
"peer cert is checked but none of the intermediate CA certificates. The mode "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"requires a valid CRL that is signed by the peer cert's issuer (its direct "
|
2020-10-02 08:55:01 +00:00
|
|
|
|
"ancestor CA). If no proper CRL has been loaded with :attr:`SSLContext."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"load_verify_locations`, validation will fail."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:629
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_flags`. In this mode, CRLs of "
|
|
|
|
|
"all certificates in the peer cert chain are checked."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:636
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_flags` to disable workarounds "
|
|
|
|
|
"for broken X.509 certificates."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:643
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_flags` to enables proxy "
|
|
|
|
|
"certificate verification."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:650
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to "
|
|
|
|
|
"prefer trusted certificates when building the trust chain to validate a "
|
|
|
|
|
"certificate. This flag is enabled by default."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:658
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to "
|
|
|
|
|
"accept intermediate CAs in the trust store to be treated as trust-anchors, "
|
|
|
|
|
"in the same way as the self-signed root CA certificates. This makes it "
|
|
|
|
|
"possible to trust certificates issued by an intermediate CA without having "
|
|
|
|
|
"to trust its ancestor root CA."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:669
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":class:`enum.IntFlag` collection of VERIFY_* constants."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:675
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Selects the highest protocol version that both the client and server "
|
2017-05-27 17:46:38 +00:00
|
|
|
|
"support. Despite the name, this option can select both \"SSL\" and \"TLS\" "
|
|
|
|
|
"protocols."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:682
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"TLS clients and servers require different default settings for secure "
|
|
|
|
|
"communication. The generic TLS protocol constant is deprecated in favor of :"
|
|
|
|
|
"data:`PROTOCOL_TLS_CLIENT` and :data:`PROTOCOL_TLS_SERVER`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:688
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Auto-negotiate the highest protocol version that both the client and server "
|
|
|
|
|
"support, and configure the context client-side connections. The protocol "
|
2017-04-02 20:14:06 +00:00
|
|
|
|
"enables :data:`CERT_REQUIRED` and :attr:`~SSLContext.check_hostname` by "
|
|
|
|
|
"default."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:697
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"Auto-negotiate the highest protocol version that both the client and server "
|
|
|
|
|
"support, and configure the context server-side connections."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:704
|
2019-09-04 09:35:23 +00:00
|
|
|
|
msgid "Alias for :data:`PROTOCOL_TLS`."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:708
|
2017-04-02 20:14:06 +00:00
|
|
|
|
msgid "Use :data:`PROTOCOL_TLS` instead."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:712
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Selects SSL version 2 as the channel encryption protocol."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:714
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2022-05-22 21:15:02 +00:00
|
|
|
|
"This protocol is not available if OpenSSL is compiled with the ``no-ssl2`` "
|
|
|
|
|
"option."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:719
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSL version 2 is insecure. Its use is highly discouraged."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:723
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "OpenSSL has removed support for SSLv2."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:727
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Selects SSL version 3 as the channel encryption protocol."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:729
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2022-05-22 21:15:02 +00:00
|
|
|
|
"This protocol is not available if OpenSSL is compiled with the ``no-ssl3`` "
|
|
|
|
|
"option."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:734
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSL version 3 is insecure. Its use is highly discouraged."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:738
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"OpenSSL has deprecated all version specific protocols. Use the default "
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"protocol :data:`PROTOCOL_TLS_SERVER` or :data:`PROTOCOL_TLS_CLIENT` with :"
|
|
|
|
|
"attr:`SSLContext.minimum_version` and :attr:`SSLContext.maximum_version` "
|
|
|
|
|
"instead."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:746
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Selects TLS version 1.0 as the channel encryption protocol."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:761 library/ssl.rst:772
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid "OpenSSL has deprecated all version specific protocols."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:754
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Selects TLS version 1.1 as the channel encryption protocol. Available only "
|
|
|
|
|
"with openssl version 1.0.1+."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:765
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"Selects TLS version 1.2 as the channel encryption protocol. Available only "
|
|
|
|
|
"with openssl version 1.0.1+."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:776
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Enables workarounds for various bugs present in other SSL implementations. "
|
|
|
|
|
"This option is set by default. It does not necessarily set the same flags "
|
|
|
|
|
"as OpenSSL's ``SSL_OP_ALL`` constant."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:784
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Prevents an SSLv2 connection. This option is only applicable in conjunction "
|
|
|
|
|
"with :const:`PROTOCOL_TLS`. It prevents the peers from choosing SSLv2 as "
|
|
|
|
|
"the protocol version."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:792
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSLv2 is deprecated"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:796
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Prevents an SSLv3 connection. This option is only applicable in conjunction "
|
|
|
|
|
"with :const:`PROTOCOL_TLS`. It prevents the peers from choosing SSLv3 as "
|
|
|
|
|
"the protocol version."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:804
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSLv3 is deprecated"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:808
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Prevents a TLSv1 connection. This option is only applicable in conjunction "
|
|
|
|
|
"with :const:`PROTOCOL_TLS`. It prevents the peers from choosing TLSv1 as "
|
|
|
|
|
"the protocol version."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:814
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The option is deprecated since OpenSSL 1.1.0, use the new :attr:`SSLContext."
|
|
|
|
|
"minimum_version` and :attr:`SSLContext.maximum_version` instead."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:821
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Prevents a TLSv1.1 connection. This option is only applicable in conjunction "
|
|
|
|
|
"with :const:`PROTOCOL_TLS`. It prevents the peers from choosing TLSv1.1 as "
|
|
|
|
|
"the protocol version. Available only with openssl version 1.0.1+."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:838
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "The option is deprecated since OpenSSL 1.1.0."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:832
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Prevents a TLSv1.2 connection. This option is only applicable in conjunction "
|
|
|
|
|
"with :const:`PROTOCOL_TLS`. It prevents the peers from choosing TLSv1.2 as "
|
|
|
|
|
"the protocol version. Available only with openssl version 1.0.1+."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:843
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Prevents a TLSv1.3 connection. This option is only applicable in conjunction "
|
|
|
|
|
"with :const:`PROTOCOL_TLS`. It prevents the peers from choosing TLSv1.3 as "
|
|
|
|
|
"the protocol version. TLS 1.3 is available with OpenSSL 1.1.1 or later. When "
|
|
|
|
|
"Python has been compiled against an older version of OpenSSL, the flag "
|
|
|
|
|
"defaults to *0*."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:851
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The option is deprecated since OpenSSL 1.1.0. It was added to 2.7.15, 3.6.3 "
|
|
|
|
|
"and 3.7.0 for backwards compatibility with OpenSSL 1.0.2."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:857
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest "
|
|
|
|
|
"messages, and ignore renegotiation requests via ClientHello."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:860
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "This option is only available with OpenSSL 1.1.0h and later."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:866
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Use the server's cipher ordering preference, rather than the client's. This "
|
|
|
|
|
"option has no effect on client sockets and SSLv2 server sockets."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:873
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Prevents re-use of the same DH key for distinct SSL sessions. This improves "
|
|
|
|
|
"forward secrecy but requires more computational resources. This option only "
|
|
|
|
|
"applies to server sockets."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:881
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Prevents re-use of the same ECDH key for distinct SSL sessions. This "
|
|
|
|
|
"improves forward secrecy but requires more computational resources. This "
|
|
|
|
|
"option only applies to server sockets."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:889
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Send dummy Change Cipher Spec (CCS) messages in TLS 1.3 handshake to make a "
|
|
|
|
|
"TLS 1.3 connection look more like a TLS 1.2 connection."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:892
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "This option is only available with OpenSSL 1.1.1 and later."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:898
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Disable compression on the SSL channel. This is useful if the application "
|
|
|
|
|
"protocol supports its own compression scheme."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:905
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ":class:`enum.IntFlag` collection of OP_* constants."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:909
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "Prevent client side from requesting a session ticket."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:915
|
2021-05-26 17:39:06 +00:00
|
|
|
|
msgid "Ignore unexpected shutdown of TLS connections."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:917
|
2021-05-26 17:39:06 +00:00
|
|
|
|
msgid "This option is only available with OpenSSL 3.0.0 and later."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:923
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Whether the OpenSSL library has built-in support for the *Application-Layer "
|
|
|
|
|
"Protocol Negotiation* TLS extension as described in :rfc:`7301`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:930
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Whether the OpenSSL library has built-in support not checking subject common "
|
|
|
|
|
"name and :attr:`SSLContext.hostname_checks_common_name` is writeable."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:938
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Whether the OpenSSL library has built-in support for the Elliptic Curve-"
|
|
|
|
|
"based Diffie-Hellman key exchange. This should be true unless the feature "
|
|
|
|
|
"was explicitly disabled by the distributor."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:946
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Whether the OpenSSL library has built-in support for the *Server Name "
|
|
|
|
|
"Indication* extension (as defined in :rfc:`6066`)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:953
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Whether the OpenSSL library has built-in support for the *Next Protocol "
|
|
|
|
|
"Negotiation* as described in the `Application Layer Protocol Negotiation "
|
|
|
|
|
"<https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation>`_. "
|
|
|
|
|
"When true, you can use the :meth:`SSLContext.set_npn_protocols` method to "
|
|
|
|
|
"advertise which protocols you want to support."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:963
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Whether the OpenSSL library has built-in support for the SSL 2.0 protocol."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:969
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"Whether the OpenSSL library has built-in support for the SSL 3.0 protocol."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:975
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"Whether the OpenSSL library has built-in support for the TLS 1.0 protocol."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:981
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"Whether the OpenSSL library has built-in support for the TLS 1.1 protocol."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:987
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"Whether the OpenSSL library has built-in support for the TLS 1.2 protocol."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:993
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Whether the OpenSSL library has built-in support for the TLS 1.3 protocol."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:999
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"List of supported TLS channel binding types. Strings in this list can be "
|
|
|
|
|
"used as arguments to :meth:`SSLSocket.get_channel_binding`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1006
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "The version string of the OpenSSL library loaded by the interpreter::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1015
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"A tuple of five integers representing version information about the OpenSSL "
|
|
|
|
|
"library::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1025
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "The raw version number of the OpenSSL library, as a single integer::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1038
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Alert Descriptions from :rfc:`5246` and others. The `IANA TLS Alert Registry "
|
|
|
|
|
"<https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-"
|
|
|
|
|
"parameters-6>`_ contains this list and references to the RFCs where their "
|
|
|
|
|
"meaning is defined."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1042
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Used as the return value of the callback function in :meth:`SSLContext."
|
|
|
|
|
"set_servername_callback`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1049
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":class:`enum.IntEnum` collection of ALERT_DESCRIPTION_* constants."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1055
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Option for :func:`create_default_context` and :meth:`SSLContext."
