7 年前 · 70c315b568
--- a/std/python/lib/Ssl.hx
+++ b/std/python/lib/Ssl.hx
@@ -26,6 +26,7 @@ import python.lib.ssl.SSLContext;
 
				 @:pythonImport("ssl")
			
 
				 extern class Ssl {
			
 
				 
			
 
				+	@:require(python_version >= 3.4)
			
 
				 	public static function create_default_context(purpose:String):SSLContext;
			
 
				 
			
 
				 	/**
			
@@ -41,6 +42,24 @@ extern class Ssl {
 
				 
			
 
				 		since python 3.4
			
 
				 	**/
			
 
				+	@:require(python_version >= 3.4)
			
 
				 	public static var OP_NO_TLSv1_1:Int;
			
 
				 
			
 
				+	public static var OP_NO_SSLv3:Int;
			
 
				+	public static var OP_NO_SSLv2:Int;
			
 
				+
			
 
				+	public static var OP_NO_COMPRESSION:Int;
			
 
				+
			
 
				+
			
 
				+	#if (python_version >= 3.6)
			
 
				+	@:deprecated("deprecated, use PROTOCOL_TLS instead")
			
 
				+	#end
			
 
				+	public static var PROTOCOL_SSLv23:String;
			
 
				+
			
 
				+	@:require(python_version >= 3.6)
			
 
				+	public static var PROTOCOL_TLS:String;
			
 
				+
			
 
				+	public static var CERT_REQUIRED:Int;
			
 
				+
			
 
				+
			
 
				 }
			
--- a/std/python/lib/ssl/Purpose.hx
+++ b/std/python/lib/ssl/Purpose.hx
@@ -1,5 +1,6 @@
 
				 package python.lib.ssl;
			
 
				 
			
 
				+@:require(python_version >= 3.4)
			
 
				 @:pythonImport("ssl", "Purpose")
			
 
				 extern class Purpose {
			
 
				 	public static var SERVER_AUTH:String;
			
--- a/std/python/lib/ssl/SSLContext.hx
+++ b/std/python/lib/ssl/SSLContext.hx
@@ -25,12 +25,24 @@ import python.lib.ssl.SSLSocket;
 
				 
			
 
				 @:pythonImport("ssl", "SSLContext")
			
 
				 extern class SSLContext {
			
 
				+	public function new (protocol:String):Void;
			
 
				+	#if (python_version >= 3.6)
			
 
				+	public function wrap_socket(s:python.lib.net.Socket, server_side:Bool = false, do_handshake_on_connect:Bool = true, suppress_ragged_eofs:Bool = true, server_hostname:String = null, session:SSLSession = null ):python.lib.ssl.SSLSocket;
			
 
				+	#else
			
 
				 	public function wrap_socket(s:python.lib.net.Socket, server_side:Bool = false, do_handshake_on_connect:Bool = true, suppress_ragged_eofs:Bool = true, server_hostname:String = null ):python.lib.ssl.SSLSocket;
			
 
				+	#end
			
 
				 	public var options:Int;
			
 
				 
			
 
				-	//public function load_default_certs():Void;
			
 
				+	@:require(python_version >= 3.4)
			
 
				+	public var check_hostname:Bool;
			
 
				+
			
 
				+	public var verify_mode:Int;
			
 
				+	public function load_verify_locations(cafile:String = null, capath:String = null, cadata:String = null):Void;
			
 
				+	public function set_default_verify_paths():Void;
			
 
				+
			
 
				+	@:require(python_version >= 3.4)
			
 
				+	public function load_default_certs():Void;
			
 
				 	//public function load_cert_chain(certfile:String, keyfile:String = null, password:String = null):Void;
			
 
				 	//public function set_servername_callback(callback:SSLSocket -> String -> SSLContext -> Void ):Void;
			
 
				-	//public var check_hostname:Bool;
			
 
				-	//public var verify_mode:Int;
			
 
				+
			
 
				 }
			
--- a/std/python/lib/ssl/SSLSession.hx
+++ b/std/python/lib/ssl/SSLSession.hx
@@ -0,0 +1,29 @@
 
				+/*
			
 
				+ * Copyright (C)2005-2017 Haxe Foundation
			
 
				+ *
			
 
				+ * Permission is hereby granted, free of charge, to any person obtaining a
			
 
				+ * copy of this software and associated documentation files (the "Software"),
			
 
				+ * to deal in the Software without restriction, including without limitation
			
 
				+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
			
 
				+ * and/or sell copies of the Software, and to permit persons to whom the
			
 
				+ * Software is furnished to do so, subject to the following conditions:
			
 
				+ *
			
 
				+ * The above copyright notice and this permission notice shall be included in
			
 
				+ * all copies or substantial portions of the Software.
			
 
				+ *
			
 
				+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
			
 
				+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
			
 
				+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
			
 
				+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
			
 
				+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
			
 
				+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
			
 
				+ * DEALINGS IN THE SOFTWARE.
			
 
				+ */
			
 
				+package python.lib.ssl;
			
 
				+
			
 
				+@:require(python_version >= 3.6)
			
 
				+@:pythonImport("ssl", "SSLSession")
			
 
				+extern class SSLSession {
			
 
				+
			
 
				+}
			
 
				+
			
--- a/std/python/net/SslSocket.hx
+++ b/std/python/net/SslSocket.hx
@@ -10,8 +10,19 @@ class SslSocket extends sys.net.Socket {
 
				 	var hostName:String;
			
 
				 
			
 
				 	override function __initSocket ():Void {
			
 
				+
			
 
				+		#if (python_version >= 3.4)
			
 
				 		var context = Ssl.create_default_context(Purpose.SERVER_AUTH);
			
 
				-		context.options |= Ssl.OP_NO_TLSv1; // python 3.4 | Ssl.OP_NO_TLSv1_1;
			
 
				+		#else
			
 
				+		// hopefully these options are good enough
			
 
				+		var context = new python.lib.ssl.SSLContext(Ssl.PROTOCOL_SSLv23);
			
 
				+		context.verify_mode = Ssl.CERT_REQUIRED;
			
 
				+		context.set_default_verify_paths();
			
 
				+		context.options |= Ssl.OP_NO_SSLv2;
			
 
				+		context.options |= Ssl.OP_NO_SSLv3;
			
 
				+		context.options |= Ssl.OP_NO_COMPRESSION;
			
 
				+		#end
			
 
				+		context.options |= Ssl.OP_NO_TLSv1 #if (python_version >= 3.4) | Ssl.OP_NO_TLSv1_1 #end; // python 3.4 | Ssl.OP_NO_TLSv1_1;
			
 
				 		__s = new PSocket();
			
 
				 		__s = context.wrap_socket(__s,
			
 
				 			false,