twisted.protocols.tls.TLSMemoryBIOProtocol(ProtocolWrapper) class documentationtwisted.protocols.tls
(View In Hierarchy)
Implements interfaces: twisted.internet.interfaces.INegotiated, twisted.internet.interfaces.ISystemHandle
TLSMemoryBIOProtocol
is a protocol wrapper which uses OpenSSL via a memory BIO to encrypt bytes
written to it before sending them on to the underlying transport and
decrypts bytes received from the underlying transport before delivering
them to the wrapped protocol.
In addition to producer events from the underlying transport, the need
to wait for reads before a write can proceed means the TLSMemoryBIOProtocol
may also want to pause a producer. Pause/resume events are therefore
merged using the _ProducerMembrane
wrapper. Non-streaming (pull) producers are supported by wrapping them
with _PullToPush.
| Method | __init__ | Undocumented |
| Method | getHandle | Return the OpenSSL.SSL.Connection object being used to
encrypt and decrypt this connection. |
| Method | makeConnection | Connect this wrapper to the given transport and initialize the necessary
OpenSSL.SSL.Connection with a memory BIO. |
| Method | dataReceived | Deliver any received bytes to the receive BIO and then read and deliver to the application any application-level data which becomes available as a result of this. |
| Method | connectionLost | Handle the possible repetition of calls to this method (due to either the underlying transport going away or due to an error at the TLS layer) and make sure the base implementation only gets invoked once. |
| Method | loseConnection | Send a TLS close alert and close the underlying connection. |
| Method | abortConnection | Tear down TLS state so that if the connection is aborted mid-handshake we don't deliver any further data from the application. |
| Method | failVerification | Abort the connection during connection setup, giving a reason that certificate verification failed. |
| Method | write | Process the given application bytes and send any resulting TLS traffic which arrives in the send BIO. |
| Method | writeSequence | Write a sequence of application bytes by joining them into one string
and passing them to write. |
| Method | getPeerCertificate | Return an object with the peer's certificate info. |
| Method | negotiatedProtocol | |
| Method | registerProducer | Undocumented |
| Method | unregisterProducer | Undocumented |
| Instance Variable | _tlsConnection | The OpenSSL.SSL.Connection instance which is encrypted and
decrypting this connection. |
| Instance Variable | _lostTLSConnection | A flag indicating whether connection loss has already been dealt with
(True) or not (False). TLS disconnection is
distinct from the underlying connection being lost. |
| Instance Variable | _appSendBuffer | application-level (cleartext) data that is waiting to be transferred to the
TLS buffer, but can't be because the TLS connection is handshaking. (type: list
of bytes) |
| Instance Variable | _connectWrapped | A flag indicating whether or not to call makeConnection on the
wrapped protocol. This is for the reactor's twisted.internet.interfaces.ITLSTransport.startTLS
implementation, since it has a protocol which it has already called
makeConnection on, and which has no interest in a new
transport. See #3821. |
| Instance Variable | _handshakeDone | A flag indicating whether or not the handshake is known to have completed
successfully (True) or not (False). This is used
to control error reporting behavior. If the handshake has not completed,
the underlying OpenSSL.SSL.Error will be passed to the
application's connectionLost method. If it has completed, any
unexpected OpenSSL.SSL.Error will be turned into a ConnectionLost.
This is weird; however, it is simply an attempt at a faithful
re-implementation of the behavior provided by twisted.internet.ssl. |
| Instance Variable | _reason | If an unexpected OpenSSL.SSL.Error occurs which causes the
connection to be lost, it is saved here. If appropriate, this may be used
as the reason passed to the application protocol's
connectionLost method. |
| Instance Variable | _producer | The current producer registered via registerProducer, or None
if no producer has been registered or a previous one was unregistered. |
| Instance Variable | _aborted | abortConnection has been called. No further data will be
received to the wrapped protocol's dataReceived. (type: bool) |
| Method | _checkHandshakeStatus | Ask OpenSSL to proceed with a handshake in progress. |
| Method | _flushSendBIO | Read any bytes out of the send BIO and write them to the underlying transport. |
| Method | _flushReceiveBIO | No summary |
| Method | _shutdownTLS | Initiate, or reply to, the shutdown handshake of the TLS layer. |
| Method | _tlsShutdownFinished | Called when TLS connection has gone away; tell underlying transport to disconnect. |
| Method | _bufferedWrite | Put the given octets into TLSMemoryBIOProtocol._appSendBuffer,
and tell any listening producer that it should pause because we are now
buffering. |
| Method | _unbufferPendingWrites | Un-buffer all waiting writes in TLSMemoryBIOProtocol._appSendBuffer. |
| Method | _write | Process the given application bytes and send any resulting TLS traffic which arrives in the send BIO. |
Inherited from ProtocolWrapper:
| Instance Variable | wrappedProtocol | An IProtocol
provider to which IProtocol
method calls onto this ProtocolWrapper
will be proxied. |
| Instance Variable | factory | The WrappingFactory
which created this ProtocolWrapper. |
| Method | logPrefix | Use a customized log prefix mentioning both the wrapped protocol and the current one. |
| Method | getPeer | Undocumented |
| Method | getHost | Undocumented |
| Method | stopConsuming | Undocumented |
| Method | __getattr__ | Undocumented |
Inherited from BaseProtocol (via ProtocolWrapper, Protocol):
| Method | connectionMade | Called when a connection is made. |
OpenSSL.SSL.Connection instance which is encrypted and
decrypting this connection.