|
|
|
|
|
"load_default_certs`. This value indicates that the context may be used to "
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"authenticate web servers (therefore, it will be used to create client-side "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"sockets)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1064
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Option for :func:`create_default_context` and :meth:`SSLContext."
|
|
|
|
|
"load_default_certs`. This value indicates that the context may be used to "
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"authenticate web clients (therefore, it will be used to create server-side "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"sockets)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1073
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":class:`enum.IntEnum` collection of SSL_ERROR_* constants."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1079
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":class:`enum.IntEnum` collection of SSL and TLS versions for :attr:"
|
|
|
|
|
"`SSLContext.maximum_version` and :attr:`SSLContext.minimum_version`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1087
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The minimum or maximum supported SSL or TLS version. These are magic "
|
|
|
|
|
"constants. Their values don't reflect the lowest and highest available TLS/"
|
|
|
|
|
"SSL versions."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1097
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "SSL 3.0 to TLS 1.3."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1101
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"All :class:`TLSVersion` members except :attr:`TLSVersion.TLSv1_2` and :attr:"
|
|
|
|
|
"`TLSVersion.TLSv1_3` are deprecated."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1106
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSL Sockets"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1110
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSL sockets provide the following methods of :ref:`socket-objects`:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1112
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~socket.socket.accept()`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~socket.socket.accept()`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1113
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~socket.socket.bind()`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~socket.socket.bind()`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1114
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~socket.socket.close()`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~socket.socket.close()`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1115
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~socket.socket.connect()`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~socket.socket.connect()`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1116
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~socket.socket.detach()`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~socket.socket.detach()`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1117
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~socket.socket.fileno()`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~socket.socket.fileno()`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1118
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":meth:`~socket.socket.getpeername()`, :meth:`~socket.socket.getsockname()`"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1119
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":meth:`~socket.socket.getsockopt()`, :meth:`~socket.socket.setsockopt()`"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1120
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":meth:`~socket.socket.gettimeout()`, :meth:`~socket.socket.settimeout()`, :"
|
|
|
|
|
"meth:`~socket.socket.setblocking()`"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1122
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~socket.socket.listen()`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~socket.socket.listen()`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1123
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~socket.socket.makefile()`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~socket.socket.makefile()`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1124
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":meth:`~socket.socket.recv()`, :meth:`~socket.socket.recv_into()` (but "
|
|
|
|
|
"passing a non-zero ``flags`` argument is not allowed)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1126
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":meth:`~socket.socket.send()`, :meth:`~socket.socket.sendall()` (with the "
|
|
|
|
|
"same limitation)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1128
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":meth:`~socket.socket.sendfile()` (but :mod:`os.sendfile` will be used for "
|
|
|
|
|
"plain-text sockets only, else :meth:`~socket.socket.send()` will be used)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1130
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~socket.socket.shutdown()`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~socket.socket.shutdown()`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1132
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"However, since the SSL (and TLS) protocol has its own framing atop of TCP, "
|
|
|
|
|
"the SSL sockets abstraction can, in certain respects, diverge from the "
|
|
|
|
|
"specification of normal, OS-level sockets. See especially the :ref:`notes "
|
|
|
|
|
"on non-blocking sockets <ssl-nonblocking>`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1137
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"Instances of :class:`SSLSocket` must be created using the :meth:`SSLContext."
|
|
|
|
|
"wrap_socket` method."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1140
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "The :meth:`sendfile` method was added."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1143
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The :meth:`shutdown` does not reset the socket timeout each time bytes are "
|
2023-01-23 21:54:21 +00:00
|
|
|
|
"received or sent. The socket timeout is now the maximum total duration of "
|
|
|
|
|
"the shutdown."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1148
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"It is deprecated to create a :class:`SSLSocket` instance directly, use :meth:"
|
|
|
|
|
"`SSLContext.wrap_socket` to wrap a socket."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1152
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":class:`SSLSocket` instances must to created with :meth:`~SSLContext."
|
|
|
|
|
"wrap_socket`. In earlier versions, it was possible to create instances "
|
|
|
|
|
"directly. This was never documented or officially supported."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1158
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Python now uses ``SSL_read_ex`` and ``SSL_write_ex`` internally. The "
|
|
|
|
|
"functions support reading and writing of data larger than 2 GB. Writing zero-"
|
|
|
|
|
"length data no longer fails with a protocol violation error."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1163
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSL sockets also have the following additional methods and attributes:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1167
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Read up to *len* bytes of data from the SSL socket and return the result as "
|
|
|
|
|
"a ``bytes`` instance. If *buffer* is specified, then read into the buffer "
|
|
|
|
|
"instead, and return the number of bytes read."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1171
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Raise :exc:`SSLWantReadError` or :exc:`SSLWantWriteError` if the socket is :"
|
|
|
|
|
"ref:`non-blocking <ssl-nonblocking>` and the read would block."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1174
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"As at any time a re-negotiation is possible, a call to :meth:`read` can also "
|
|
|
|
|
"cause write operations."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1177
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2023-01-23 21:54:21 +00:00
|
|
|
|
"The socket timeout is no longer reset each time bytes are received or sent. "
|
|
|
|
|
"The socket timeout is now the maximum total duration to read up to *len* "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"bytes."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1182
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Use :meth:`~SSLSocket.recv` instead of :meth:`~SSLSocket.read`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1187
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Write *buf* to the SSL socket and return the number of bytes written. The "
|
|
|
|
|
"*buf* argument must be an object supporting the buffer interface."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1190
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Raise :exc:`SSLWantReadError` or :exc:`SSLWantWriteError` if the socket is :"
|
|
|
|
|
"ref:`non-blocking <ssl-nonblocking>` and the write would block."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1193
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"As at any time a re-negotiation is possible, a call to :meth:`write` can "
|
|
|
|
|
"also cause read operations."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1196
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2023-01-23 21:54:21 +00:00
|
|
|
|
"The socket timeout is no longer reset each time bytes are received or sent. "
|
|
|
|
|
"The socket timeout is now the maximum total duration to write *buf*."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1200
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Use :meth:`~SSLSocket.send` instead of :meth:`~SSLSocket.write`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1205
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The :meth:`~SSLSocket.read` and :meth:`~SSLSocket.write` methods are the low-"
|
|
|
|
|
"level methods that read and write unencrypted, application-level data and "
|
|
|
|
|
"decrypt/encrypt it to encrypted, wire-level data. These methods require an "
|
|
|
|
|
"active SSL connection, i.e. the handshake was completed and :meth:`SSLSocket."
|
|
|
|
|
"unwrap` was not called."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1211
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Normally you should use the socket API methods like :meth:`~socket.socket."
|
|
|
|
|
"recv` and :meth:`~socket.socket.send` instead of these methods."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1217
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Perform the SSL setup handshake."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1219
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The handshake method also performs :func:`match_hostname` when the :attr:"
|
|
|
|
|
"`~SSLContext.check_hostname` attribute of the socket's :attr:`~SSLSocket."
|
|
|
|
|
"context` is true."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1224
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2023-01-23 21:54:21 +00:00
|
|
|
|
"The socket timeout is no longer reset each time bytes are received or sent. "
|
|
|
|
|
"The socket timeout is now the maximum total duration of the handshake."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1228
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Hostname or IP address is matched by OpenSSL during handshake. The function :"
|
|
|
|
|
"func:`match_hostname` is no longer used. In case OpenSSL refuses a hostname "
|
|
|
|
|
"or IP address, the handshake is aborted early and a TLS alert message is "
|
2023-01-23 21:54:21 +00:00
|
|
|
|
"sent to the peer."
