aboutsummaryrefslogtreecommitdiff
path: root/src/utils/security.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/utils/security.py')
-rw-r--r--src/utils/security.py23
1 files changed, 23 insertions, 0 deletions
diff --git a/src/utils/security.py b/src/utils/security.py
new file mode 100644
index 00000000..266a767a
--- /dev/null
+++ b/src/utils/security.py
@@ -0,0 +1,23 @@
+import socket, ssl
+
+def ssl_context(cert: str=None, key: str=None, verify: bool=True
+ ) -> ssl.SSLContext:
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+ context.options |= ssl.OP_NO_SSLv2
+ context.options |= ssl.OP_NO_SSLv3
+ context.options |= ssl.OP_NO_TLSv1
+ context.load_default_certs()
+
+ if verify:
+ context.verify_mode = ssl.CERT_REQUIRED
+ if cert and key:
+ context.load_cert_chain(cert, keyfile=key)
+
+ return context
+
+def ssl_wrap(sock: socket.socket, cert: str=None, key: str=None,
+ verify: bool=True, server_side: bool=False, hostname: str=None
+ ) -> ssl.SSLSocket:
+ context = ssl_context(cert=cert, key=key, verify=verify)
+ return context.wrap_socket(sock, server_side=server_side,
+ server_hostname=hostname)
generated by cgit v1.3.1-10-gc9f91 (git 2.54.0) at 2026-06-12 01:31:57 +0000