Ñò Ç\äQc@sYddkZddkZddkZddkZddkZddkZddklZlZddkl Z yddk Z Wne j o dZ nXdddddgZ d iƒiƒZeZZxod d d gfd ddgffD]I\ZZx:eD]2ZydeefdUWqe j oqXqWqðWe dj oeeefjZyddklZWn7e j o+eedeƒƒZedd„ZnXyddk lZlZWn>e j o2defd„ƒYZdd„Zd„ZnXdefd„ƒYZdefd„ƒYZ dd„Z!da"d„Z#d„Z$dS( iÿÿÿÿN(tResolutionErrortExtractionError(turllib2tVerifyingHTTPSHandlertfind_ca_bundlet is_availablet cert_pathst opener_forsÄ /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt /usr/share/ssl/certs/ca-bundle.crt /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem /System/Library/OpenSSL/certs/cert.pem t HTTPSHandlerRsurllib.requesttHTTPSConnectionthttplibs http.clientsfrom %s import %s(tcreate_connectiont_GLOBAL_DEFAULT_TIMEOUTc Cs|\}}d}xÕti||dtiƒD]¸}|\}}} } } d} y`ti||| ƒ} |tj o| i|ƒn|o| i|ƒn| i| ƒ| SWq.tj o(t }| dj o| i ƒqæq.Xq.W|o‚n tdƒ‚dS(sˆConnect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. An host of '' or port 0 tells the OS to use the default. is!getaddrinfo returns an empty listN( tNonetsockett getaddrinfot SOCK_STREAMR t settimeouttbindtconnectterrortTruetclose( taddressttimeouttsource_addressthosttportterrtrestaftsocktypetprotot canonnametsatsock((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyR 0s*    (tCertificateErrortmatch_hostnameR$cBseZRS((t__name__t __module__(((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyR$XsicCsºg}x|idƒD]|}|idƒ|jotdt|ƒƒ‚n|djo|idƒqti|ƒ}|i|iddƒƒqWtiddi |ƒd ti ƒS( Nt.t*s,too many wildcards in certificate DNS name: s[^.]+s\*s[^.]*s\As\.s\Z( tsplittcountR$treprtappendtretescapetreplacetcompiletjoint IGNORECASE(tdnt max_wildcardstpatstfrag((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyt_dnsname_to_pat[s c Csw|ptdƒ‚ng}|idd ƒ}xM|D]E\}}|djo,t|ƒi|ƒodS|i|ƒq6q6W|pqxn|iddƒD]V}xM|D]E\}}|djo,t|ƒi|ƒodS|i|ƒq¦q¦Wq™Wnt|ƒdjo,td|d itt |ƒƒfƒ‚n>t|ƒdjotd ||d fƒ‚n td ƒ‚dS(s7Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 rules are mostly followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. sempty or no certificatetsubjectAltNametDNSNtsubjectt commonNameis&hostname %r doesn't match either of %ss, shostname %r doesn't match %ris=no appropriate commonName or subjectAltName fields were found((( t ValueErrortgetR8tmatchR-tlenR$R2tmapR,(tcertthostnametdnsnamestsantkeytvaluetsub((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyR%os4    &cBs eZdZd„Zd„ZRS(s=Simple verifying handler: no auth, subclasses, timeouts, etc.cCs||_ti|ƒdS(N(t ca_bundleRt__init__(tselfRI((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyRJ±s csˆi‡fd†|ƒS(Ncst|ˆi|S((tVerifyingHTTPSConnRI(Rtkw(RK(s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyt·s(tdo_open(RKtreq((RKs</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyt https_openµs(R&R't__doc__RJRQ(((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyR®s RLcBs eZdZd„Zd„ZRS(s@Simple verifying connection: no auth, subclasses, timeouts, etc.cKs ti|||||_dS(N(R RJRI(RKRRIRM((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyRJ½scCs¥t|i|ift|ddƒƒ}ti|dtid|iƒ|_ yt |i i ƒ|iƒWn6t j o*|i i tiƒ|i iƒ‚nXdS(NRt cert_reqstca_certs(R RRtgetattrR tsslt wrap_sockett CERT_REQUIREDRIR#R%t getpeercertR$tshutdownRt SHUT_RDWRR(RKR#((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyRÁs$ (R&R'RRRJR(((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyRL»s cCs tit|ptƒƒƒiS(s@Get a urlopen() replacement that uses ca_bundle for verification(Rt build_openerRRtopen(RI((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyRÏsc sxtdj otiSyddkl‰Wntj odSXdˆf‡fd†ƒY}|dddgƒatiS(Niÿÿÿÿ(tCertFilet MyCertFilecseZdd‡fd†ZRS(csLˆi|ƒx|D]}|i|ƒqW|i|ƒti|iƒdS(N(RJtaddstoretaddcertstatexittregisterR(RKtstorestcertststore(R^(s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyRJäs   (((R&R'RJ((R^(s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyR_ãsRdtCAtROOT(t _wincertsR tnamet wincertstoreR^t ImportError(R_((R^s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pytget_win_certfileÙs c CsytidjotƒSx&tD]}tii|ƒo|SqWytiddƒSWntt t fj odSXdS(s*Return an existing CA bundle path, or Nonetnttcertifis cacert.pemN( tosRjRmRtpathtisfilet pkg_resourcestresource_filenameRlRRR (t cert_path((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pyRïs (%tsysRpRRbR.RsRRtsetuptools.compatRRVRlR t__all__tstripR*RtobjectRR twhattwheretmoduleRR RUR R$R%R=R8RRLRRiRmR(((s</usr/lib/python2.6/vendor-packages/setuptools/ssl_support.pytsP<       $ ?