Package rpki.https

Classes

class  caller
class  http_client
class  http_listener
class  http_message
class  http_queue
class  http_request
class  http_response
class  http_server
class  http_stream

Functions

def build_https_ta_cache
def client
def localhost_addrinfo
def log_method
def server
def supported_address_families

Variables

dictionary client_queues = {}
 Map of (host, port) tuples to http_queue objects.
 debug_http = False
 Verbose chatter about HTTP streams.
 debug_tls_certs = False
 Verbose chatter about TLS certificates.
tuple default_client_timeout = rpki.sundial.timedelta(minutes = 15)
 Default HTTP client connection timeout.
tuple default_http_version = (1, 0)
 Preferred HTTP version.
tuple default_server_timeout = rpki.sundial.timedelta(minutes = 20)
 Default HTTP server connection timeouts.
int default_tcp_port = 443
 Default port for clients and servers that don't specify one.
 enable_ipv6_clients = False
 Whether to consider IPv6 addresses when making connections.
 enable_ipv6_servers = True
 Whether to enable IPv6 listeners.
 have_ipv6 = False
 Whether the current machine claims to support IPv6.
string rpki_content_type = "application/x-rpki"
 HTTP content type used for all RPKI messages.
 use_adns = False
 Whether to use rpki.adns code.
 want_persistent_client = False
 Whether we want persistent HTTP client streams, when server also supports them.
 want_persistent_server = False
 Whether we want persistent HTTP server streams, when client also supports them.

Detailed Description

HTTPS utilities, both client and server.

$Id: https.py 3282 2010-06-10 21:03:17Z sra $

Copyright (C) 2009-2010  Internet Systems Consortium ("ISC")

Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.

Portions copyright (C) 2007--2008  American Registry for Internet Numbers ("ARIN")

Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS.  IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.

Function Documentation

def rpki.https.build_https_ta_cache (   certs  ) 
Package up a collection of certificates into a form suitable for use
as a dynamic HTTPS trust anchor set.  Precise format of this
collection is an internal conspiracy within the rpki.https module;
at one point it was a POW.X509Store object, at the moment it's a
Python set, what it will be tomorow is nobody else's business.

Definition at line 1168 of file https.py.

def rpki.https.client (   msg,
  client_key,
  client_cert,
  server_ta,
  url,
  callback,
  errback 
)
Open client HTTPS connection, send a message, set up callbacks to
handle response.

Definition at line 1103 of file https.py.

def rpki.https.localhost_addrinfo (  ) 
Return pseudo-getaddrinfo results for localhost.

Definition at line 118 of file https.py.

def rpki.https.log_method (   self,
  msg,
  logger = rpki.log.debug 
)
Logging method used in several different classes.

Definition at line 272 of file https.py.

def rpki.https.server (   handlers,
  server_key,
  server_cert,
  port,
  host = "",
  client_ta = (),
  dynamic_https_trust_anchor = None 
)
Run an HTTPS server and wait (forever) for connections.

Definition at line 1148 of file https.py.

def rpki.https.supported_address_families (   enable_ipv6  ) 
IP address families on which servers should listen, and to consider
when selecting addresses for client connections.

Definition at line 108 of file https.py.


Variable Documentation

Map of (host, port) tuples to http_queue objects.

Definition at line 1101 of file https.py.

Verbose chatter about HTTP streams.

Definition at line 45 of file https.py.

Verbose chatter about TLS certificates.

Definition at line 49 of file https.py.

Default HTTP client connection timeout.

Definition at line 61 of file https.py.

Preferred HTTP version.

Definition at line 72 of file https.py.

Default HTTP server connection timeouts.

Given our druthers, we'd prefer that the client close the connection, as this avoids the problem of client starting to reuse connection just as server closes it, so this should be longer than the client timeout.

Definition at line 68 of file https.py.

Default port for clients and servers that don't specify one.

Definition at line 76 of file https.py.

Whether to consider IPv6 addresses when making connections.

Disabled by default, as IPv6 connectivity is still a bad joke in far too much of the world.

Definition at line 87 of file https.py.

Whether to enable IPv6 listeners.

Enabled by default, as it should be harmless. Has no effect if kernel doesn't support IPv6.

Definition at line 81 of file https.py.

Whether the current machine claims to support IPv6.

Note that just because the kernel supports it doesn't mean that the machine has usable IPv6 connectivity. I don't know of a simple portable way to probe for connectivity at runtime (the old test of "can you ping SRI-NIC.ARPA?" seems a bit dated...). Don't set this, it's set automatically by probing using the socket() system call at runtime.

Definition at line 104 of file https.py.

rpki::https::rpki_content_type = "application/x-rpki"

HTTP content type used for all RPKI messages.

Definition at line 41 of file https.py.

Whether to use rpki.adns code.

This is still experimental, so it's not (yet) enabled by default.

Definition at line 92 of file https.py.

Whether we want persistent HTTP client streams, when server also supports them.

Definition at line 53 of file https.py.

Whether we want persistent HTTP server streams, when client also supports them.

Definition at line 57 of file https.py.

 All Classes Namespaces Files Functions Variables
Generated on Sun Jul 11 19:57:21 2010 for RPKI Engine by  doxygen 1.6.3