Package rpki.https
Detailed Description
HTTPS utilities, both client and server.
$Id: https.py 3282 2010-06-10 21:03:17Z sra $
Copyright (C) 2009-2010 Internet Systems Consortium ("ISC")
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
Portions copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN")
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
Function Documentation
def rpki.https.build_https_ta_cache |
( |
|
certs |
) |
|
Package up a collection of certificates into a form suitable for use
as a dynamic HTTPS trust anchor set. Precise format of this
collection is an internal conspiracy within the rpki.https module;
at one point it was a POW.X509Store object, at the moment it's a
Python set, what it will be tomorow is nobody else's business.
Definition at line 1168 of file https.py.
def rpki.https.client |
( |
|
msg, |
|
|
|
client_key, |
|
|
|
client_cert, |
|
|
|
server_ta, |
|
|
|
url, |
|
|
|
callback, |
|
|
|
errback | |
|
) |
| | |
Open client HTTPS connection, send a message, set up callbacks to
handle response.
Definition at line 1103 of file https.py.
def rpki.https.localhost_addrinfo |
( |
|
) |
|
Return pseudo-getaddrinfo results for localhost.
Definition at line 118 of file https.py.
Logging method used in several different classes.
Definition at line 272 of file https.py.
def rpki.https.server |
( |
|
handlers, |
|
|
|
server_key, |
|
|
|
server_cert, |
|
|
|
port, |
|
|
|
host = "" , |
|
|
|
client_ta = () , |
|
|
|
dynamic_https_trust_anchor = None | |
|
) |
| | |
Run an HTTPS server and wait (forever) for connections.
Definition at line 1148 of file https.py.
def rpki.https.supported_address_families |
( |
|
enable_ipv6 |
) |
|
IP address families on which servers should listen, and to consider
when selecting addresses for client connections.
Definition at line 108 of file https.py.
Variable Documentation
Verbose chatter about HTTP streams.
Definition at line 45 of file https.py.
Verbose chatter about TLS certificates.
Definition at line 49 of file https.py.
Default HTTP client connection timeout.
Definition at line 61 of file https.py.
Preferred HTTP version.
Definition at line 72 of file https.py.
Default HTTP server connection timeouts.
Given our druthers, we'd prefer that the client close the connection, as this avoids the problem of client starting to reuse connection just as server closes it, so this should be longer than the client timeout.
Definition at line 68 of file https.py.
Default port for clients and servers that don't specify one.
Definition at line 76 of file https.py.
Whether to consider IPv6 addresses when making connections.
Disabled by default, as IPv6 connectivity is still a bad joke in far too much of the world.
Definition at line 87 of file https.py.
Whether to enable IPv6 listeners.
Enabled by default, as it should be harmless. Has no effect if kernel doesn't support IPv6.
Definition at line 81 of file https.py.
Whether the current machine claims to support IPv6.
Note that just because the kernel supports it doesn't mean that the machine has usable IPv6 connectivity. I don't know of a simple portable way to probe for connectivity at runtime (the old test of "can you ping
SRI-NIC.ARPA?" seems a bit dated...). Don't set this, it's set automatically by probing using the socket() system call at runtime.
Definition at line 104 of file https.py.
HTTP content type used for all RPKI messages.
Definition at line 41 of file https.py.
Whether to use rpki.adns code.
This is still experimental, so it's not (yet) enabled by default.
Definition at line 92 of file https.py.
Whether we want persistent HTTP client streams, when server also supports them.
Definition at line 53 of file https.py.
Whether we want persistent HTTP server streams, when client also supports them.
Definition at line 57 of file https.py.