True) or not (False). TLS disconnection is
distinct from the underlying connection being lost.
makeConnection on the
wrapped protocol. This is for the reactor's twisted.internet.interfaces.ITLSTransport.startTLS
implementation, since it has a protocol which it has already called
makeConnection on, and which has no interest in a new
transport. See #3821.
True) or not (False). This is used
to control error reporting behavior. If the handshake has not completed,
the underlying OpenSSL.SSL.Error will be passed to the
application's connectionLost method. If it has completed, any
unexpected OpenSSL.SSL.Error will be turned into a ConnectionLost.
This is weird; however, it is simply an attempt at a faithful
re-implementation of the behavior provided by twisted.internet.ssl.
OpenSSL.SSL.Error occurs which causes the
connection to be lost, it is saved here. If appropriate, this may be used
as the reason passed to the application protocol's
connectionLost method.
registerProducer, or None
if no producer has been registered or a previous one was unregistered.
abortConnection has been called. No further data will be
received to the wrapped protocol's dataReceived. (type: bool)
Return the OpenSSL.SSL.Connection object being used to
encrypt and decrypt this connection.
This is done for the benefit of twisted.internet.ssl.Certificate's
peerFromTransport and hostFromTransport methods
only. A different system handle may be returned by future versions of this
method.
Connect this wrapper to the given transport and initialize the necessary
OpenSSL.SSL.Connection with a memory BIO.
Ask OpenSSL to proceed with a handshake in progress.
Initially, this just sends the ClientHello; after some bytes have been
stuffed in to the Connection object by
dataReceived, it will then respond to any
Certificate or KeyExchange messages.
Read any bytes out of the send BIO and write them to the underlying transport.
Try to receive any application-level bytes which are now available because of a previous write into the receive BIO. This will take care of delivering any application-level bytes which are received to the protocol, as well as handling of the various exceptions which can come from trying to get such bytes.
Deliver any received bytes to the receive BIO and then read and deliver to the application any application-level data which becomes available as a result of this.
Called when TLS connection has gone away; tell underlying transport to disconnect.
| Parameters | reason | a Failure
whose value is an Exception
if we want to report that failure through to the wrapped protocol's
connectionLost, or None
if the reason that connectionLost should receive
should be coming from the underlying transport. (type: Failure or
None) |
Handle the possible repetition of calls to this method (due to either the underlying transport going away or due to an error at the TLS layer) and make sure the base implementation only gets invoked once.
Tear down TLS state so that if the connection is aborted mid-handshake we don't deliver any further data from the application.
Abort the connection during connection setup, giving a reason that certificate verification failed.
| Parameters | reason | The reason that the verification failed; reported to the application
protocol's connectionLost method. (type: Failure) |
Process the given application bytes and send any resulting TLS traffic which arrives in the send BIO.
If loseConnection was called, subsequent calls to
write will drop the bytes on the floor.
Put the given octets into TLSMemoryBIOProtocol._appSendBuffer,
and tell any listening producer that it should pause because we are now
buffering.
Un-buffer all waiting writes in TLSMemoryBIOProtocol._appSendBuffer.
Process the given application bytes and send any resulting TLS traffic which arrives in the send BIO.
This may be called by dataReceived with bytes that were
buffered before loseConnection was called, which is why this
function doesn't check for disconnection but accepts the bytes
regardless.
Write a sequence of application bytes by joining them into one string
and passing them to write.