Permalink
Browse files

fixed style issues

  • Loading branch information...
1 parent 60fedaa commit 10ee82d38f7287833dd41a7153c06757c1b2db3b @t-8ch t-8ch committed Jan 22, 2013
Showing with 29 additions and 27 deletions.
  1. +9 −8 urllib3/connectionpool.py
  2. +20 −19 urllib3/util.py
View
17 urllib3/connectionpool.py
@@ -9,7 +9,7 @@
import errno
from socket import error as SocketError, timeout as SocketTimeout
-from .util import resolve_cert_reqs, resolve_ssl_version, match_fingerprint
+from .util import resolve_cert_reqs, resolve_ssl_version, assert_fingerprint
try: # Python 3
from http.client import HTTPConnection, HTTPException
@@ -80,8 +80,9 @@ class VerifiedHTTPSConnection(HTTPSConnection):
ca_certs = None
ssl_version = None
- def set_cert(self, key_file=None, cert_file=None, cert_reqs=None,
- ca_certs=None, verify_hostname=None, verify_fingerprint=None):
+ def set_cert(self, key_file=None, cert_file=None,
+ cert_reqs=None, ca_certs=None,
+ verify_hostname=None, verify_fingerprint=None):
self.key_file = key_file
self.cert_file = cert_file
@@ -107,8 +108,8 @@ def connect(self):
if resolved_cert_reqs != ssl.CERT_NONE:
if self.verify_fingerprint:
- match_fingerprint(self.sock.getpeercert(binary_form=True),
- self.verify_fingerprint)
+ assert_fingerprint(self.sock.getpeercert(binary_form=True),
+ self.verify_fingerprint)
else:
match_hostname(self.sock.getpeercert(),
self.verify_hostname or self.host)
@@ -509,7 +510,7 @@ class HTTPSConnectionPool(HTTPConnectionPool):
instead of :class:`httplib.HTTPSConnection`.
The ``key_file``, ``cert_file``, ``cert_reqs``, ``ca_certs``,
- ``ssl_version`` ``verify_fingerprint`` and ``verify_hostname``
+ ``ssl_version``, ``verify_hostname`` and ``verify_fingerprint``
are only used if :mod:`ssl` is available and are fed into
:meth:`urllib3.util.ssl_wrap_socket` to upgrade the connection socket
into an SSL socket.
@@ -521,8 +522,8 @@ def __init__(self, host, port=None,
strict=False, timeout=None, maxsize=1,
block=False, headers=None,
key_file=None, cert_file=None, cert_reqs=None,
- ca_certs=None, ssl_version=None, verify_hostname=None,
- verify_fingerprint=None):
+ ca_certs=None, ssl_version=None,
+ verify_hostname=None, verify_fingerprint=None):
HTTPConnectionPool.__init__(self, host, port,
strict, timeout, maxsize,
View
39 urllib3/util.py
@@ -25,16 +25,15 @@
HAS_SNI = False
import ssl
- from ssl import wrap_socket, CERT_NONE, SSLError, PROTOCOL_SSLv23
- from .exceptions import SSLError
+ from ssl import wrap_socket, CERT_NONE, PROTOCOL_SSLv23
from ssl import SSLContext # Modern SSL?
from ssl import HAS_SNI # Has SNI?
except ImportError:
pass
from .packages import six
-from .exceptions import LocationParseError
+from .exceptions import LocationParseError, SSLError
class Url(namedtuple('Url', ['scheme', 'auth', 'host', 'port', 'path', 'query', 'fragment'])):
@@ -306,40 +305,42 @@ def resolve_ssl_version(candidate):
return candidate
-def match_fingerprint(remote, local):
+def assert_fingerprint(cert, fingerprint):
"""
- Compares if both supplied fingerprints match.
+ Checks if given fingerprint matches the supplied certificate.
- remote -- binary
- local -- hexstring, can be separated by colons
+ :param cert:
+ Certificate as bytes object.
+ :param fingerprint:
+ Fingerprint as string of hexdigits, can be interspersed by colons.
"""
- # maps the raw byte length of a digest to its hash function
+ # Maps the length of a digest to a possible hash function producing
+ # this digest
hashfunc_map = {
16: md5,
20: sha1
}
- norm_local = local.replace(':', '').lower()
+ fingerprint = fingerprint.replace(':', '').lower()
- div, mod = divmod(len(norm_local), 2)
+ digest_length, rest = divmod(len(fingerprint), 2)
- if mod != 0 or div not in hashfunc_map:
+ if rest or digest_length not in hashfunc_map:
raise SSLError('Fingerprint is of invalid length')
- # need encode() here for py32, works on py2 and p33
- norm_local = unhexlify(norm_local.encode())
+ # We need encode() here for py32, works on py2 and p33
+ fingerprint_bytes = unhexlify(fingerprint.encode())
- hashfunc = hashfunc_map[len(norm_local)]
+ hashfunc = hashfunc_map[digest_length]
- # binary
- norm_remote = hashfunc(remote).digest()
+ cert_digest = hashfunc(cert).digest()
- if not norm_remote == norm_local:
+ if not cert_digest == fingerprint_bytes:
raise SSLError('Fingerprints did not match!\n'
'Supplied: {0}\n'
- 'Actual : {1}'.format(hexlify(norm_local),
- hexlify(norm_remote)))
+ 'Actual : {1}'.format(hexlify(fingerprint_bytes),
+ hexlify(cert_digest)))
if SSLContext is not None: # Python 3.2+

0 comments on commit 10ee82d

Please sign in to comment.