1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>3.3.1 Context objects </title>
<META NAME="description" CONTENT="3.3.1 Context objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<link rel="STYLESHEET" href="pyOpenSSL.css">
<LINK REL="next" href="openssl-connection.html">
<LINK REL="previous" href="openssl-ssl.html">
<LINK REL="up" href="openssl-ssl.html">
<LINK REL="next" href="openssl-connection.html">
</head>
<body>
<DIV CLASS="navigation">
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl-ssl.html"><img src="previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="openssl-ssl.html"><img src="up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A href="openssl-connection.html"><img src="next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
<H3><A NAME="SECTION000431000000000000000"> </A>
<BR>
3.3.1 Context objects
</H3>
<P>
Context objects have the following methods:
<P>
<dl><dt><b><a name='l2h-160'><tt class='method'>check_privatekey</tt></a></b>()
<dd>
Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>)
matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>).
Returns <code>None</code> if they match, raises <tt class="exception">Error</tt> otherwise.
</dl>
<P>
<dl><dt><b><a name='l2h-161'><tt class='method'>get_app_data</tt></a></b>()
<dd>
Retrieve application data as set by <tt class="method">set_app_data</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-162'><tt class='method'>get_cert_store</tt></a></b>()
<dd>
Retrieve the certificate store (a X509Store object) that the context uses.
This can be used to add "trusted" certificates without using the.
<tt class="method">load_verify_locations()</tt> method.
</dl>
<P>
<dl><dt><b><a name='l2h-163'><tt class='method'>get_timeout</tt></a></b>()
<dd>
Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300
seconds.
</dl>
<P>
<dl><dt><b><a name='l2h-164'><tt class='method'>get_verify_depth</tt></a></b>()
<dd>
Retrieve the Context object's verify depth, as set by
<tt class="method">set_verify_depth</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-165'><tt class='method'>get_verify_mode</tt></a></b>()
<dd>
Retrieve the Context object's verify mode, as set by <tt class="method">set_verify</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-166'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
<dd>
Read a file with PEM-formatted certificates that will be sent to the client
when requesting a client certificate.
</dl>
<P>
<dl><dt><b><a name='l2h-167'><tt class='method'>set_client_ca_list</tt></a></b>(<var>certificate_authorities</var>)
<dd>
Replace the current list of preferred certificate signers that would be
sent to the client when requesting a client certificate with the
<var>certificate_authorities</var> sequence of <tt class="class">OpenSSL.crypto.X509Name</tt>s.
<P>
<span class='versionnote'>New in version 0.10.</span>
</dl>
<P>
<dl><dt><b><a name='l2h-168'><tt class='method'>add_client_ca</tt></a></b>(<var>certificate_authority</var>)
<dd>
Extract a <tt class="class">OpenSSL.crypto.X509Name</tt> from the <var>certificate_authority</var>
<tt class="class">OpenSSL.crypto.X509</tt> certificate and add it to the list of preferred
certificate signers sent to the client when requesting a client certificate.
<P>
<span class='versionnote'>New in version 0.10.</span>
</dl>
<P>
<dl><dt><b><a name='l2h-169'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile, capath</var>)
<dd>
Specify where CA certificates for verification purposes are located. These
are trusted certificates. Note that the certificates have to be in PEM
format. If capath is passed, it must be a directory prepared using the
<code>c_rehash</code> tool included with OpenSSL. Either, but not both, of
<var>pemfile</var> or <var>capath</var> may be <code>None</code>.
</dl>
<P>
<dl><dt><b><a name='l2h-170'><tt class='method'>set_default_verify_paths</tt></a></b>()
<dd>
Specify that the platform provided CA certificates are to be used for
verification purposes. This method may not work properly on OS X.
</dl>
<P>
<dl><dt><b><a name='l2h-171'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
<dd>
Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>.
</dl>
<P>
<dl><dt><b><a name='l2h-172'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
<dd>
Associate <var>data</var> with this Context object. <var>data</var> can be retrieved
later using the <tt class="method">get_app_data</tt> method.
</dl>
<P>
<dl><dt><b><a name='l2h-173'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
<dd>
Set the list of ciphers to be used in this context. See the OpenSSL manual for
more information (e.g. ciphers(1))
</dl>
<P>
<dl><dt><b><a name='l2h-174'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
<dd>
Set the information callback to <var>callback</var>. This function will be called
from time to time during SSL handshakes.
