class TLSMemoryBIOProtocol(ProtocolWrapper): (source)
Implements interfaces: twisted.internet.interfaces.INegotiated, twisted.internet.interfaces.ISystemHandle
TLSMemoryBIOProtocol is a protocol wrapper which uses OpenSSL via a memory BIO to encrypt bytes written to it before sending them on to the underlying transport and decrypts bytes received from the underlying transport before delivering them to the wrapped protocol.
In addition to producer events from the underlying transport, the need to wait for reads before a write can proceed means the TLSMemoryBIOProtocol may also want to pause a producer. Pause/resume events are therefore merged using the _ProducerMembrane wrapper. Non-streaming (pull) producers are supported by wrapping them with _PullToPush.
| Method | __init__ |
Undocumented |
| Method | abortConnection |
Tear down TLS state so that if the connection is aborted mid-handshake we don't deliver any further data from the application. |
| Method | connectionLost |
Handle the possible repetition of calls to this method (due to either the underlying transport going away or due to an error at the TLS layer) and make sure the base implementation only gets invoked once. |
| Method | dataReceived |
Deliver any received bytes to the receive BIO and then read and deliver to the application any application-level data which becomes available as a result of this. |
| Method | failVerification |
Abort the connection during connection setup, giving a reason that certificate verification failed. |
| Method | getHandle |
Return the OpenSSL.SSL.Connection object being used to encrypt and decrypt this connection. |
| Method | getPeerCertificate |
Return an object with the peer's certificate info. |
| Method | loseConnection |
Send a TLS close alert and close the underlying connection. |
| Method | makeConnection |
Connect this wrapper to the given transport and initialize the necessary OpenSSL.SSL.Connection with a memory BIO. |
| Method | registerProducer |
Undocumented |
| Method | unregisterProducer |
Undocumented |
| Method | write |
Process the given application bytes and send any resulting TLS traffic which arrives in the send BIO. |
| Method | writeSequence |
Write a sequence of application bytes by joining them into one string and passing them to write. |
| Instance Variable | connected |
Undocumented |
| Instance Variable | disconnecting |
Undocumented |
| Property | negotiatedProtocol |
|
| Method | _bufferedWrite |
Put the given octets into TLSMemoryBIOProtocol._appSendBuffer, and tell any listening producer that it should pause because we are now buffering. |
| Method | _checkHandshakeStatus |
Ask OpenSSL to proceed with a handshake in progress. |
| Method | _flushReceiveBIO |
No summary |
| Method | _flushSendBIO |
Read any bytes out of the send BIO and write them to the underlying transport. |
| Method | _shutdownTLS |
Initiate, or reply to, the shutdown handshake of the TLS layer. |
| Method | _tlsShutdownFinished |
Called when TLS connection has gone away; tell underlying transport to disconnect. |
| Method | _unbufferPendingWrites |
Un-buffer all waiting writes in TLSMemoryBIOProtocol._appSendBuffer. |
| Method | _write |
Process the given application bytes and send any resulting TLS traffic which arrives in the send BIO. |
| Instance Variable | _aborted |
abortConnection has been called. No further data will be received to the wrapped protocol's dataReceived. |
| Instance Variable | _appSendBuffer |
application-level (cleartext) data that is waiting to be transferred to the TLS buffer, but can't be because the TLS connection is handshaking. |
| Instance Variable | _connectWrapped |
A flag indicating whether or not to call makeConnection on the wrapped protocol. This is for the reactor's twisted.internet.interfaces.ITLSTransport.startTLS implementation, since it has a protocol which it has already called makeConnection on, and which has no interest in a new transport. See #3821. |
| Instance Variable | _handshakeDone |
A flag indicating whether or not the handshake is known to have completed successfully (True) or not (False). This is used to control error reporting behavior. If the handshake has not completed, the underlying OpenSSL.SSL.Error will be passed to the application's connectionLost method. If it has completed, any unexpected OpenSSL.SSL.Error will be turned into a ConnectionLost. This is weird; however, it is simply an attempt at a faithful re-implementation of the behavior provided by twisted.internet.ssl. |
| Instance Variable | _lostTLSConnection |
A flag indicating whether connection loss has already been dealt with (True) or not (False). TLS disconnection is distinct from the underlying connection being lost. |
| Instance Variable | _producer |
The current producer registered via registerProducer, or None if no producer has been registered or a previous one was unregistered. |
| Instance Variable | _producerPaused |
Undocumented |
| Instance Variable | _reason |
If an unexpected OpenSSL.SSL.Error occurs which causes the connection to be lost, it is saved here. If appropriate, this may be used as the reason passed to the application protocol's connectionLost method. |
| Instance Variable | _tlsConnection |
The OpenSSL.SSL.Connection instance which is encrypted and decrypting this connection. |
Inherited from ProtocolWrapper:
| Method | __getattr__ |
Undocumented |
| Method | getHost |
Undocumented |
| Method | getPeer |
Undocumented |
| Method | logPrefix |
Use a customized log prefix mentioning both the wrapped protocol and the current one. |
| Method | stopConsuming |
Undocumented |
| Instance Variable | factory |
The WrappingFactory which created this ProtocolWrapper. |
| Instance Variable | wrappedProtocol |
An IProtocol provider to which IProtocol method calls onto this ProtocolWrapper will be proxied. |
| Parameters | |
reason:Failure | The reason that the verification failed; reported to the application protocol's connectionLost method. |
Return the OpenSSL.SSL.Connection object being used to encrypt and decrypt this connection.
This is done for the benefit of twisted.internet.ssl.Certificate's peerFromTransport and hostFromTransport methods only. A different system handle may be returned by future versions of this method.
OpenSSL.SSL.Connection with a memory BIO.Process the given application bytes and send any resulting TLS traffic which arrives in the send BIO.
If loseConnection was called, subsequent calls to write will drop the bytes on the floor.
TLSMemoryBIOProtocol._appSendBuffer, and tell any listening producer that it should pause because we are now buffering.Ask OpenSSL to proceed with a handshake in progress.
Initially, this just sends the ClientHello; after some bytes have been stuffed in to the Connection object by dataReceived, it will then respond to any Certificate or KeyExchange messages.
| Parameters | |
reason:Failure or None | a Failure whose value is an Exception if we want to report that failure through to the wrapped protocol's connectionLost, or None if the reason that connectionLost should receive should be coming from the underlying transport. |
Process the given application bytes and send any resulting TLS traffic which arrives in the send BIO.
This may be called by dataReceived with bytes that were buffered before loseConnection was called, which is why this function doesn't check for disconnection but accepts the bytes regardless.
twisted.internet.interfaces.ITLSTransport.startTLS implementation, since it has a protocol which it has already called makeConnection on, and which has no interest in a new transport. See #3821.OpenSSL.SSL.Error will be passed to the application's connectionLost method. If it has completed, any unexpected OpenSSL.SSL.Error will be turned into a ConnectionLost. This is weird; however, it is simply an attempt at a faithful re-implementation of the behavior provided by twisted.internet.ssl.None if no producer has been registered or a previous one was unregistered.OpenSSL.SSL.Error occurs which causes the connection to be lost, it is saved here. If appropriate, this may be used as the reason passed to the application protocol's connectionLost method.OpenSSL.SSL.Connection instance which is encrypted and decrypting this connection.