How to use the curio.ssl.create_default_context function in curio

To help you get started, we’ve selected a few curio examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github dabeaz / curio / tests / test_network.py View on Github external
async def main():
        # It might be desirable to move these out of the examples
        # directory, as this test are now relying on them being around
        file_path = join(dirname(dirname(__file__)), 'examples')
        cert_file = join(file_path, 'ssl_test.crt')
        key_file = join(file_path, 'ssl_test_rsa')

        server_context = curiossl.create_default_context(ssl.Purpose.CLIENT_AUTH)
        server_context.load_cert_chain(certfile=cert_file, keyfile=key_file)

        stdlib_client_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
        curio_client_context = curiossl.create_default_context(ssl.Purpose.SERVER_AUTH)

        server_task = await spawn(partial(network.tcp_server, '', 10000, handler, ssl=server_context))
        await sleep(0.1)

        for test_context in (curio_client_context, stdlib_client_context):
            test_context.check_hostname = False
            test_context.verify_mode = ssl.CERT_NONE
            resp = await client('localhost', 10000, test_context)
            assert resp == b'Back atcha: Hello, world!'

        await server_task.cancel()
github JeffBelgum / curious / curious / server.py View on Github external
def create_ssl_context(self):
        """
        Create an SSL context that has reasonable settings and supports alpn for
        h2 and http/1.1 in that order.
        """
        ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
        ssl_context.options |= ssl.OP_NO_TLSv1
        ssl_context.options |= ssl.OP_NO_TLSv1_1
        ssl_context.options |= ssl.OP_NO_COMPRESSION
        ssl_context.set_ciphers(self.tls_ciphers)
        ssl_context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
        ssl_context.set_alpn_protocols(["h2", "http/1.1"])
        return ssl_context
github dabeaz / curio / examples / ssl_http2.py View on Github external
break
        print(line)

    await writer.write(
b'''HTTP/1.0 200 OK\r
Content-type: text/plain\r
\r
If you're seeing this, it probably worked. Yay!
''')
    await writer.write(time.asctime().encode('ascii'))
    await writer.close()
    await reader.close()

if __name__ == '__main__':
    kernel = curio.Kernel()
    ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
    ssl_context.load_cert_chain(certfile=CERTFILE, keyfile=KEYFILE)
    kernel.run(curio.run_server('', 10000, handler, ssl=ssl_context))
github guyingbo / shadowproxy / shadowproxy.py View on Github external
def uri_compile(uri, is_server):
    url = urllib.parse.urlparse(uri)
    kw = {}
    if url.scheme == 'tunneludp':
        if not url.fragment:
            raise argparse.ArgumentTypeError(
                    'destitation must be assign in tunnel udp mode, '
                    'example tunneludp://:53#8.8.8.8:53')
        host, _, port = url.fragment.partition(':')
        kw['target_addr'] = (host, int(port))
    if url.scheme in ('https',):
        if not url.fragment:
            raise argparse.ArgumentTypeError('#keyfile,certfile is needed')
        keyfile, _, certfile = url.fragment.partition(',')
        ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
        ssl_context.load_cert_chain(certfile=certfile, keyfile=keyfile)
        kw['ssl_context'] = ssl_context
    proto = server_protos[url.scheme] if is_server else \
        client_protos[url.scheme]
    cipher, _, loc = url.netloc.rpartition('@')
    if cipher:
        cipher_cls, _, password = cipher.partition(':')
        if url.scheme.startswith('ss'):
            kw['cipher_cls'] = ciphers[cipher_cls]
            kw['password'] = password.encode()
        elif url.scheme in ('http', 'https', 'socks'):
            kw['auth'] = (cipher_cls.encode(), password.encode())
        else:
            pass
    if loc:
        kw['host'], _, port = loc.partition(':')
github python-hyper / hyper-h2 / examples / curio / curio-server.py View on Github external
async def create_listening_ssl_socket(address, certfile, keyfile):
    """
    Create and return a listening TLS socket on a given address.
    """
    ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
    ssl_context.options |= (
        ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION
    )
    ssl_context.set_ciphers("ECDHE+AESGCM")
    ssl_context.load_cert_chain(certfile=certfile, keyfile=keyfile)
    ssl_context.set_alpn_protocols(["h2"])

    sock = socket.socket()
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    sock = await ssl_context.wrap_socket(sock)
    sock.bind(address)
    sock.listen()

    return sock
github dabeaz / curio / examples / bench / curiosslstream.py View on Github external
try:
        client.setsockopt(IPPROTO_TCP, TCP_NODELAY, 1)
    except (OSError, NameError):
        pass
    s = client.as_stream()
    while True:
        data = await s.read(102400)
        if not data:
            break
        await s.write(data)
    await s.close()
    print('Connection closed')


if __name__ == '__main__':
    ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
    ssl_context.load_cert_chain(certfile=CERTFILE, keyfile=KEYFILE)
    run(tcp_server, '', 25000, echo_handler, ssl=ssl_context)