def build_opener(self):
"""
Voodoo to create a urllib2.OpenerDirector object with TLS
certificate checking enabled and a hook to set self.peercert so
our caller can check the subjectAltName field.
You probably don't want to look at this if you can avoid it.
"""
assert self.ta is not None
# Yes, we're constructing one-off classes. Look away, look away.
class HTTPSConnection(httplib.HTTPSConnection):
zip = self
def connect(self):
sock = socket.create_connection((self.host, self.port), self.timeout)
if getattr(self, "_tunnel_host", None):
self.sock = sock
self._tunnel()
self.sock = ssl.wrap_socket(sock,
keyfile = self.key_file,
certfile = self.cert_file,
cert_reqs = ssl.CERT_REQUIRED,
ssl_version = ssl.PROTOCOL_TLSv1,
ca_certs = self.zip.ta)
self.zip.peercert = self.sock.getpeercert()
class HTTPSHandler(urllib2.HTTPSHandler):
def https_open(self, req):
return self.do_open(HTTPSConnection, req)
return urllib2.build_opener(HTTPSHandler)
评论列表
文章目录
