ssl: various fixes (#3789)

* ssl: fix arg names, mark positional-only args * ssl: add undocumented parameter to do_handshake * ssl: fix type of password in load_cert_chain * ssl: add session parameter to wrap_socket, wrap_bio in py36 on * ssl: update whitelists
2025-12-06 20:24:30 +08:00 · 2020-02-29 05:08:47 -08:00
parent 16ba411434
commit e4b4cd99c0
5 changed files with 31 additions and 39 deletions
--- a/stdlib/2and3/ssl.pyi
+++ b/stdlib/2and3/ssl.pyi
@@ -91,11 +91,11 @@ else:
 _create_default_https_context: Callable[..., SSLContext]

 if sys.version_info >= (3, 3):
-    def RAND_bytes(num: int) -> bytes: ...
-    def RAND_pseudo_bytes(num: int) -> Tuple[bytes, bool]: ...
+    def RAND_bytes(__num: int) -> bytes: ...
+    def RAND_pseudo_bytes(__num: int) -> Tuple[bytes, bool]: ...
 def RAND_status() -> bool: ...
 def RAND_egd(path: str) -> None: ...
-def RAND_add(bytes: bytes, entropy: float) -> None: ...
+def RAND_add(__s: bytes, __entropy: float) -> None: ...


 def match_hostname(cert: _PeerCertRetType, hostname: str) -> None: ...
@@ -215,8 +215,8 @@ class SSLSocket(socket.socket):

    def read(self, len: int = ...,
             buffer: Optional[bytearray] = ...) -> bytes: ...
-    def write(self, buf: bytes) -> int: ...
-    def do_handshake(self) -> None: ...
+    def write(self, data: bytes) -> int: ...
+    def do_handshake(self, block: bool = ...) -> None: ...  # block is undocumented
    @overload
    def getpeercert(self, binary_form: Literal[False] = ...) -> Optional[_PeerCertRetDictType]: ...
    @overload
@@ -262,7 +262,7 @@ class SSLContext:
        def __init__(self, protocol: int) -> None: ...
    def cert_store_stats(self) -> Dict[str, int]: ...
    def load_cert_chain(self, certfile: _Path, keyfile: Optional[_Path] = ...,
-                        password: _PasswordType = ...) -> None: ...
+                        password: Optional[_PasswordType] = ...) -> None: ...
    def load_default_certs(self, purpose: Purpose = ...) -> None: ...
    def load_verify_locations(
        self,
@@ -272,23 +272,35 @@ class SSLContext:
    ) -> None: ...
    def get_ca_certs(self, binary_form: bool = ...) -> Union[List[_PeerCertRetDictType], List[bytes]]: ...
    def set_default_verify_paths(self) -> None: ...
-    def set_ciphers(self, ciphers: str) -> None: ...
-    def set_alpn_protocols(self, protocols: List[str]) -> None: ...
+    def set_ciphers(self, __cipherlist: str) -> None: ...
+    def set_alpn_protocols(self, alpn_protocols: List[str]) -> None: ...
    if sys.version_info >= (3, 7):
        sni_callback: Optional[Callable[[SSLObject, str, SSLContext], Union[None, int]]]
        sslobject_class: Type[SSLObject]
-    def set_npn_protocols(self, protocols: List[str]) -> None: ...
+    def set_npn_protocols(self, npn_protocols: List[str]) -> None: ...
    if sys.version_info >= (3, 7):
        def set_servername_callback(self, server_name_callback: Optional[_SrvnmeCbType]) -> None: ...
    else:
        def set_servername_callback(self, __method: Optional[_SrvnmeCbType]) -> None: ...
-    def load_dh_params(self, dhfile: str) -> None: ...
-    def set_ecdh_curve(self, curve_name: str) -> None: ...
-    def wrap_socket(self, sock: socket.socket, server_side: bool = ...,
-                    do_handshake_on_connect: bool = ...,
-                    suppress_ragged_eofs: bool = ...,
-                    server_hostname: Optional[str] = ...) -> SSLSocket: ...
-    if sys.version_info >= (3, 5):
+    def load_dh_params(self, __path: str) -> None: ...
+    def set_ecdh_curve(self, __name: str) -> None: ...
+    if sys.version_info >= (3, 6):
+        def wrap_socket(self, sock: socket.socket, server_side: bool = ...,
+                        do_handshake_on_connect: bool = ...,
+                        suppress_ragged_eofs: bool = ...,
+                        server_hostname: Optional[str] = ...,
+                        session: Optional[SSLSession] = ...) -> SSLSocket: ...
+    else:
+        def wrap_socket(self, sock: socket.socket, server_side: bool = ...,
+                        do_handshake_on_connect: bool = ...,
+                        suppress_ragged_eofs: bool = ...,
+                        server_hostname: Optional[str] = ...) -> SSLSocket: ...
+    if sys.version_info >= (3, 6):
+        def wrap_bio(self, incoming: MemoryBIO, outgoing: MemoryBIO,
+                     server_side: bool = ...,
+                     server_hostname: Optional[str] = ...,
+                     session: Optional[SSLSession] = ...) -> SSLObject: ...
+    elif sys.version_info >= (3, 5):
        def wrap_bio(self, incoming: MemoryBIO, outgoing: MemoryBIO,
                     server_side: bool = ...,
                     server_hostname: Optional[str] = ...) -> SSLObject: ...
@@ -308,7 +320,7 @@ if sys.version_info >= (3, 5):
            session_reused: bool
        def read(self, len: int = ...,
                 buffer: Optional[bytearray] = ...) -> bytes: ...
-        def write(self, buf: bytes) -> int: ...
+        def write(self, data: bytes) -> int: ...
        @overload
        def getpeercert(self, binary_form: Literal[False] = ...) -> Optional[_PeerCertRetDictType]: ...
        @overload
@@ -331,8 +343,8 @@ if sys.version_info >= (3, 5):
    class MemoryBIO:
        pending: int
        eof: bool
-        def read(self, n: int = ...) -> bytes: ...
-        def write(self, buf: bytes) -> int: ...
+        def read(self, __size: int = ...) -> bytes: ...
+        def write(self, __buf: bytes) -> int: ...
        def write_eof(self) -> None: ...

 if sys.version_info >= (3, 6):