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1236
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If there is no certificate for the peer on the other end of the connection, "
|
|
|
|
|
"return ``None``. If the SSL handshake hasn't been done yet, raise :exc:"
|
|
|
|
|
"`ValueError`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1240
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If the ``binary_form`` parameter is :const:`False`, and a certificate was "
|
|
|
|
|
"received from the peer, this method returns a :class:`dict` instance. If "
|
|
|
|
|
"the certificate was not validated, the dict is empty. If the certificate "
|
|
|
|
|
"was validated, it returns a dict with several keys, amongst them ``subject`` "
|
|
|
|
|
"(the principal for which the certificate was issued) and ``issuer`` (the "
|
|
|
|
|
"principal issuing the certificate). If a certificate contains an instance "
|
|
|
|
|
"of the *Subject Alternative Name* extension (see :rfc:`3280`), there will "
|
|
|
|
|
"also be a ``subjectAltName`` key in the dictionary."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1249
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The ``subject`` and ``issuer`` fields are tuples containing the sequence of "
|
|
|
|
|
"relative distinguished names (RDNs) given in the certificate's data "
|
|
|
|
|
"structure for the respective fields, and each RDN is a sequence of name-"
|
|
|
|
|
"value pairs. Here is a real-world example::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1275
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"To validate a certificate for a particular service, you can use the :func:"
|
|
|
|
|
"`match_hostname` function."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1278
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If the ``binary_form`` parameter is :const:`True`, and a certificate was "
|
|
|
|
|
"provided, this method returns the DER-encoded form of the entire certificate "
|
|
|
|
|
"as a sequence of bytes, or :const:`None` if the peer did not provide a "
|
|
|
|
|
"certificate. Whether the peer provides a certificate depends on the SSL "
|
|
|
|
|
"socket's role:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1284
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"for a client SSL socket, the server will always provide a certificate, "
|
|
|
|
|
"regardless of whether validation was required;"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1287
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"for a server SSL socket, the client will only provide a certificate when "
|
|
|
|
|
"requested by the server; therefore :meth:`getpeercert` will return :const:"
|
|
|
|
|
"`None` if you used :const:`CERT_NONE` (rather than :const:`CERT_OPTIONAL` "
|
|
|
|
|
"or :const:`CERT_REQUIRED`)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1292
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The returned dictionary includes additional items such as ``issuer`` and "
|
|
|
|
|
"``notBefore``."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1296
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":exc:`ValueError` is raised when the handshake isn't done. The returned "
|
|
|
|
|
"dictionary includes additional X509v3 extension items such as "
|
|
|
|
|
"``crlDistributionPoints``, ``caIssuers`` and ``OCSP`` URIs."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1301
|
2020-02-04 10:14:03 +00:00
|
|
|
|
msgid "IPv6 address strings no longer have a trailing new line."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1306
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Returns a three-value tuple containing the name of the cipher being used, "
|
|
|
|
|
"the version of the SSL protocol that defines its use, and the number of "
|
|
|
|
|
"secret bits being used. If no connection has been established, returns "
|
|
|
|
|
"``None``."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1312
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2023-04-14 11:20:40 +00:00
|
|
|
|
"Return the list of ciphers available in both the client and server. Each "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"entry of the returned list is a three-value tuple containing the name of the "
|
|
|
|
|
"cipher, the version of the SSL protocol that defines its use, and the number "
|
|
|
|
|
"of secret bits the cipher uses. :meth:`~SSLSocket.shared_ciphers` returns "
|
|
|
|
|
"``None`` if no connection has been established or the socket is a client "
|
|
|
|
|
"socket."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1323
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Return the compression algorithm being used as a string, or ``None`` if the "
|
|
|
|
|
"connection isn't compressed."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1326
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If the higher-level protocol supports its own compression mechanism, you can "
|
|
|
|
|
"use :data:`OP_NO_COMPRESSION` to disable SSL-level compression."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1333
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Get channel binding data for current connection, as a bytes object. Returns "
|
|
|
|
|
"``None`` if not connected or the handshake has not been completed."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1336
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The *cb_type* parameter allow selection of the desired channel binding type. "
|
|
|
|
|
"Valid channel binding types are listed in the :data:`CHANNEL_BINDING_TYPES` "
|
|
|
|
|
"list. Currently only the 'tls-unique' channel binding, defined by :rfc:"
|
|
|
|
|
"`5929`, is supported. :exc:`ValueError` will be raised if an unsupported "
|
|
|
|
|
"channel binding type is requested."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1346
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Return the protocol that was selected during the TLS handshake. If :meth:"
|
|
|
|
|
"`SSLContext.set_alpn_protocols` was not called, if the other party does not "
|
|
|
|
|
"support ALPN, if this socket does not support any of the client's proposed "
|
|
|
|
|
"protocols, or if the handshake has not happened yet, ``None`` is returned."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1356
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Return the higher-level protocol that was selected during the TLS/SSL "
|
|
|
|
|
"handshake. If :meth:`SSLContext.set_npn_protocols` was not called, or if the "
|
|
|
|
|
"other party does not support NPN, or if the handshake has not yet happened, "
|
|
|
|
|
"this will return ``None``."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1725
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid "NPN has been superseded by ALPN"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1369
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Performs the SSL shutdown handshake, which removes the TLS layer from the "
|
|
|
|
|
"underlying socket, and returns the underlying socket object. This can be "
|
|
|
|
|
"used to go from encrypted operation over a connection to unencrypted. The "
|
|
|
|
|
"returned socket should always be used for further communication with the "
|
|
|
|
|
"other side of the connection, rather than the original socket."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1377
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-10-13 15:54:03 +00:00
|
|
|
|
"Requests post-handshake authentication (PHA) from a TLS 1.3 client. PHA can "
|
|
|
|
|
"only be initiated for a TLS 1.3 connection from a server-side socket, after "
|
|
|
|
|
"the initial TLS handshake and with PHA enabled on both sides, see :attr:"
|
|
|
|
|
"`SSLContext.post_handshake_auth`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1382
|
2018-10-13 15:54:03 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The method does not perform a cert exchange immediately. The server-side "
|
|
|
|
|
"sends a CertificateRequest during the next write event and expects the "
|
|
|
|
|
"client to respond with a certificate on the next read event."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1386
|
2018-10-13 15:54:03 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If any precondition isn't met (e.g. not TLS 1.3, PHA not enabled), an :exc:"
|
|
|
|
|
"`SSLError` is raised."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1390
|
2018-10-13 15:54:03 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Only available with OpenSSL 1.1.1 and TLS 1.3 enabled. Without TLS 1.3 "
|
|
|
|
|
"support, the method raises :exc:`NotImplementedError`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1397
|
2018-10-13 15:54:03 +00:00
|
|
|
|
msgid ""
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"Return the actual SSL protocol version negotiated by the connection as a "
|
2022-05-22 21:15:02 +00:00
|
|
|
|
"string, or ``None`` if no secure connection is established. As of this "
|
2022-03-23 17:40:12 +00:00
|
|
|
|
"writing, possible return values include ``\"SSLv2\"``, ``\"SSLv3\"``, "
|
|
|
|
|
"``\"TLSv1\"``, ``\"TLSv1.1\"`` and ``\"TLSv1.2\"``. Recent OpenSSL versions "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"may define more return values."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1407
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Returns the number of already decrypted bytes available for read, pending on "
|
|
|
|
|
"the connection."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1412
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The :class:`SSLContext` object this SSL socket is tied to. If the SSL "
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"socket was created using the deprecated :func:`wrap_socket` function (rather "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"than :meth:`SSLContext.wrap_socket`), this is a custom context object "
|
|
|
|
|
"created for this SSL socket."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1421
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"A boolean which is ``True`` for server-side sockets and ``False`` for client-"
|
|
|
|
|
"side sockets."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1428
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Hostname of the server: :class:`str` type, or ``None`` for server-side "
|
|
|
|
|
"socket or if the hostname was not specified in the constructor."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1433
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The attribute is now always ASCII text. When ``server_hostname`` is an "
|
|
|
|
|
"internationalized domain name (IDN), this attribute now stores the A-label "
|
|
|
|
|
"form (``\"xn--pythn-mua.org\"``), rather than the U-label form (``\"pythön."
|
|
|
|
|
"org\"``)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1441
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The :class:`SSLSession` for this SSL connection. The session is available "
|
|
|
|
|
"for client and server side sockets after the TLS handshake has been "
|
|
|
|
|
"performed. For client sockets the session can be set before :meth:"
|
|
|
|
|
"`~SSLSocket.do_handshake` has been called to reuse a session."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1454
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSL Contexts"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1458
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"An SSL context holds various data longer-lived than single SSL connections, "
|
|
|
|
|
"such as SSL configuration options, certificate(s) and private key(s). It "
|
|
|
|
|
"also manages a cache of SSL sessions for server-side sockets, in order to "
|
|
|
|
|
"speed up repeated connections from the same clients."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1465
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Create a new SSL context. You may pass *protocol* which must be one of the "
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"``PROTOCOL_*`` constants defined in this module. The parameter specifies "
|
|
|
|
|
"which version of the SSL protocol to use. Typically, the server chooses a "
|
|
|
|
|
"particular protocol version, and the client must adapt to the server's "
|
|
|
|
|
"choice. Most of the versions are not interoperable with the other "
|
|
|
|
|
"versions. If not specified, the default is :data:`PROTOCOL_TLS`; it "
|
|
|
|
|
"provides the most compatibility with other versions."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1474
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Here's a table showing which versions in a client (down the side) can "
|
|
|
|
|
"connect to which versions in a server (along the top):"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1480
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "*client* / **server**"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1480
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "**SSLv2**"
|
|
|
|
|
msgstr "**SSLv2**"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1480
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "**SSLv3**"
|
|
|
|
|
msgstr "**SSLv3**"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1480
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "**TLS** [3]_"
|
|
|
|
|
msgstr "**TLS** [3]_"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1480
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "**TLSv1**"
|
|
|
|
|
msgstr "**TLSv1**"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1480
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "**TLSv1.1**"
|
|
|
|
|
msgstr "**TLSv1.1**"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1480
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "**TLSv1.2**"
|
|
|
|
|
msgstr "**TLSv1.2**"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1482
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "*SSLv2*"
|
|
|
|
|
msgstr "*SSLv2*"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1483 library/ssl.rst:1485 library/ssl.rst:1487
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "yes"
|
|
|
|
|
msgstr "oui"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1483 library/ssl.rst:1486 library/ssl.rst:1487
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "no"
|
|
|
|
|
msgstr "non"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1484
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "no [1]_"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1483
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "*SSLv3*"
|
|
|
|
|
msgstr "*SSLv3*"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1484
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "no [2]_"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1484
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "*TLS* (*SSLv23*) [3]_"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1485
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "*TLSv1*"
|
|
|
|
|
msgstr "*TLSv1*"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1486
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "*TLSv1.1*"
|
|
|
|
|
msgstr "*TLSv1.1*"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1487
