1 # Author: Trevor Perrin
2 # See the LICENSE file for legal information regarding use of this file.
4 """TLS Lite + poplib."""
7 from poplib import POP3, POP3_SSL_PORT
8 from tlslite.tlsconnection import TLSConnection
9 from tlslite.integration.clienthelper import ClientHelper
11 class POP3_TLS(POP3, ClientHelper):
12 """This class extends L{poplib.POP3} with TLS support."""
14 def __init__(self, host, port = POP3_SSL_PORT,
15 timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
16 username=None, password=None,
17 certChain=None, privateKey=None,
20 """Create a new POP3_TLS.
22 For client authentication, use one of these argument
24 - username, password (SRP)
25 - certChain, privateKey (certificate)
27 For server authentication, you can either rely on the
28 implicit mutual authentication performed by SRP or
29 you can do certificate-based server
30 authentication with one of these argument combinations:
33 Certificate-based server authentication is compatible with
34 SRP or certificate-based client authentication.
36 The caller should be prepared to handle TLS-specific
37 exceptions. See the client handshake functions in
38 L{tlslite.TLSConnection.TLSConnection} for details on which
39 exceptions might be raised.
42 @param host: Server to connect to.
45 @param port: Port to connect to.
48 @param username: SRP username.
51 @param password: SRP password for mutual authentication.
52 Requires the 'username' argument.
54 @type certChain: L{tlslite.x509certchain.X509CertChain}
55 @param certChain: Certificate chain for client authentication.
56 Requires the 'privateKey' argument. Excludes the SRP argument.
58 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
59 @param privateKey: Private key for client authentication.
60 Requires the 'certChain' argument. Excludes the SRP argument.
62 @type checker: L{tlslite.checker.Checker}
63 @param checker: Callable object called after handshaking to
64 evaluate the connection and raise an Exception if necessary.
66 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
67 @param settings: Various settings which can be used to control
68 the ciphersuites, certificate types, and SSL/TLS versions
69 offered by the client.
73 sock = socket.create_connection((host, port), timeout)
74 ClientHelper.__init__(self,
76 certChain, privateKey,
79 connection = TLSConnection(sock)
80 ClientHelper._handshake(self, connection)
81 self.sock = connection
82 self.file = self.sock.makefile('rb')
84 self.welcome = self._getresp()