Remove avoidable imports from OpenSSL

Fixes #38
2024-11-23 00:01:36 +00:00 · 2014-09-09 10:08:56 +12:00 · 2014-09-09 10:08:56 +12:00 · 63c1efd394
commit 63c1efd394
parent 07990fdcc2
2 changed files with 23 additions and 38 deletions
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@ -1,6 +1,12 @@
 from __future__ import (absolute_import, print_function, division)
-import select, socket, threading, sys, time, traceback
+import select
+import socket
+import sys
+import threading
+import time
+import traceback
 from OpenSSL import SSL
+
 from . import certutils


@ -11,35 +17,6 @@ SSLv3_METHOD = SSL.SSLv3_METHOD
 SSLv23_METHOD = SSL.SSLv23_METHOD
 TLSv1_METHOD = SSL.TLSv1_METHOD

-OP_ALL = SSL.OP_ALL
-OP_CIPHER_SERVER_PREFERENCE = SSL.OP_CIPHER_SERVER_PREFERENCE
-OP_COOKIE_EXCHANGE = SSL.OP_COOKIE_EXCHANGE
-OP_DONT_INSERT_EMPTY_FRAGMENTS = SSL.OP_DONT_INSERT_EMPTY_FRAGMENTS
-OP_EPHEMERAL_RSA = SSL.OP_EPHEMERAL_RSA
-OP_MICROSOFT_BIG_SSLV3_BUFFER = SSL.OP_MICROSOFT_BIG_SSLV3_BUFFER
-OP_MICROSOFT_SESS_ID_BUG = SSL.OP_MICROSOFT_SESS_ID_BUG
-try:
-    OP_MSIE_SSLV2_RSA_PADDING = SSL.OP_MSIE_SSLV2_RSA_PADDING
-except AttributeError:
-    pass
-OP_NETSCAPE_CA_DN_BUG = SSL.OP_NETSCAPE_CA_DN_BUG
-OP_NETSCAPE_CHALLENGE_BUG = SSL.OP_NETSCAPE_CHALLENGE_BUG
-OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = SSL.OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = SSL.OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
-OP_NO_QUERY_MTU = SSL.OP_NO_QUERY_MTU
-OP_NO_SSLv2 = SSL.OP_NO_SSLv2
-OP_NO_SSLv3 = SSL.OP_NO_SSLv3
-OP_NO_TICKET = SSL.OP_NO_TICKET
-OP_NO_TLSv1 = SSL.OP_NO_TLSv1
-OP_PKCS1_CHECK_1 = SSL.OP_PKCS1_CHECK_1
-OP_PKCS1_CHECK_2 = SSL.OP_PKCS1_CHECK_2
-OP_SINGLE_DH_USE = SSL.OP_SINGLE_DH_USE
-OP_SSLEAY_080_CLIENT_DH_BUG = SSL.OP_SSLEAY_080_CLIENT_DH_BUG
-OP_SSLREF2_REUSE_CERT_TYPE_BUG = SSL.OP_SSLREF2_REUSE_CERT_TYPE_BUG
-OP_TLS_BLOCK_PADDING_BUG = SSL.OP_TLS_BLOCK_PADDING_BUG
-OP_TLS_D5_BUG = SSL.OP_TLS_D5_BUG
-OP_TLS_ROLLBACK_BUG = SSL.OP_TLS_ROLLBACK_BUG
-

 class NetLibError(Exception): pass
 class NetLibDisconnect(NetLibError): pass
@ -251,7 +228,8 @@ class _Connection(object):

    def close(self):
        """
-            Does a hard close of the socket, i.e. a shutdown, followed by a close.
+            Does a hard close of the socket, i.e. a shutdown, followed by a
+            close.
        """
        try:
            if self.ssl_established:
@ -273,6 +251,7 @@ class _Connection(object):
 class TCPClient(_Connection):
    rbufsize = -1
    wbufsize = -1
+
    def __init__(self, address, source_address=None):
        self.address = Address.wrap(address)
        self.source_address = Address.wrap(source_address) if source_address else None
@ -284,6 +263,8 @@ class TCPClient(_Connection):
    def convert_to_ssl(self, cert=None, sni=None, method=TLSv1_METHOD, options=None, cipher_list=None):
        """
            cert: Path to a file containing both client cert and private key.
+
+            options: A bit field consisting of OpenSSL.SSL.OP_* values
        """
        context = SSL.Context(method)
        if cipher_list:
@ -358,18 +339,22 @@ class BaseHandler(_Connection):
                           dhparams=None, ca_file=None):
        """
            cert: A certutils.SSLCert object.
+
            method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
+
            handle_sni: SNI handler, should take a connection object. Server
            name can be retrieved like this:

-                            connection.get_servername()
+                    connection.get_servername()

-                        And you can specify the connection keys as follows:
+            options: A bit field consisting of OpenSSL.SSL.OP_* values

-                            new_context = Context(TLSv1_METHOD)
-                            new_context.use_privatekey(key)
-                            new_context.use_certificate(cert)
-                            connection.set_context(new_context)
+            And you can specify the connection keys as follows:
+
+                    new_context = Context(TLSv1_METHOD)
+                    new_context.use_privatekey(key)
+                    new_context.use_certificate(cert)
+                    connection.set_context(new_context)

            The request_client_cert argument requires some explanation. We're
            supposed to be able to do this with no negative effects - if the
--- a/test/test_tcp.py
+++ b/test/test_tcp.py
@ -123,7 +123,7 @@ class TestServerSSL(test.ServerTestBase):
    def test_echo(self):
        c = tcp.TCPClient(("127.0.0.1", self.port))
        c.connect()
-        c.convert_to_ssl(sni="foo.com", options=tcp.OP_ALL)
+        c.convert_to_ssl(sni="foo.com", options=SSL.OP_ALL)
        testval = "echo!\n"
        c.wfile.write(testval)
        c.wfile.flush()