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "*TLSv1.2*"
|
|
|
|
|
msgstr "*TLSv1.2*"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1490
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "Footnotes"
|
|
|
|
|
msgstr "Notes"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1491
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ":class:`SSLContext` disables SSLv2 with :data:`OP_NO_SSLv2` by default."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1492
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ":class:`SSLContext` disables SSLv3 with :data:`OP_NO_SSLv3` by default."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1493
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"TLS 1.3 protocol will be available with :data:`PROTOCOL_TLS` in OpenSSL >= "
|
|
|
|
|
"1.1.1. There is no dedicated PROTOCOL constant for just TLS 1.3."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1498
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":func:`create_default_context` lets the :mod:`ssl` module choose security "
|
|
|
|
|
"settings for a given purpose."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1503
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The context is created with secure default values. The options :data:"
|
|
|
|
|
"`OP_NO_COMPRESSION`, :data:`OP_CIPHER_SERVER_PREFERENCE`, :data:"
|
|
|
|
|
"`OP_SINGLE_DH_USE`, :data:`OP_SINGLE_ECDH_USE`, :data:`OP_NO_SSLv2` (except "
|
|
|
|
|
"for :data:`PROTOCOL_SSLv2`), and :data:`OP_NO_SSLv3` (except for :data:"
|
|
|
|
|
"`PROTOCOL_SSLv3`) are set by default. The initial cipher suite list contains "
|
|
|
|
|
"only ``HIGH`` ciphers, no ``NULL`` ciphers and no ``MD5`` ciphers (except "
|
|
|
|
|
"for :data:`PROTOCOL_SSLv2`)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1514
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":class:`SSLContext` without protocol argument is deprecated. The context "
|
|
|
|
|
"class will either require :data:`PROTOCOL_TLS_CLIENT` or :data:"
|
|
|
|
|
"`PROTOCOL_TLS_SERVER` protocol in the future."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1520
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The default cipher suites now include only secure AES and ChaCha20 ciphers "
|
|
|
|
|
"with forward secrecy and security level 2. RSA and DH keys with less than "
|
|
|
|
|
"2048 bits and ECC keys with less than 224 bits are prohibited. :data:"
|
|
|
|
|
"`PROTOCOL_TLS`, :data:`PROTOCOL_TLS_CLIENT`, and :data:`PROTOCOL_TLS_SERVER` "
|
|
|
|
|
"use TLS 1.2 as minimum TLS version."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1527
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":class:`SSLContext` objects have the following methods and attributes:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1531
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Get statistics about quantities of loaded X.509 certificates, count of X.509 "
|
|
|
|
|
"certificates flagged as CA certificates and certificate revocation lists as "
|
|
|
|
|
"dictionary."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1535
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Example for a context with one CA cert and one other cert::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1545
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Load a private key and the corresponding certificate. The *certfile* string "
|
|
|
|
|
"must be the path to a single file in PEM format containing the certificate "
|
|
|
|
|
"as well as any number of CA certificates needed to establish the "
|
|
|
|
|
"certificate's authenticity. The *keyfile* string, if present, must point to "
|
2022-05-22 21:15:02 +00:00
|
|
|
|
"a file containing the private key. Otherwise the private key will be taken "
|
|
|
|
|
"from *certfile* as well. See the discussion of :ref:`ssl-certificates` for "
|
|
|
|
|
"more information on how the certificate is stored in the *certfile*."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1554
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The *password* argument may be a function to call to get the password for "
|
|
|
|
|
"decrypting the private key. It will only be called if the private key is "
|
|
|
|
|
"encrypted and a password is necessary. It will be called with no arguments, "
|
|
|
|
|
"and it should return a string, bytes, or bytearray. If the return value is "
|
|
|
|
|
"a string it will be encoded as UTF-8 before using it to decrypt the key. "
|
|
|
|
|
"Alternatively a string, bytes, or bytearray value may be supplied directly "
|
|
|
|
|
"as the *password* argument. It will be ignored if the private key is not "
|
|
|
|
|
"encrypted and no password is needed."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1563
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If the *password* argument is not specified and a password is required, "
|
|
|
|
|
"OpenSSL's built-in password prompting mechanism will be used to "
|
|
|
|
|
"interactively prompt the user for a password."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1567
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"An :class:`SSLError` is raised if the private key doesn't match with the "
|
|
|
|
|
"certificate."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1570
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "New optional argument *password*."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1575
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Load a set of default \"certification authority\" (CA) certificates from "
|
|
|
|
|
"default locations. On Windows it loads CA certs from the ``CA`` and ``ROOT`` "
|
2021-11-05 22:32:47 +00:00
|
|
|
|
"system stores. On all systems it calls :meth:`SSLContext."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"set_default_verify_paths`. In the future the method may load CA certificates "
|
|
|
|
|
"from other locations, too."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1581
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The *purpose* flag specifies what kind of CA certificates are loaded. The "
|
2023-07-23 12:39:39 +00:00
|
|
|
|
"default settings :const:`Purpose.SERVER_AUTH` loads certificates, that are "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"flagged and trusted for TLS web server authentication (client side "
|
2023-07-23 12:39:39 +00:00
|
|
|
|
"sockets). :const:`Purpose.CLIENT_AUTH` loads CA certificates for client "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"certificate verification on the server side."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1591
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Load a set of \"certification authority\" (CA) certificates used to validate "
|
|
|
|
|
"other peers' certificates when :data:`verify_mode` is other than :data:"
|
|
|
|
|
"`CERT_NONE`. At least one of *cafile* or *capath* must be specified."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1595
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This method can also load certification revocation lists (CRLs) in PEM or "
|
|
|
|
|
"DER format. In order to make use of CRLs, :attr:`SSLContext.verify_flags` "
|
|
|
|
|
"must be configured properly."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1599
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The *cafile* string, if present, is the path to a file of concatenated CA "
|
|
|
|
|
"certificates in PEM format. See the discussion of :ref:`ssl-certificates` "
|
|
|
|
|
"for more information about how to arrange the certificates in this file."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1604
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The *capath* string, if present, is the path to a directory containing "
|
|
|
|
|
"several CA certificates in PEM format, following an `OpenSSL specific layout "
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"<https://www.openssl.org/docs/manmaster/man3/SSL_CTX_load_verify_locations."
|
2018-01-04 14:57:05 +00:00
|
|
|
|
"html>`_."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1609
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The *cadata* object, if present, is either an ASCII string of one or more "
|
|
|
|
|
"PEM-encoded certificates or a :term:`bytes-like object` of DER-encoded "
|
|
|
|
|
"certificates. Like with *capath* extra lines around PEM-encoded certificates "
|
|
|
|
|
"are ignored but at least one certificate must be present."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1614
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "New optional argument *cadata*"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1619
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Get a list of loaded \"certification authority\" (CA) certificates. If the "
|
|
|
|
|
"``binary_form`` parameter is :const:`False` each list entry is a dict like "
|
|
|
|
|
"the output of :meth:`SSLSocket.getpeercert`. Otherwise the method returns a "
|
|
|
|
|
"list of DER-encoded certificates. The returned list does not contain "
|
|
|
|
|
"certificates from *capath* unless a certificate was requested and loaded by "
|
|
|
|
|
"a SSL connection."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1627
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Certificates in a capath directory aren't loaded unless they have been used "
|
|
|
|
|
"at least once."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1634
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Get a list of enabled ciphers. The list is in order of cipher priority. See :"
|
|
|
|
|
"meth:`SSLContext.set_ciphers`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1671
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Load a set of default \"certification authority\" (CA) certificates from a "
|
|
|
|
|
"filesystem path defined when building the OpenSSL library. Unfortunately, "
|
|
|
|
|
"there's no easy way to know whether this method succeeds: no error is "
|
|
|
|
|
"returned if no certificates are to be found. When the OpenSSL library is "
|
|
|
|
|
"provided as part of the operating system, though, it is likely to be "
|
|
|
|
|
"configured properly."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1680
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Set the available ciphers for sockets created with this context. It should "
|
2018-08-13 13:12:45 +00:00
|
|
|
|
"be a string in the `OpenSSL cipher list format <https://www.openssl.org/docs/"
|
|
|
|
|
"manmaster/man1/ciphers.html>`_. If no cipher can be selected (because "
|
|
|
|
|
"compile-time options or other configuration forbids use of all the specified "
|
|
|
|
|
"ciphers), an :class:`SSLError` will be raised."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1688
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"when connected, the :meth:`SSLSocket.cipher` method of SSL sockets will give "
|
|
|
|
|
"the currently selected cipher."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1691
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"TLS 1.3 cipher suites cannot be disabled with :meth:`~SSLContext."
|
|
|
|
|
"set_ciphers`."
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1696
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Specify which protocols the socket should advertise during the SSL/TLS "
|
|
|
|
|
"handshake. It should be a list of ASCII strings, like ``['http/1.1', "
|
|
|
|
|
"'spdy/2']``, ordered by preference. The selection of a protocol will happen "
|
|
|
|
|
"during the handshake, and will play out according to :rfc:`7301`. After a "
|
|
|
|
|
"successful handshake, the :meth:`SSLSocket.selected_alpn_protocol` method "
|
|
|
|
|
"will return the agreed-upon protocol."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1703
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This method will raise :exc:`NotImplementedError` if :data:`HAS_ALPN` is "
|
2019-11-15 22:57:16 +00:00
|
|
|
|
"``False``."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1710
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Specify which protocols the socket should advertise during the SSL/TLS "
|
|
|
|
|
"handshake. It should be a list of strings, like ``['http/1.1', 'spdy/2']``, "
|
|
|
|
|
"ordered by preference. The selection of a protocol will happen during the "
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"handshake, and will play out according to the `Application Layer Protocol "
|
|
|
|
|
"Negotiation <https://en.wikipedia.org/wiki/Application-"
|
|
|
|
|
"Layer_Protocol_Negotiation>`_. After a successful handshake, the :meth:"
|
|
|
|
|
"`SSLSocket.selected_npn_protocol` method will return the agreed-upon "
|
|
|
|
|
"protocol."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1718
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This method will raise :exc:`NotImplementedError` if :data:`HAS_NPN` is "
|
2019-11-15 22:57:16 +00:00
|
|
|
|
"``False``."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1729
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Register a callback function that will be called after the TLS Client Hello "
|
|
|
|
|
"handshake message has been received by the SSL/TLS server when the TLS "
|
|
|
|
|
"client specifies a server name indication. The server name indication "
|
|
|
|
|
"mechanism is specified in :rfc:`6066` section 3 - Server Name Indication."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1734
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"Only one callback can be set per ``SSLContext``. If *sni_callback* is set "
|
|
|
|
|
"to ``None`` then the callback is disabled. Calling this function a "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"subsequent time will disable the previously registered callback."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1738
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"The callback function will be called with three arguments; the first being "
|
|
|
|
|
"the :class:`ssl.SSLSocket`, the second is a string that represents the "
|
|
|
|
|
"server name that the client is intending to communicate (or :const:`None` if "
|
|
|
|
|
"the TLS Client Hello does not contain a server name) and the third argument "
|
|
|
|
|
"is the original :class:`SSLContext`. The server name argument is text. For "
|
|
|
|
|
"internationalized domain name, the server name is an IDN A-label (``\"xn--"
|
|
|
|
|
"pythn-mua.org\"``)."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1746
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"A typical use of this callback is to change the :class:`ssl.SSLSocket`'s :"
|
|
|
|
|
"attr:`SSLSocket.context` attribute to a new object of type :class:"
|
|
|
|
|
"`SSLContext` representing a certificate chain that matches the server name."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1751
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Due to the early negotiation phase of the TLS connection, only limited "
|
|
|
|
|
"methods and attributes are usable like :meth:`SSLSocket."
|
2022-03-23 17:40:12 +00:00
|
|
|
|
"selected_alpn_protocol` and :attr:`SSLSocket.context`. The :meth:`SSLSocket."
