Merge pull request #222 from aiokitchen/fix-docbuild

Python 3.13 support

Author: mosquito

.github/workflows/tests.yml

@@ -55,11 +55,11 @@ jobs:
 
       matrix:
         python:
-          - '3.8'
           - '3.9'
           - '3.10'
           - '3.11'
           - '3.12'
+          - '3.13'
     steps:
       - uses: actions/checkout@v2
       - name: Setup python${{ matrix.python }}

aiomisc/process_pool.py

@@ -39,7 +39,9 @@ def _statistic_callback(
         self._statistic.sum_time += loop.time() - start_time
 
     def submit(self, *args: Any, **kwargs: Any) -> Future:
-        """Submit blocking function to the pool"""
+        """
+        Submit blocking function to the pool
+        """
         loop = asyncio.get_running_loop()
         start_time = loop.time()
         future = super().submit(*args, **kwargs)

aiomisc/service/tls.py

@@ -17,6 +17,19 @@
 log = logging.getLogger(__name__)
 
 
+DEFAULT_SSL_CIPHERS = (
+    "ECDHE-RSA-AES256-GCM-SHA384",
+    "ECDHE-ECDSA-AES256-GCM-SHA384",
+    "ECDHE-RSA-CHACHA20-POLY1305",
+    "ECDHE-ECDSA-CHACHA20-POLY1305",
+    "ECDHE-RSA-AES128-GCM-SHA256",
+    "ECDHE-ECDSA-AES128-GCM-SHA256",
+)
+
+DEFAULT_SSL_MIN_VERSION = ssl.TLSVersion.TLSv1_3
+DEFAULT_SSL_MAX_VERSION = ssl.TLSVersion.TLSv1_3
+
+
 @dataclass(frozen=True)
 class SSLOptionsBase:
     cert: Optional[Path]
@@ -25,13 +38,19 @@ class SSLOptionsBase:
     verify: bool
     require_client_cert: bool
     purpose: ssl.Purpose
+    minimum_version: ssl.TLSVersion = DEFAULT_SSL_MIN_VERSION
+    maximum_version: ssl.TLSVersion = DEFAULT_SSL_MAX_VERSION
+    ciphers: Tuple[str, ...] = DEFAULT_SSL_CIPHERS
 
 
 class SSLOptions(SSLOptionsBase):
     def __init__(
         self, cert: Optional[PathOrStr], key: Optional[PathOrStr],
         ca: Optional[PathOrStr], verify: bool, require_client_cert: bool,
         purpose: ssl.Purpose,
+        minimum_version: ssl.TLSVersion = DEFAULT_SSL_MIN_VERSION,
+        maximum_version: ssl.TLSVersion = DEFAULT_SSL_MAX_VERSION,
+        ciphers: Tuple[str, ...] = DEFAULT_SSL_CIPHERS,
     ) -> None:
         super().__init__(
             cert=Path(cert) if cert else None,
@@ -40,25 +59,48 @@ def __init__(
             verify=verify,
             require_client_cert=require_client_cert,
             purpose=purpose,
+            minimum_version=minimum_version,
+            maximum_version=maximum_version,
+            ciphers=ciphers,
         )
 
     def create_context(self) -> ssl.SSLContext:
         context = ssl.create_default_context(
-            purpose=self.purpose, cafile=self.ca,
+            purpose=self.purpose,
         )
 
-        if self.ca and not self.ca.exists():
-            raise FileNotFoundError("CA file doesn't exists")
+        # Disable compression to prevent CRIME attacks
+        context.options |= ssl.OP_NO_COMPRESSION
+
+        context.maximum_version = self.maximum_version
+        context.minimum_version = self.minimum_version
+        context.set_ciphers(":".join(self.ciphers))
+
+        if not self.verify:
+            context.check_hostname = False
+
+        if self.ca:
+            log.debug("Loading CA from %s", self.ca)
+            if not self.ca.exists():
+                raise FileNotFoundError(
+                    "CA file doesn't exists", str(self.ca.resolve()),
+                )
+            context.load_verify_locations(cafile=str(self.ca))
 
         if self.require_client_cert:
+            log.debug("Set server-side cert verification")
             context.verify_mode = ssl.VerifyMode.CERT_REQUIRED
+            # Post-handshake authentication is required
+            context.post_handshake_auth = True
+        else:
+            # Disable server-side cert verification
+            context.check_hostname = False
+            context.verify_mode = ssl.VerifyMode.CERT_NONE
 
+        # Load server-side cert and key
         if self.key and self.cert:
             context.load_cert_chain(self.cert, self.key)
 
