@@ -307,9 +307,9 @@ msgid ""
307307msgstr ""
308308"如果你發現某些舊的客戶端或伺服器常適用此函式建立的 :class:`SSLContext` 連線"
309309"時,收到\" Protocol or cipher suite mismatch\" 錯誤,這可能是因為他們的系統僅"
310- "支援 SSL3.0,然而 SSL3.0已被此函數用 :data:`OP_NO_SSLv3` 排除。目前廣泛認為 "
310+ "支援 SSL3.0,然而 SSL3.0已被此函式用 :data:`OP_NO_SSLv3` 排除。目前廣泛認為 "
311311"SSL3.0 已經\\ `被完全破解 <https://en.wikipedia.org/wiki/POODLE>`_。如果你仍"
312- "然希望在允許 SSL3.0連線的情況下使用此函數 ,可以使用下面的方法: ::"
312+ "然希望在允許 SSL3.0連線的情況下使用此函式 ,可以使用下面的方法: ::"
313313
314314#: ../../library/ssl.rst:170
315315msgid ""
@@ -1587,29 +1587,38 @@ msgid ""
15871587"active SSL connection, i.e. the handshake was completed and :meth:`SSLSocket."
15881588"unwrap` was not called."
15891589msgstr ""
1590+ ":meth:`~SSLSocket.read` 和 :meth:`~SSLSocket.write` 方法為低階層的方法,負責"
1591+ "讀取和寫入未加密的應用層資料,並將其加密/解密為加密的寫入層資料。這些方法需要"
1592+ "一個已建立的 SSL 連接,即握手已完成,且未呼叫 :meth:`SSLSocket.unwrap`。"
15901593
15911594#: ../../library/ssl.rst:1123
15921595msgid ""
15931596"Normally you should use the socket API methods like :meth:`~socket.socket."
15941597"recv` and :meth:`~socket.socket.send` instead of these methods."
15951598msgstr ""
1599+ "通常你應該使用像 :meth:`~socket.socket.recv` 和 :meth:`~socket.socket.send` "
1600+ "這樣的 socket API 方法,而不是直接使用這些方法。"
15961601
15971602#: ../../library/ssl.rst:1129
15981603msgid "Perform the SSL setup handshake."
1599- msgstr ""
1604+ msgstr "執行 SSL 設定握手。 "
16001605
16011606#: ../../library/ssl.rst:1131
16021607msgid ""
16031608"The handshake method also performs :func:`match_hostname` when the :attr:"
16041609"`~SSLContext.check_hostname` attribute of the socket's :attr:`~SSLSocket."
16051610"context` is true."
16061611msgstr ""
1612+ "當 socket 的 :attr:`~SSLSocket.context` 的 :attr:`~SSLContext."
1613+ "check_hostname` 屬性質為 true 時,握手方法也會執行 :func:`match_hostname`。"
16071614
16081615#: ../../library/ssl.rst:1136
16091616msgid ""
16101617"The socket timeout is no longer reset each time bytes are received or sent. "
16111618"The socket timeout is now the maximum total duration of the handshake."
16121619msgstr ""
1620+ "Socket 超時時間已經不會在每次接收或傳送位元組時重置。現在,超時時間是握手過程"
1621+ "的最大總持續時間。"
16131622
16141623#: ../../library/ssl.rst:1140
16151624msgid ""
@@ -1618,13 +1627,18 @@ msgid ""
16181627"or IP address, the handshake is aborted early and a TLS alert message is "
16191628"sent to the peer."
16201629msgstr ""
1630+ "在握手過程中,OpenSSL 會去配對主機名稱或 IP 地址。已不再使用 :func:"
1631+ "`match_hostname` 函式。如果 OpenSSL 拒絕某個主機名稱或 IP 地址,握手將會提前"
1632+ "中止,並向對方發送 TLS 警報訊息。"
16211633
16221634#: ../../library/ssl.rst:1148
16231635msgid ""
16241636"If there is no certificate for the peer on the other end of the connection, "
16251637"return ``None``. If the SSL handshake hasn't been done yet, raise :exc:"
16261638"`ValueError`."
16271639msgstr ""
1640+ "如果連線端沒有證書,則回傳 ``None``。如果 SSL 握手尚未完成,則引發 :exc:"
1641+ "`ValueError`。"
16281642
16291643#: ../../library/ssl.rst:1152
16301644msgid ""
@@ -1637,6 +1651,11 @@ msgid ""
16371651"of the *Subject Alternative Name* extension (see :rfc:`3280`), there will "
16381652"also be a ``subjectAltName`` key in the dictionary."
16391653msgstr ""
1654+ "如果 ``binary_form`` 參數為 :const:`False`,且從對等 (peer) 接收到證書,則該"
1655+ "方法回傳一個 :class:`dict` 實例。如果證書未被驗證,則該字典為空。若證書已被驗"
1656+ "證,則回傳的字典將包含數個鍵值,包括 ``subject`` (證書所簽發的對象) 和 "
1657+ "``issuer`` (簽發證書的主體)。如果證書中包含 *Subject Alternative Name* 擴充 "
1658+ "(參考\\ :rfc:`3280`\\ ),字典中還會有一個 ``subjectAltName`` 鍵。"
16401659
16411660#: ../../library/ssl.rst:1161
16421661msgid ""
@@ -1645,6 +1664,9 @@ msgid ""
16451664"structure for the respective fields, and each RDN is a sequence of name-"
16461665"value pairs. Here is a real-world example::"
16471666msgstr ""
1667+ "``subject`` 和 ``issuer`` 欄位欄位是包含相對識別名稱 (relative distinguished "
1668+ "names, RDNs) 序列的元組,這些 RDN 來自證書資料結構中的相應欄位。每個 RDN 都是"
1669+ "一組名稱與值的對。以下是現實中的範例: ::"
16481670
16491671#: ../../library/ssl.rst:1166
16501672msgid ""
@@ -1696,12 +1718,15 @@ msgid ""
16961718"certificate. Whether the peer provides a certificate depends on the SSL "
16971719"socket's role:"
16981720msgstr ""
1721+ "如果 ``binary_form`` 參數設定為 :const:`True`,且對等提供了證書,則該方法會"
1722+ "以 DER 編碼形式 將整個證書以位元組序列形式回傳。如果對等未提供證書,則回傳:"
1723+ "const:`None`。對等是否提供證書取決於 SSL socket 的腳色:"
16991724
17001725#: ../../library/ssl.rst:1191
17011726msgid ""
17021727"for a client SSL socket, the server will always provide a certificate, "
17031728"regardless of whether validation was required;"
1704- msgstr ""
1729+ msgstr "對於客戶端 SSL socket,伺服器將永遠提供證書,無論是否需要進行驗證; "
17051730
17061731#: ../../library/ssl.rst:1194
17071732msgid ""
@@ -1710,6 +1735,9 @@ msgid ""
17101735"`None` if you used :const:`CERT_NONE` (rather than :const:`CERT_OPTIONAL` "
17111736"or :const:`CERT_REQUIRED`)."
17121737msgstr ""
1738+ "對於伺服器 SSL socket,客戶端僅在伺服器要求時才會提供證書;因此,如果你使用的"
1739+ "是 :const:`CERT_NONE` (而非 :const:`CERT_OPTIONAL` 或 :const:"
1740+ "`CERT_REQUIRED`),則 :meth:`getpeercert` 會回傳 :const:`None`。"
17131741
17141742#: ../../library/ssl.rst:1199
17151743msgid "See also :attr:`SSLContext.check_hostname`."