|
|
|
|
|
"getpeercert`, :meth:`SSLSocket.cipher` and :meth:`SSLSocket.compression` "
|
|
|
|
|
"methods require that the TLS connection has progressed beyond the TLS Client "
|
|
|
|
|
"Hello and therefore will not return meaningful values nor can they be called "
|
|
|
|
|
"safely."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1759
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"The *sni_callback* function must return ``None`` to allow the TLS "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"negotiation to continue. If a TLS failure is required, a constant :const:"
|
|
|
|
|
"`ALERT_DESCRIPTION_* <ALERT_DESCRIPTION_INTERNAL_ERROR>` can be returned. "
|
|
|
|
|
"Other return values will result in a TLS fatal error with :const:"
|
|
|
|
|
"`ALERT_DESCRIPTION_INTERNAL_ERROR`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1765
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"If an exception is raised from the *sni_callback* function the TLS "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"connection will terminate with a fatal TLS alert message :const:"
|
|
|
|
|
"`ALERT_DESCRIPTION_HANDSHAKE_FAILURE`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1769
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This method will raise :exc:`NotImplementedError` if the OpenSSL library had "
|
|
|
|
|
"OPENSSL_NO_TLSEXT defined when it was built."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1776
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This is a legacy API retained for backwards compatibility. When possible, "
|
|
|
|
|
"you should use :attr:`sni_callback` instead. The given "
|
|
|
|
|
"*server_name_callback* is similar to *sni_callback*, except that when the "
|
|
|
|
|
"server hostname is an IDN-encoded internationalized domain name, the "
|
|
|
|
|
"*server_name_callback* receives a decoded U-label (``\"pythön.org\"``)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1782
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If there is an decoding error on the server name, the TLS connection will "
|
|
|
|
|
"terminate with an :const:`ALERT_DESCRIPTION_INTERNAL_ERROR` fatal TLS alert "
|
|
|
|
|
"message to the client."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1790
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-03-23 08:57:03 +00:00
|
|
|
|
"Load the key generation parameters for Diffie-Hellman (DH) key exchange. "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"Using DH key exchange improves forward secrecy at the expense of "
|
|
|
|
|
"computational resources (both on the server and on the client). The *dhfile* "
|
|
|
|
|
"parameter should be the path to a file containing DH parameters in PEM "
|
|
|
|
|
"format."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1796
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This setting doesn't apply to client sockets. You can also use the :data:"
|
|
|
|
|
"`OP_SINGLE_DH_USE` option to further improve security."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1803
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Set the curve name for Elliptic Curve-based Diffie-Hellman (ECDH) key "
|
|
|
|
|
"exchange. ECDH is significantly faster than regular DH while arguably as "
|
|
|
|
|
"secure. The *curve_name* parameter should be a string describing a well-"
|
|
|
|
|
"known elliptic curve, for example ``prime256v1`` for a widely supported "
|
|
|
|
|
"curve."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1809
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This setting doesn't apply to client sockets. You can also use the :data:"
|
|
|
|
|
"`OP_SINGLE_ECDH_USE` option to further improve security."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1812
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "This method is not available if :data:`HAS_ECDH` is ``False``."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1817
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2023-07-23 12:39:39 +00:00
|
|
|
|
"`SSL/TLS & Perfect Forward Secrecy <https://vincent.bernat.ch/en/blog/2011-"
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"ssl-perfect-forward-secrecy>`_"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1818
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Vincent Bernat."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1824
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Wrap an existing Python socket *sock* and return an instance of :attr:"
|
|
|
|
|
"`SSLContext.sslsocket_class` (default :class:`SSLSocket`). The returned SSL "
|
|
|
|
|
"socket is tied to the context, its settings and certificates. *sock* must be "
|
2023-07-23 12:39:39 +00:00
|
|
|
|
"a :const:`~socket.SOCK_STREAM` socket; other socket types are unsupported."
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1830
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"The parameter ``server_side`` is a boolean which identifies whether server-"
|
|
|
|
|
"side or client-side behavior is desired from this socket."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1833
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"For client-side sockets, the context construction is lazy; if the underlying "
|
|
|
|
|
"socket isn't connected yet, the context construction will be performed "
|
|
|
|
|
"after :meth:`connect` is called on the socket. For server-side sockets, if "
|
|
|
|
|
"the socket has no remote peer, it is assumed to be a listening socket, and "
|
|
|
|
|
"the server-side SSL wrapping is automatically performed on client "
|
|
|
|
|
"connections accepted via the :meth:`accept` method. The method may raise :"
|
|
|
|
|
"exc:`SSLError`."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1841
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"On client connections, the optional parameter *server_hostname* specifies "
|
|
|
|
|
"the hostname of the service which we are connecting to. This allows a "
|
|
|
|
|
"single server to host multiple SSL-based services with distinct "
|
|
|
|
|
"certificates, quite similarly to HTTP virtual hosts. Specifying "
|
|
|
|
|
"*server_hostname* will raise a :exc:`ValueError` if *server_side* is true."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1847
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The parameter ``do_handshake_on_connect`` specifies whether to do the SSL "
|
|
|
|
|
"handshake automatically after doing a :meth:`socket.connect`, or whether the "
|
|
|
|
|
"application program will call it explicitly, by invoking the :meth:"
|
|
|
|
|
"`SSLSocket.do_handshake` method. Calling :meth:`SSLSocket.do_handshake` "
|
|
|
|
|
"explicitly gives the program control over the blocking behavior of the "
|
|
|
|
|
"socket I/O involved in the handshake."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1854
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The parameter ``suppress_ragged_eofs`` specifies how the :meth:`SSLSocket."
|
|
|
|
|
"recv` method should signal unexpected EOF from the other end of the "
|
|
|
|
|
"connection. If specified as :const:`True` (the default), it returns a "
|
|
|
|
|
"normal EOF (an empty bytes object) in response to unexpected EOF errors "
|
|
|
|
|
"raised from the underlying socket; if :const:`False`, it will raise the "
|
|
|
|
|
"exceptions back to the caller."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1861
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "*session*, see :attr:`~SSLSocket.session`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1863
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Always allow a server_hostname to be passed, even if OpenSSL does not have "
|
|
|
|
|
"SNI."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1893
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "*session* argument was added."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1870
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
2022-03-23 17:40:12 +00:00
|
|
|
|
"The method returns an instance of :attr:`SSLContext.sslsocket_class` instead "
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"of hard-coded :class:`SSLSocket`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1876
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
2019-09-04 09:35:23 +00:00
|
|
|
|
"The return type of :meth:`SSLContext.wrap_socket`, defaults to :class:"
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"`SSLSocket`. The attribute can be overridden on instance of class in order "
|
|
|
|
|
"to return a custom subclass of :class:`SSLSocket`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1885
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2019-09-04 09:35:23 +00:00
|
|
|
|
"Wrap the BIO objects *incoming* and *outgoing* and return an instance of :"
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"attr:`SSLContext.sslobject_class` (default :class:`SSLObject`). The SSL "
|
|
|
|
|
"routines will read input data from the incoming BIO and write data to the "
|
|
|
|
|
"outgoing BIO."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1890
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The *server_side*, *server_hostname* and *session* parameters have the same "
|
|
|
|
|
"meaning as in :meth:`SSLContext.wrap_socket`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1896
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
2022-03-23 17:40:12 +00:00
|
|
|
|
"The method returns an instance of :attr:`SSLContext.sslobject_class` instead "
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"of hard-coded :class:`SSLObject`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1902
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The return type of :meth:`SSLContext.wrap_bio`, defaults to :class:"
|
|
|
|
|
"`SSLObject`. The attribute can be overridden on instance of class in order "
|
|
|
|
|
"to return a custom subclass of :class:`SSLObject`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1910
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Get statistics about the SSL sessions created or managed by this context. A "
|
|
|
|
|
"dictionary is returned which maps the names of each `piece of information "
|
2023-01-15 21:42:07 +00:00
|
|
|
|
"<https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_number.html>`_ to "
|
2018-01-04 14:57:05 +00:00
|
|
|
|
"their numeric values. For example, here is the total number of hits and "
|
|
|
|
|
"misses in the session cache since the context was created::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1921
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2021-05-26 17:39:06 +00:00
|
|
|
|
"Whether to match the peer cert's hostname in :meth:`SSLSocket.do_handshake`. "
|
|
|
|
|
"The context's :attr:`~SSLContext.verify_mode` must be set to :data:"
|
|
|
|
|
"`CERT_OPTIONAL` or :data:`CERT_REQUIRED`, and you must pass "
|
|
|
|
|
"*server_hostname* to :meth:`~SSLContext.wrap_socket` in order to match the "
|
|
|
|
|
"hostname. Enabling hostname checking automatically sets :attr:`~SSLContext."
|
|
|
|
|
"verify_mode` from :data:`CERT_NONE` to :data:`CERT_REQUIRED`. It cannot be "
|
|
|
|
|
"set back to :data:`CERT_NONE` as long as hostname checking is enabled. The :"
|
|
|
|
|
"data:`PROTOCOL_TLS_CLIENT` protocol enables hostname checking by default. "
|
|
|
|
|
"With other protocols, hostname checking must be enabled explicitly."
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1949
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":attr:`~SSLContext.verify_mode` is now automatically changed to :data:"
|
|
|
|
|
"`CERT_REQUIRED` when hostname checking is enabled and :attr:`~SSLContext."
|
|
|
|
|
"verify_mode` is :data:`CERT_NONE`. Previously the same operation would have "
|
|
|
|
|
"failed with a :exc:`ValueError`."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1956
|
2019-09-04 09:35:23 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Write TLS keys to a keylog file, whenever key material is generated or "
|
|
|
|
|
"received. The keylog file is designed for debugging purposes only. The file "
|
|
|
|
|
"format is specified by NSS and used by many traffic analyzers such as "
|
|
|
|
|
"Wireshark. The log file is opened in append-only mode. Writes are "
|
|
|
|
|
"synchronized between threads, but not between processes."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1966
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"A :class:`TLSVersion` enum member representing the highest supported TLS "
|
|
|
|
|
"version. The value defaults to :attr:`TLSVersion.MAXIMUM_SUPPORTED`. The "
|
|
|
|
|
"attribute is read-only for protocols other than :attr:`PROTOCOL_TLS`, :attr:"
|
|
|
|
|
"`PROTOCOL_TLS_CLIENT`, and :attr:`PROTOCOL_TLS_SERVER`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1971
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The attributes :attr:`~SSLContext.maximum_version`, :attr:`~SSLContext."
|
|
|
|
|
"minimum_version` and :attr:`SSLContext.options` all affect the supported SSL "
|
|
|
|
|
"and TLS versions of the context. The implementation does not prevent invalid "
|
|
|
|
|
"combination. For example a context with :attr:`OP_NO_TLSv1_2` in :attr:"
|
|
|
|
|
"`~SSLContext.options` and :attr:`~SSLContext.maximum_version` set to :attr:"
|
|
|
|
|
"`TLSVersion.TLSv1_2` will not be able to establish a TLS 1.2 connection."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1984
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Like :attr:`SSLContext.maximum_version` except it is the lowest supported "
|
|
|
|
|
"version or :attr:`TLSVersion.MINIMUM_SUPPORTED`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1991
|
2019-09-04 09:35:23 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Control the number of TLS 1.3 session tickets of a :attr:"
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"`PROTOCOL_TLS_SERVER` context. The setting has no impact on TLS 1.0 to 1.2 "
|
2019-09-04 09:35:23 +00:00
|
|
|
|
"connections."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:1999
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"An integer representing the set of SSL options enabled on this context. The "
|
|
|
|
|
"default value is :data:`OP_ALL`, but you can specify other options such as :"
|
|
|
|
|
"data:`OP_NO_SSLv2` by ORing them together."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2003
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ":attr:`SSLContext.options` returns :class:`Options` flags:"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2011
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"All ``OP_NO_SSL*`` and ``OP_NO_TLS*`` options have been deprecated since "
|
|
|
|
|
"Python 3.7. Use :attr:`SSLContext.minimum_version` and :attr:`SSLContext."
