tlslite.integration.httptlsconnection module

TLS Lite + httplib.

class tlslite.integration.httptlsconnection.HTTPTLSConnection(host, port=None, strict=None, timeout=<object object>, source_address=None, username=None, password=None, certChain=None, privateKey=None, checker=None, settings=None, ignoreAbruptClose=False, anon=False)

Bases: http.client.HTTPConnection, tlslite.integration.clienthelper.ClientHelper

This class extends L{httplib.HTTPConnection} to support TLS.

__init__(host, port=None, strict=None, timeout=<object object>, source_address=None, username=None, password=None, certChain=None, privateKey=None, checker=None, settings=None, ignoreAbruptClose=False, anon=False)

Create a new HTTPTLSConnection.

For client authentication, use one of these argument combinations:

  • username, password (SRP)
  • certChain, privateKey (certificate)

For server authentication, you can either rely on the implicit mutual authentication performed by SRP or you can do certificate-based server authentication with one of these argument combinations:

  • x509Fingerprint

Certificate-based server authentication is compatible with SRP or certificate-based client authentication.

The constructor does not perform the TLS handshake itself, but simply stores these arguments for later. The handshake is performed only when this class needs to connect with the server. Thus you should be prepared to handle TLS-specific exceptions when calling methods inherited from httplib.HTTPConnection such as request(), connect(), and send(). See the client handshake functions in TLSConnection for details on which exceptions might be raised.

Parameters:
  • host (str) – Server to connect to.
  • port (int) – Port to connect to.
  • username (str) – SRP username. Requires the ‘password’ argument.
  • password (str) – SRP password for mutual authentication. Requires the ‘username’ argument.
  • certChain (X509CertChain) – Certificate chain for client authentication. Requires the ‘privateKey’ argument. Excludes the SRP arguments.
  • privateKey (RSAKey) – Private key for client authentication. Requires the ‘certChain’ argument. Excludes the SRP arguments.
  • checker (Checker) – Callable object called after handshaking to evaluate the connection and raise an Exception if necessary.
  • settings (HandshakeSettings) – Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
  • ignoreAbruptClose (bool) – ignore the TLSAbruptCloseError on unexpected hangup.
__module__ = 'tlslite.integration.httptlsconnection'
connect()

Connect to the host and port specified in __init__.