-        if not self.verify:
-            context.check_hostname = False
-
         return context
 
 
@@ -69,13 +111,20 @@ def __init__(
         self, *, address: Optional[str] = None, port: Optional[int] = None,
         cert: PathOrStr, key: PathOrStr, ca: Optional[PathOrStr] = None,
         require_client_cert: bool = False, verify: bool = True,
+        minimum_version: ssl.TLSVersion = DEFAULT_SSL_MIN_VERSION,
+        maximum_version: ssl.TLSVersion = DEFAULT_SSL_MAX_VERSION,
+        ciphers: Tuple[str, ...] = DEFAULT_SSL_CIPHERS,
         options: OptionsType = (), sock: Optional[socket.socket] = None,
         **kwargs: Any,
     ):
 
         self.__ssl_options = SSLOptions(
-            cert, key, ca, verify, require_client_cert,
-            ssl.Purpose.CLIENT_AUTH,
+            cert=cert, key=key, ca=ca, verify=verify,
+            require_client_cert=require_client_cert,
+            purpose=ssl.Purpose.CLIENT_AUTH,
+            minimum_version=minimum_version,
+            maximum_version=maximum_version,
+            ciphers=ciphers,
         )
 
         if not sock:

docs/source/index.rst

@@ -5,8 +5,8 @@ aiomisc - miscellaneous utils for asyncio
    :target: https://coveralls.io/github/aiokitchen/aiomisc
    :alt: Coveralls
 
-.. image:: https://github.com/aiokitchen/aiomisc/workflows/tox/badge.svg
-   :target: https://github.com/aiokitchen/aiomisc/actions?query=workflow%3Atox
+.. image:: https://github.com/aiokitchen/aiomisc/actions/workflows/tests.yml/badge.svg
+   :target: https://github.com/aiokitchen/aiomisc/actions/workflows/tests.yml
    :alt: Actions
 
 .. image:: https://img.shields.io/pypi/v/aiomisc.svg

docs/source/locale/ru/LC_MESSAGES/api/aiomisc.po

@@ -6,14 +6,14 @@ msgid ""
 msgstr ""
 "Project-Id-Version: aiomisc 16.1.16\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-06-03 23:11+0200\n"
+"POT-Creation-Date: 2025-03-03 13:05+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Ivan Sitkin <[email protected]>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Generated-By: Babel 2.15.0\n"
+"Generated-By: Babel 2.17.0\n"
 
 #: ../../source/api/aiomisc.rst:2
 msgid "``aiomisc`` module"
@@ -321,6 +321,7 @@ msgid ""
 msgstr ""
 
 #: of typing.ParamSpec:15
+#, python-brace-format
 msgid ""
 "T = TypeVar('T')\n"
 "P = ParamSpec('P')\n"
@@ -585,6 +586,45 @@ msgstr ""
 msgid "``aiomisc.log`` module"
 msgstr "Модуль ``aiomisc.log``"
 
+#: aiomisc.log.ThreadedHandler:1 of
+msgid "Bases: :py:class:`~logging.Handler`"
+msgstr ""
+
+#: aiomisc.log.ThreadedHandler:1 of
+msgid ""
+"Initializes the instance - basically setting the formatter to None and "
+"the filter list to empty."
+msgstr ""
+
+#: aiomisc.log.ThreadedHandler.close:1 of
+msgid "Tidy up any resources used by the handler."
+msgstr ""
+
+#: aiomisc.log.ThreadedHandler.close:3 of
+msgid ""
+"This version removes the handler from an internal map of handlers, "
+"_handlers, which is used for handler lookup by name. Subclasses should "
+"ensure that this gets called from overridden close() methods."
+msgstr ""
+
+#: aiomisc.log.ThreadedHandler.emit:1 of
+msgid "Do whatever it takes to actually log the specified logging record."
+msgstr ""
+
+#: aiomisc.log.ThreadedHandler.emit:3 of
+msgid ""
+"This version is intended to be implemented by subclasses and so raises a "
+"NotImplementedError."
+msgstr ""
+
+#: aiomisc.log.ThreadedHandler.flush:1 of
+msgid "Ensure all logging output has been flushed."
+msgstr ""
+
+#: aiomisc.log.ThreadedHandler.flush:3 of
+msgid "This version does nothing and is intended to be implemented by subclasses."
+msgstr ""
+
 #: ../../source/api/aiomisc.rst:93
 msgid "``aiomisc.periodic`` module"
 msgstr "Модуль ``aiomisc.periodic``"