|
|
|
|
|
"maximum_version` instead."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2017
|
2018-10-13 15:54:03 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Enable TLS 1.3 post-handshake client authentication. Post-handshake auth is "
|
|
|
|
|
"disabled by default and a server can only request a TLS client certificate "
|
|
|
|
|
"during the initial handshake. When enabled, a server may request a TLS "
|
|
|
|
|
"client certificate at any time after the handshake."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2022
|
2018-10-13 15:54:03 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"When enabled on client-side sockets, the client signals the server that it "
|
|
|
|
|
"supports post-handshake authentication."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2025
|
2018-10-13 15:54:03 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"When enabled on server-side sockets, :attr:`SSLContext.verify_mode` must be "
|
|
|
|
|
"set to :data:`CERT_OPTIONAL` or :data:`CERT_REQUIRED`, too. The actual "
|
|
|
|
|
"client cert exchange is delayed until :meth:`SSLSocket."
|
|
|
|
|
"verify_client_post_handshake` is called and some I/O is performed."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2035
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The protocol version chosen when constructing the context. This attribute "
|
|
|
|
|
"is read-only."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2040
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Whether :attr:`~SSLContext.check_hostname` falls back to verify the cert's "
|
|
|
|
|
"subject common name in the absence of a subject alternative name extension "
|
|
|
|
|
"(default: true)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2048
|
2021-05-26 17:39:06 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The flag had no effect with OpenSSL before version 1.1.1k. Python 3.8.9, "
|
|
|
|
|
"3.9.3, and 3.10 include workarounds for previous versions."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2053
|
2021-09-24 08:20:01 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"An integer representing the `security level <https://www.openssl.org/docs/"
|
|
|
|
|
"manmaster/man3/SSL_CTX_get_security_level.html>`_ for the context. This "
|
|
|
|
|
"attribute is read-only."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2061
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The flags for certificate verification operations. You can set flags like :"
|
|
|
|
|
"data:`VERIFY_CRL_CHECK_LEAF` by ORing them together. By default OpenSSL does "
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"neither require nor verify certificate revocation lists (CRLs)."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2067
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":attr:`SSLContext.verify_flags` returns :class:`VerifyFlags` flags:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2075
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Whether to try to verify other peers' certificates and how to behave if "
|
|
|
|
|
"verification fails. This attribute must be one of :data:`CERT_NONE`, :data:"
|
|
|
|
|
"`CERT_OPTIONAL` or :data:`CERT_REQUIRED`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2079
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":attr:`SSLContext.verify_mode` returns :class:`VerifyMode` enum:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2092
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Certificates"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2094
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Certificates in general are part of a public-key / private-key system. In "
|
|
|
|
|
"this system, each *principal*, (which may be a machine, or a person, or an "
|
|
|
|
|
"organization) is assigned a unique two-part encryption key. One part of the "
|
|
|
|
|
"key is public, and is called the *public key*; the other part is kept "
|
|
|
|
|
"secret, and is called the *private key*. The two parts are related, in that "
|
|
|
|
|
"if you encrypt a message with one of the parts, you can decrypt it with the "
|
|
|
|
|
"other part, and **only** with the other part."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2102
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"A certificate contains information about two principals. It contains the "
|
|
|
|
|
"name of a *subject*, and the subject's public key. It also contains a "
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"statement by a second principal, the *issuer*, that the subject is who they "
|
|
|
|
|
"claim to be, and that this is indeed the subject's public key. The issuer's "
|
|
|
|
|
"statement is signed with the issuer's private key, which only the issuer "
|
|
|
|
|
"knows. However, anyone can verify the issuer's statement by finding the "
|
|
|
|
|
"issuer's public key, decrypting the statement with it, and comparing it to "
|
|
|
|
|
"the other information in the certificate. The certificate also contains "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"information about the time period over which it is valid. This is expressed "
|
|
|
|
|
"as two fields, called \"notBefore\" and \"notAfter\"."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2112
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"In the Python use of certificates, a client or server can use a certificate "
|
|
|
|
|
"to prove who they are. The other side of a network connection can also be "
|
|
|
|
|
"required to produce a certificate, and that certificate can be validated to "
|
|
|
|
|
"the satisfaction of the client or server that requires such validation. The "
|
|
|
|
|
"connection attempt can be set to raise an exception if the validation fails. "
|
|
|
|
|
"Validation is done automatically, by the underlying OpenSSL framework; the "
|
|
|
|
|
"application need not concern itself with its mechanics. But the application "
|
|
|
|
|
"does usually need to provide sets of certificates to allow this process to "
|
|
|
|
|
"take place."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2122
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2022-03-23 17:40:12 +00:00
|
|
|
|
"Python uses files to contain certificates. They should be formatted as "
|
|
|
|
|
"\"PEM\" (see :rfc:`1422`), which is a base-64 encoded form wrapped with a "
|
|
|
|
|
"header line and a footer line::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2131
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Certificate chains"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2133
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The Python files which contain certificates can contain a sequence of "
|
|
|
|
|
"certificates, sometimes called a *certificate chain*. This chain should "
|
|
|
|
|
"start with the specific certificate for the principal who \"is\" the client "
|
|
|
|
|
"or server, and then the certificate for the issuer of that certificate, and "
|
|
|
|
|
"then the certificate for the issuer of *that* certificate, and so on up the "
|
|
|
|
|
"chain till you get to a certificate which is *self-signed*, that is, a "
|
|
|
|
|
"certificate which has the same subject and issuer, sometimes called a *root "
|
|
|
|
|
"certificate*. The certificates should just be concatenated together in the "
|
|
|
|
|
"certificate file. For example, suppose we had a three certificate chain, "
|
|
|
|
|
"from our server certificate to the certificate of the certification "
|
|
|
|
|
"authority that signed our server certificate, to the root certificate of the "
|
|
|
|
|
"agency which issued the certification authority's certificate::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2157
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "CA certificates"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2159
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If you are going to require validation of the other side of the connection's "
|
|
|
|
|
"certificate, you need to provide a \"CA certs\" file, filled with the "
|
|
|
|
|
"certificate chains for each issuer you are willing to trust. Again, this "
|
|
|
|
|
"file just contains these chains concatenated together. For validation, "
|
|
|
|
|
"Python will use the first chain it finds in the file which matches. The "
|
|
|
|
|
"platform's certificates file can be used by calling :meth:`SSLContext."
|
|
|
|
|
"load_default_certs`, this is done automatically with :func:`."
|
|
|
|
|
"create_default_context`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2168
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Combined key and certificate"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2170
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Often the private key is stored in the same file as the certificate; in this "
|
|
|
|
|
"case, only the ``certfile`` parameter to :meth:`SSLContext.load_cert_chain` "
|
|
|
|
|
"and :func:`wrap_socket` needs to be passed. If the private key is stored "
|
|
|
|
|
"with the certificate, it should come before the first certificate in the "
|
|
|
|
|
"certificate chain::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2184
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Self-signed certificates"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2186
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If you are going to create a server that provides SSL-encrypted connection "
|
|
|
|
|
"services, you will need to acquire a certificate for that service. There "
|
|
|
|
|
"are many ways of acquiring appropriate certificates, such as buying one from "
|
|
|
|
|
"a certification authority. Another common practice is to generate a self-"
|
|
|
|
|
"signed certificate. The simplest way to do this is with the OpenSSL "
|
|
|
|
|
"package, using something like the following::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2215
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The disadvantage of a self-signed certificate is that it is its own root "
|
|
|
|
|
"certificate, and no one else will have it in their cache of known (and "
|
|
|
|
|
"trusted) root certificates."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2221
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Examples"
|
|
|
|
|
msgstr "Exemples"
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2224
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Testing for SSL support"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2226
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"To test for the presence of SSL support in a Python installation, user code "
|
|
|
|
|
"should use the following idiom::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2237
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Client-side operation"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2239
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This example creates a SSL context with the recommended security settings "
|
|
|
|
|
"for client sockets, including automatic certificate verification::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2244
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If you prefer to tune security settings yourself, you might create a context "
|
|
|
|
|
"from scratch (but beware that you might not get the settings right)::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2251
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"(this snippet assumes your operating system places a bundle of all CA "
|
|
|
|
|
"certificates in ``/etc/ssl/certs/ca-bundle.crt``; if not, you'll get an "
|
|
|
|
|
"error and have to adjust the location)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2255
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2019-10-09 16:10:12 +00:00
|
|
|
|
"The :data:`PROTOCOL_TLS_CLIENT` protocol configures the context for cert "
|
|
|
|
|
"validation and hostname verification. :attr:`~SSLContext.verify_mode` is set "
|
|
|
|
|
"to :data:`CERT_REQUIRED` and :attr:`~SSLContext.check_hostname` is set to "
|
|
|
|
|
"``True``. All other protocols create SSL contexts with insecure defaults."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2260
|
2019-10-09 16:10:12 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"When you use the context to connect to a server, :const:`CERT_REQUIRED` and :"
|
|
|
|
|
"attr:`~SSLContext.check_hostname` validate the server certificate: it "
|
|
|
|
|
"ensures that the server certificate was signed with one of the CA "
|
|
|
|
|
"certificates, checks the signature for correctness, and verifies other "
|
|
|
|
|
"properties like validity and identity of the hostname::"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2270
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "You may then fetch the certificate::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2274
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Visual inspection shows that the certificate does identify the desired "
|
|
|
|
|
"service (that is, the HTTPS host ``www.python.org``)::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2317
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Now the SSL channel is established and the certificate verified, you can "
|
|
|
|
|
"proceed to talk with the server::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2344
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Server-side operation"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2346
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"For server operation, typically you'll need to have a server certificate, "
|
|
|
|
|
"and private key, each in a file. You'll first create a context holding the "
|
|
|
|
|
"key and the certificate, so that clients can check your authenticity. Then "
|
|
|
|
|
"you'll open a socket, bind it to a port, call :meth:`listen` on it, and "
|
|
|
|
|
"start waiting for clients to connect::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2361
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"When a client connects, you'll call :meth:`accept` on the socket to get the "
|
|
|
|
|
"new socket from the other end, and use the context's :meth:`SSLContext."