<var>callback</var> should take three arguments: a Connection object and two
integers. The first integer specifies where in the SSL handshake the function
was called, and the other the return code from a (possibly failed) internal
function call.
</dl>
<P>
<dl><dt><b><a name='l2h-175'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
<dd>
Add SSL options. Options you have set before are not cleared!
This method should be used with the <tt class="constant">OP_*</tt> constants.
</dl>
<P>
<dl><dt><b><a name='l2h-176'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
<dd>
Set the passphrase callback to <var>callback</var>. This function will be called
when a private key with a passphrase is loaded. <var>callback</var> must accept
three positional arguments. First, an integer giving the maximum length of
the passphrase it may return. If the returned passphrase is longer than
this, it will be truncated. Second, a boolean value which will be true if
the user should be prompted for the passphrase twice and the callback should
verify that the two values supplied are equal. Third, the value given as the
<var>userdata</var> parameter to <tt class="method">set_passwd_cb</tt>. If an error occurs,
<var>callback</var> should return a false value (e.g. an empty string).
</dl>
<P>
<dl><dt><b><a name='l2h-177'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
<dd>
Set the context <var>name</var> within which a session can be reused for this
Context object. This is needed when doing session resumption, because there is
no way for a stored session to know which Context object it is associated with.
<var>name</var> may be any binary data.
</dl>
<P>
<dl><dt><b><a name='l2h-178'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
<dd>
Set the timeout for newly created sessions for this Context object to
<var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default
value is 300 seconds. See the OpenSSL manual for more information (e.g.
SSL_CTX_set_timeout(3)).
</dl>
<P>
<dl><dt><b><a name='l2h-179'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
<dd>
Set the verification flags for this Context object to <var>mode</var> and specify
that <var>callback</var> should be used for verification callbacks. <var>mode</var>
should be one of <tt class="constant">VERIFY_NONE</tt> and <tt class="constant">VERIFY_PEER</tt>. If
<tt class="constant">VERIFY_PEER</tt> is used, <var>mode</var> can be OR:ed with
<tt class="constant">VERIFY_FAIL_IF_NO_PEER_CERT</tt> and <tt class="constant">VERIFY_CLIENT_ONCE</tt> to
further control the behaviour.
<var>callback</var> should take five arguments: A Connection object, an X509 object,
and three integer variables, which are in turn potential error number, error
depth and return code. <var>callback</var> should return true if verification passes
and false otherwise.
</dl>
<P>
<dl><dt><b><a name='l2h-180'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
<dd>
Set the maximum depth for the certificate chain verification that shall be
allowed for this Context object.
</dl>
<P>
<dl><dt><b><a name='l2h-181'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
<dd>
Use the certificate <var>cert</var> which has to be a X509 object.
</dl>
<P>
<dl><dt><b><a name='l2h-182'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
<dd>
Adds the certificate <var>cert</var>, which has to be a X509 object, to the
certificate chain presented together with the certificate.
</dl>
<P>
<dl><dt><b><a name='l2h-183'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
<dd>
Load a certificate chain from <var>file</var> which must be PEM encoded.
</dl>
<P>
<dl><dt><b><a name='l2h-184'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
<dd>
Use the private key <var>pkey</var> which has to be a PKey object.
</dl>
<P>
<dl><dt><b><a name='l2h-185'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first certificate found in <var>file</var>. The certificate must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-186'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first private key found in <var>file</var>. The private key must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-187'><tt class='method'>set_tlsext_servername_callback</tt></a></b>(<var>callback</var>)
<dd>
Specify a one-argument callable to use as the TLS extension server name
callback. When a connection using the server name extension is made using this
context, the callback will be invoked with the <code>Connection</code> instance.
<span class='versionnote'>New in version 0.13.</span>
</dl>
<P>
<DIV CLASS="navigation">
<p><hr>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl-ssl.html"><img src="previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="openssl-ssl.html"><img src="up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A href="openssl-connection.html"><img src="next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
<hr>
<span class="release-info">Release 0.13.</span>
</DIV>
<!--End of Navigation Panel-->
</BODY>
</HTML>
|