|
|
|
|
|
"wrap_socket` method to create a server-side SSL socket for the connection::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2374
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Then you'll read data from the ``connstream`` and do something with it till "
|
|
|
|
|
"you are finished with the client (or the client is finished with you)::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2388
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"And go back to listening for new client connections (of course, a real "
|
|
|
|
|
"server would probably handle each client connection in a separate thread, or "
|
|
|
|
|
"put the sockets in :ref:`non-blocking mode <ssl-nonblocking>` and use an "
|
|
|
|
|
"event loop)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2396
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Notes on non-blocking sockets"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2398
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"SSL sockets behave slightly different than regular sockets in non-blocking "
|
|
|
|
|
"mode. When working with non-blocking sockets, there are thus several things "
|
|
|
|
|
"you need to be aware of:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2402
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Most :class:`SSLSocket` methods will raise either :exc:`SSLWantWriteError` "
|
|
|
|
|
"or :exc:`SSLWantReadError` instead of :exc:`BlockingIOError` if an I/O "
|
|
|
|
|
"operation would block. :exc:`SSLWantReadError` will be raised if a read "
|
|
|
|
|
"operation on the underlying socket is necessary, and :exc:"
|
|
|
|
|
"`SSLWantWriteError` for a write operation on the underlying socket. Note "
|
|
|
|
|
"that attempts to *write* to an SSL socket may require *reading* from the "
|
|
|
|
|
"underlying socket first, and attempts to *read* from the SSL socket may "
|
|
|
|
|
"require a prior *write* to the underlying socket."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2414
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"In earlier Python versions, the :meth:`!SSLSocket.send` method returned zero "
|
|
|
|
|
"instead of raising :exc:`SSLWantWriteError` or :exc:`SSLWantReadError`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2418
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Calling :func:`~select.select` tells you that the OS-level socket can be "
|
|
|
|
|
"read from (or written to), but it does not imply that there is sufficient "
|
|
|
|
|
"data at the upper SSL layer. For example, only part of an SSL frame might "
|
|
|
|
|
"have arrived. Therefore, you must be ready to handle :meth:`SSLSocket.recv` "
|
|
|
|
|
"and :meth:`SSLSocket.send` failures, and retry after another call to :func:"
|
|
|
|
|
"`~select.select`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2425
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Conversely, since the SSL layer has its own framing, a SSL socket may still "
|
|
|
|
|
"have data available for reading without :func:`~select.select` being aware "
|
|
|
|
|
"of it. Therefore, you should first call :meth:`SSLSocket.recv` to drain any "
|
|
|
|
|
"potentially available data, and then only block on a :func:`~select.select` "
|
|
|
|
|
"call if still necessary."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2431
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"(of course, similar provisions apply when using other primitives such as :"
|
|
|
|
|
"func:`~select.poll`, or those in the :mod:`selectors` module)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2434
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The SSL handshake itself will be non-blocking: the :meth:`SSLSocket."
|
|
|
|
|
"do_handshake` method has to be retried until it returns successfully. Here "
|
|
|
|
|
"is a synopsis using :func:`~select.select` to wait for the socket's "
|
|
|
|
|
"readiness::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2450
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The :mod:`asyncio` module supports :ref:`non-blocking SSL sockets <ssl-"
|
|
|
|
|
"nonblocking>` and provides a higher level API. It polls for events using "
|
|
|
|
|
"the :mod:`selectors` module and handles :exc:`SSLWantWriteError`, :exc:"
|
|
|
|
|
"`SSLWantReadError` and :exc:`BlockingIOError` exceptions. It runs the SSL "
|
|
|
|
|
"handshake asynchronously as well."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2459
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Memory BIO Support"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2463
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Ever since the SSL module was introduced in Python 2.6, the :class:"
|
|
|
|
|
"`SSLSocket` class has provided two related but distinct areas of "
|
|
|
|
|
"functionality:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2466
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSL protocol handling"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2467
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Network IO"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2469
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The network IO API is identical to that provided by :class:`socket.socket`, "
|
|
|
|
|
"from which :class:`SSLSocket` also inherits. This allows an SSL socket to be "
|
|
|
|
|
"used as a drop-in replacement for a regular socket, making it very easy to "
|
|
|
|
|
"add SSL support to an existing application."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2474
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Combining SSL protocol handling and network IO usually works well, but there "
|
|
|
|
|
"are some cases where it doesn't. An example is async IO frameworks that want "
|
|
|
|
|
"to use a different IO multiplexing model than the \"select/poll on a file "
|
|
|
|
|
"descriptor\" (readiness based) model that is assumed by :class:`socket."
|
|
|
|
|
"socket` and by the internal OpenSSL socket IO routines. This is mostly "
|
|
|
|
|
"relevant for platforms like Windows where this model is not efficient. For "
|
|
|
|
|
"this purpose, a reduced scope variant of :class:`SSLSocket` called :class:"
|
|
|
|
|
"`SSLObject` is provided."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2485
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"A reduced-scope variant of :class:`SSLSocket` representing an SSL protocol "
|
|
|
|
|
"instance that does not contain any network IO methods. This class is "
|
|
|
|
|
"typically used by framework authors that want to implement asynchronous IO "
|
|
|
|
|
"for SSL through memory buffers."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2490
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"This class implements an interface on top of a low-level SSL object as "
|
|
|
|
|
"implemented by OpenSSL. This object captures the state of an SSL connection "
|
|
|
|
|
"but does not provide any network IO itself. IO needs to be performed through "
|
|
|
|
|
"separate \"BIO\" objects which are OpenSSL's IO abstraction layer."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2495
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-28 13:32:56 +00:00
|
|
|
|
"This class has no public constructor. An :class:`SSLObject` instance must "
|
|
|
|
|
"be created using the :meth:`~SSLContext.wrap_bio` method. This method will "
|
|
|
|
|
"create the :class:`SSLObject` instance and bind it to a pair of BIOs. The "
|
|
|
|
|
"*incoming* BIO is used to pass data from Python to the SSL protocol "
|
|
|
|
|
"instance, while the *outgoing* BIO is used to pass data the other way around."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2502
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "The following methods are available:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2504
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":attr:`~SSLSocket.context`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":attr:`~SSLSocket.context`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2505
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":attr:`~SSLSocket.server_side`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":attr:`~SSLSocket.server_side`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2506
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":attr:`~SSLSocket.server_hostname`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":attr:`~SSLSocket.server_hostname`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2507
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":attr:`~SSLSocket.session`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":attr:`~SSLSocket.session`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2508
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":attr:`~SSLSocket.session_reused`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":attr:`~SSLSocket.session_reused`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2509
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.read`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.read`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2510
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.write`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.write`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2511
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.getpeercert`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.getpeercert`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2512
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.selected_alpn_protocol`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.selected_alpn_protocol`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2513
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.selected_npn_protocol`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.selected_npn_protocol`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2514
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.cipher`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.cipher`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2515
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.shared_ciphers`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.shared_ciphers`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2516
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.compression`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.compression`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2517
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.pending`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.pending`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2518
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.do_handshake`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.do_handshake`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2519
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.verify_client_post_handshake`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.verify_client_post_handshake`"
|
2020-07-20 08:56:42 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2520
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.unwrap`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.unwrap`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2521
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.get_channel_binding`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.get_channel_binding`"
|
2020-07-20 08:56:42 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2522
|
2020-07-20 08:56:42 +00:00
|
|
|
|
msgid ":meth:`~SSLSocket.version`"
|
2022-05-18 15:49:15 +00:00
|
|
|
|
msgstr ":meth:`~SSLSocket.version`"
|
2020-07-20 08:56:42 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2524
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"When compared to :class:`SSLSocket`, this object lacks the following "
|
|
|
|
|
"features:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2527
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2017-08-01 11:29:09 +00:00
|
|
|
|
"Any form of network IO; ``recv()`` and ``send()`` read and write only to the "
|
|
|
|
|
"underlying :class:`MemoryBIO` buffers."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2530
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"There is no *do_handshake_on_connect* machinery. You must always manually "
|
|
|
|
|
"call :meth:`~SSLSocket.do_handshake` to start the handshake."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2533
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"There is no handling of *suppress_ragged_eofs*. All end-of-file conditions "
|
|
|
|
|
"that are in violation of the protocol are reported via the :exc:"
|
|
|
|
|
"`SSLEOFError` exception."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2537
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The method :meth:`~SSLSocket.unwrap` call does not return anything, unlike "
|
|
|
|
|
"for an SSL socket where it returns the underlying socket."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2540
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The *server_name_callback* callback passed to :meth:`SSLContext."
|
|
|
|
|
"set_servername_callback` will get an :class:`SSLObject` instance instead of "
|
|
|
|
|
"a :class:`SSLSocket` instance as its first parameter."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2544
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Some notes related to the use of :class:`SSLObject`:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2546
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"All IO on an :class:`SSLObject` is :ref:`non-blocking <ssl-nonblocking>`. "
|
|
|
|
|
"This means that for example :meth:`~SSLSocket.read` will raise an :exc:"
|
|
|
|
|
"`SSLWantReadError` if it needs more data than the incoming BIO has available."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2551
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"There is no module-level ``wrap_bio()`` call like there is for :meth:"
|
|
|
|
|
"`~SSLContext.wrap_socket`. An :class:`SSLObject` is always created via an :"
|
|
|
|
|
"class:`SSLContext`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2555
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
":class:`SSLObject` instances must to created with :meth:`~SSLContext."
|
|
|
|
|
"wrap_bio`. In earlier versions, it was possible to create instances "
|
|
|
|
|
"directly. This was never documented or officially supported."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2561
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"An SSLObject communicates with the outside world using memory buffers. The "
|
|
|
|
|
"class :class:`MemoryBIO` provides a memory buffer that can be used for this "
|
|
|
|
|
"purpose. It wraps an OpenSSL memory BIO (Basic IO) object:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2567
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"A memory buffer that can be used to pass data between Python and an SSL "
|
|
|
|
|
"protocol instance."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2572
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Return the number of bytes currently in the memory buffer."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2576
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"A boolean indicating whether the memory BIO is current at the end-of-file "
|
|
|
|
|
"position."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2581
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Read up to *n* bytes from the memory buffer. If *n* is not specified or "
|
|
|
|
|
"negative, all bytes are returned."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2586
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Write the bytes from *buf* to the memory BIO. The *buf* argument must be an "
|
|
|
|
|
"object supporting the buffer protocol."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2589
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"The return value is the number of bytes written, which is always equal to "
|
|
|
|
|
"the length of *buf*."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2594
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Write an EOF marker to the memory BIO. After this method has been called, it "
|
|
|
|
|
"is illegal to call :meth:`~MemoryBIO.write`. The attribute :attr:`eof` will "
|
|
|
|
|
"become true after all data currently in the buffer has been read."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2600
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "SSL session"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2606
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Session object used by :attr:`~SSLSocket.session`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2618
|
2020-02-14 10:18:53 +00:00
|
|
|
|
#, fuzzy
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Security considerations"
|
2020-02-14 10:18:53 +00:00
|
|
|
|
msgstr "Considérations de sécurité"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2621
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Best defaults"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2623
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"For **client use**, if you don't have any special requirements for your "
|
|
|
|
|
"security policy, it is highly recommended that you use the :func:"
|
|
|
|
|
"`create_default_context` function to create your SSL context. It will load "
|
|
|
|
|
"the system's trusted CA certificates, enable certificate validation and "
|
|
|
|
|
"hostname checking, and try to choose reasonably secure protocol and cipher "
|
|
|
|
|
"settings."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2630
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"For example, here is how you would use the :class:`smtplib.SMTP` class to "
|
|
|
|
|
"create a trusted, secure connection to a SMTP server::"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2639
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If a client certificate is needed for the connection, it can be added with :"
|
|
|
|
|
"meth:`SSLContext.load_cert_chain`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2642
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"By contrast, if you create the SSL context by calling the :class:"
|
|
|
|
|
"`SSLContext` constructor yourself, it will not have certificate validation "
|
|
|
|
|
"nor hostname checking enabled by default. If you do so, please read the "
|
|
|
|
|
"paragraphs below to achieve a good security level."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2648
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Manual settings"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2651
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Verifying certificates"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2653
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"When calling the :class:`SSLContext` constructor directly, :const:"
|
|
|
|
|
"`CERT_NONE` is the default. Since it does not authenticate the other peer, "
|
|
|
|
|
"it can be insecure, especially in client mode where most of time you would "
|
|
|
|
|
"like to ensure the authenticity of the server you're talking to. Therefore, "
|
|
|
|
|
"when in client mode, it is highly recommended to use :const:"
|
|
|
|
|
"`CERT_REQUIRED`. However, it is in itself not sufficient; you also have to "
|
|
|
|
|
"check that the server certificate, which can be obtained by calling :meth:"
|
|
|
|
|
"`SSLSocket.getpeercert`, matches the desired service. For many protocols "
|
|
|
|
|
"and applications, the service can be identified by the hostname; in this "
|
|
|
|
|
"case, the :func:`match_hostname` function can be used. This common check is "
|
|
|
|
|
"automatically performed when :attr:`SSLContext.check_hostname` is enabled."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2666
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Hostname matchings is now performed by OpenSSL. Python no longer uses :func:"
|
|
|
|
|
"`match_hostname`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2670
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"In server mode, if you want to authenticate your clients using the SSL layer "
|
|
|
|
|
"(rather than using a higher-level authentication mechanism), you'll also "
|
|
|
|
|
"have to specify :const:`CERT_REQUIRED` and similarly check the client "
|
|
|
|
|
"certificate."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2676
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Protocol versions"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2678
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"SSL versions 2 and 3 are considered insecure and are therefore dangerous to "
|
|
|
|
|
"use. If you want maximum compatibility between clients and servers, it is "
|
|
|
|
|
"recommended to use :const:`PROTOCOL_TLS_CLIENT` or :const:"
|
|
|
|
|
"`PROTOCOL_TLS_SERVER` as the protocol version. SSLv2 and SSLv3 are disabled "
|
|
|
|
|
"by default."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2691
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2023-07-23 12:39:39 +00:00
|
|
|
|
"The SSL context created above will only allow TLSv1.3 and later (if "
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"supported by your system) connections to a server. :const:"
|
|
|
|
|
"`PROTOCOL_TLS_CLIENT` implies certificate validation and hostname checks by "
|
|
|
|
|
"default. You have to load certificates into the context."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2698
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Cipher selection"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2700
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If you have advanced security requirements, fine-tuning of the ciphers "
|
|
|
|
|
"enabled when negotiating a SSL session is possible through the :meth:"
|
|
|
|
|
"`SSLContext.set_ciphers` method. Starting from Python 3.2.3, the ssl module "
|
|
|
|
|
"disables certain weak ciphers by default, but you may want to further "
|
|
|
|
|
"restrict the cipher choice. Be sure to read OpenSSL's documentation about "
|
2023-01-15 21:42:07 +00:00
|
|
|
|
"the `cipher list format <https://www.openssl.org/docs/man1.1.1/man1/ciphers."
|
2016-10-30 09:46:26 +00:00
|
|
|
|
"html#CIPHER-LIST-FORMAT>`_. If you want to check which ciphers are enabled "
|
|
|
|
|
"by a given cipher list, use :meth:`SSLContext.get_ciphers` or the ``openssl "
|
|
|
|
|
"ciphers`` command on your system."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2711
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Multi-processing"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2713
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"If using this module as part of a multi-processed application (using, for "
|
|
|
|
|
"example the :mod:`multiprocessing` or :mod:`concurrent.futures` modules), be "
|
|
|
|
|
"aware that OpenSSL's internal random number generator does not properly "
|
|
|
|
|
"handle forked processes. Applications must change the PRNG state of the "
|
|
|
|
|
"parent process if they use any SSL feature with :func:`os.fork`. Any "
|
|
|
|
|
"successful call of :func:`~ssl.RAND_add`, :func:`~ssl.RAND_bytes` or :func:"
|
|
|
|
|
"`~ssl.RAND_pseudo_bytes` is sufficient."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2725
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid "TLS 1.3"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2729
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
2021-09-24 08:20:01 +00:00
|
|
|
|
"The TLS 1.3 protocol behaves slightly differently than previous version of "
|
|
|
|
|
"TLS/SSL. Some new TLS 1.3 features are not yet available."
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2732
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"TLS 1.3 uses a disjunct set of cipher suites. All AES-GCM and ChaCha20 "
|
|
|
|
|
"cipher suites are enabled by default. The method :meth:`SSLContext."
|
|
|
|
|
"set_ciphers` cannot enable or disable any TLS 1.3 ciphers yet, but :meth:"
|
2018-10-13 15:54:03 +00:00
|
|
|
|
"`SSLContext.get_ciphers` returns them."
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2736
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Session tickets are no longer sent as part of the initial handshake and are "
|
|
|
|
|
"handled differently. :attr:`SSLSocket.session` and :class:`SSLSession` are "
|
|
|
|
|
"not compatible with TLS 1.3."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2739
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"Client-side certificates are also no longer verified during the initial "
|
|
|
|
|
"handshake. A server can request a certificate at any time. Clients process "
|
|
|
|
|
"certificate requests while they send or receive application data from the "
|
|
|
|
|
"server."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2743
|
2018-06-28 13:32:56 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"TLS 1.3 features like early data, deferred TLS client cert request, "
|
|
|
|
|
"signature algorithm configuration, and rekeying are not supported yet."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2750
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Class :class:`socket.socket`"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2750
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "Documentation of underlying :mod:`socket` class"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2753
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"`SSL/TLS Strong Encryption: An Introduction <https://httpd.apache.org/docs/"
|
|
|
|
|
"trunk/en/ssl/ssl_intro.html>`_"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2753
|
2018-06-10 09:32:30 +00:00
|
|
|
|
msgid "Intro from the Apache HTTP Server documentation"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2756
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-10 09:32:30 +00:00
|
|
|
|
":rfc:`RFC 1422: Privacy Enhancement for Internet Electronic Mail: Part II: "
|
|
|
|
|
"Certificate-Based Key Management <1422>`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2756
|
2018-06-10 09:32:30 +00:00
|
|
|
|
msgid "Steve Kent"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2759
|
2018-06-10 09:32:30 +00:00
|
|
|
|
msgid ":rfc:`RFC 4086: Randomness Requirements for Security <4086>`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2759
|
2018-06-10 09:32:30 +00:00
|
|
|
|
msgid "Donald E., Jeffrey I. Schiller"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2762
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-10 09:32:30 +00:00
|
|
|
|
":rfc:`RFC 5280: Internet X.509 Public Key Infrastructure Certificate and "
|
|
|
|
|
"Certificate Revocation List (CRL) Profile <5280>`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2762
|
2018-06-10 09:32:30 +00:00
|
|
|
|
msgid "D. Cooper"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2765
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
2018-06-10 09:32:30 +00:00
|
|
|
|
":rfc:`RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 "
|
|
|
|
|
"<5246>`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2765
|
2018-06-10 09:32:30 +00:00
|
|
|
|
msgid "T. Dierks et. al."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2768
|
2018-06-10 09:32:30 +00:00
|
|
|
|
msgid ":rfc:`RFC 6066: Transport Layer Security (TLS) Extensions <6066>`"
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2768
|
2018-06-10 09:32:30 +00:00
|
|
|
|
msgid "D. Eastlake"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2771
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"`IANA TLS: Transport Layer Security (TLS) Parameters <https://www.iana.org/"
|
|
|
|
|
"assignments/tls-parameters/tls-parameters.xml>`_"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2771
|
2016-10-30 09:46:26 +00:00
|
|
|
|
msgid "IANA"
|
|
|
|
|
msgstr ""
|
2017-09-12 11:40:22 +00:00
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2774
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgid ""
|
2018-06-10 09:32:30 +00:00
|
|
|
|
":rfc:`RFC 7525: Recommendations for Secure Use of Transport Layer Security "
|
|
|
|
|
"(TLS) and Datagram Transport Layer Security (DTLS) <7525>`"
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2774
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgid "IETF"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2776
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgid ""
|
|
|
|
|
"`Mozilla's Server Side TLS recommendations <https://wiki.mozilla.org/"
|
|
|
|
|
"Security/Server_Side_TLS>`_"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2023-01-15 21:42:07 +00:00
|
|
|
|
#: library/ssl.rst:2777
|
2017-09-12 11:40:22 +00:00
|
|
|
|
msgid "Mozilla"
|
|
|
|
|
msgstr ""
|
2021-09-24 08:20:01 +00:00
|
|
|
|
|
2023-07-23 12:39:39 +00:00
|
|
|
|
#: library/ssl.rst:12
|
|
|
|
|
msgid "OpenSSL"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: library/ssl.rst:12
|
|
|
|
|
msgid "(use in module ssl)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: library/ssl.rst:14
|
|
|
|
|
#, fuzzy
|
|
|
|
|
msgid "TLS"
|
|
|
|
|
msgstr "*TLSv1*"
|
|
|
|
|
|
|
|
|
|
#: library/ssl.rst:14
|
|
|
|
|
#, fuzzy
|
|
|
|
|
msgid "SSL"
|
|
|
|
|
msgstr "*SSLv2*"
|
|
|
|
|
|
|
|
|
|
#: library/ssl.rst:14
|
|
|
|
|
msgid "Transport Layer Security"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: library/ssl.rst:14
|
|
|
|
|
msgid "Secure Sockets Layer"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: library/ssl.rst:2085
|
|
|
|
|
msgid "certificates"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: library/ssl.rst:2087
|
|
|
|
|
msgid "X509 certificate"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2021-09-24 08:20:01 +00:00
|
|
|
|
#, fuzzy
|
|
|
|
|
#~ msgid ":ref:`Availability <availability>`: OpenSSL 1.0.2+."
|
|
|
|
|
#~ msgstr ":ref:`Disponibilité <availability>` : OpenSSL 1.1+."
|