summaryrefslogtreecommitdiff
path: root/doc/html/openssl-context.html
blob: d85d51c08aac0baf3504c19f9bd68561b7361913 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>3.3.1 Context objects </title>
<META NAME="description" CONTENT="3.3.1 Context objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<link rel="STYLESHEET" href="pyOpenSSL.css">
<LINK REL="next" href="openssl-connection.html">
<LINK REL="previous" href="openssl-ssl.html">
<LINK REL="up" href="openssl-ssl.html">
<LINK REL="next" href="openssl-connection.html">
</head>
<body>
<DIV CLASS="navigation">
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl-ssl.html"><img src="previous.gif"
border="0" height="32"
  alt="Previous Page" width="32"></A></td>
<td><A href="openssl-ssl.html"><img src="up.gif"
border="0" height="32"
  alt="Up One Level" width="32"></A></td>
<td><A href="openssl-connection.html"><img src="next.gif"
border="0" height="32"
  alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
border="0" height="32"
  alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
  border="0" height="32"
  alt="" width="32"></td>
<td><img src="blank.gif"
  border="0" height="32"
  alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->

<H3><A NAME="SECTION000431000000000000000">&nbsp;</A>
<BR>
3.3.1 Context objects 
</H3>

<P>
Context objects have the following methods:

<P>
<dl><dt><b><a name='l2h-121'><tt class='method'>check_privatekey</tt></a></b>()
<dd>
Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>)
matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>).
Returns <code>None</code> if they match, raises <tt class="exception">Error</tt> otherwise.
</dl>

<P>
<dl><dt><b><a name='l2h-122'><tt class='method'>get_app_data</tt></a></b>()
<dd>
Retrieve application data as set by <tt class="method">set_app_data</tt>.
</dl>

<P>
<dl><dt><b><a name='l2h-123'><tt class='method'>get_cert_store</tt></a></b>()
<dd>
Retrieve the certificate store (a X509Store object) that the context uses.
This can be used to add "trusted" certificates without using the.
<tt class="method">load_verify_locations()</tt> method.
</dl>

<P>
<dl><dt><b><a name='l2h-124'><tt class='method'>get_timeout</tt></a></b>()
<dd>
Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300
seconds.
</dl>

<P>
<dl><dt><b><a name='l2h-125'><tt class='method'>get_verify_depth</tt></a></b>()
<dd>
Retrieve the Context object's verify depth, as set by
<tt class="method">set_verify_depth</tt>.
</dl>

<P>
<dl><dt><b><a name='l2h-126'><tt class='method'>get_verify_mode</tt></a></b>()
<dd>
Retrieve the Context object's verify mode, as set by <tt class="method">set_verify_mode</tt>.
</dl>

<P>
<dl><dt><b><a name='l2h-127'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
<dd>
Read a file with PEM-formatted certificates that will be sent to the client
when requesting a client certificate.
</dl>

<P>
<dl><dt><b><a name='l2h-128'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile</var>)
<dd>
Specify where CA certificates for verification purposes are located. These are
trusted certificates. Note that the certificates have to be in PEM format.
</dl>

<P>
<dl><dt><b><a name='l2h-129'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
<dd>
Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>.
</dl>

<P>
<dl><dt><b><a name='l2h-130'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
<dd>
Associate <var>data</var> with this Context object. <var>data</var> can be retrieved
later using the <tt class="method">get_app_data</tt> method.
</dl>

<P>
<dl><dt><b><a name='l2h-131'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
<dd>
Set the list of ciphers to be used in this context. See the OpenSSL manual for
more information (e.g. ciphers(1))
</dl>

<P>
<dl><dt><b><a name='l2h-132'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
<dd>
Set the information callback to <var>callback</var>. This function will be called
from time to time during SSL handshakes.
<var>callback</var> should take three arguments: a Connection object and two
integers. The first integer specifies where in the SSL handshake the function
was called, and the other the return code from a (possibly failed) internal
function call.
</dl>

<P>
<dl><dt><b><a name='l2h-133'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
<dd>
Add SSL options. Options you have set before are not cleared!
This method should be used with the <tt class="constant">OP_*</tt> constants.
</dl>

<P>
<dl><dt><b><a name='l2h-134'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
<dd>
Set the passphrase callback to <var>callback</var>. This function will be called
when a private key with a passphrase is loaded.
<var>callback</var> should take a boolean argument <var>repeat</var> and an arbitrary
argument <var>data</var> and return the passphrase entered by the user. If
<var>repeat</var> is true then <var>callback</var> should ask for the passphrase twice
and make sure that the two entries are equal. The <var>data</var> argument is the
<var>userdata</var> variable passed to the <tt class="method">set_passwd_cb</tt> method. If an
error occurs, <var>callback</var> should return a false value (e.g. an empty
string).
</dl>

<P>
<dl><dt><b><a name='l2h-135'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
<dd>
Set the context <var>name</var> within which a session can be reused for this
Context object. This is needed when doing session resumption, because there is
no way for a stored session to know which Context object it is associated with.
<var>name</var> may be any binary data.
</dl>

<P>
<dl><dt><b><a name='l2h-136'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
<dd>
Set the timeout for newly created sessions for this Context object to
<var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default
value is 300 seconds. See the OpenSSL manual for more information (e.g.
SSL_CTX_set_timeout(3)).
</dl>

<P>
<dl><dt><b><a name='l2h-137'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
<dd>
Set the verification flags for this Context object to <var>mode</var> and specify
that <var>callback</var> should be used for verification callbacks. <var>mode</var>
should be one of <tt class="constant">VERIFY_NONE</tt> and <tt class="constant">VERIFY_PEER</tt>. If
<tt class="constant">VERIFY_PEER</tt> is used, <var>mode</var> can be OR:ed with
<tt class="constant">VERIFY_FAIL_IF_NO_PEER_CERT</tt> and <tt class="constant">VERIFY_CLIENT_ONCE</tt> to
further control the behaviour.
<var>callback</var> should take five arguments: A Connection object, an X509 object,
and three integer variables, which are in turn potential error number, error
depth and return code. <var>callback</var> should return true if verification passes
and false otherwise.
</dl>

<P>
<dl><dt><b><a name='l2h-138'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
<dd>
Set the maximum depth for the certificate chain verification that shall be
allowed for this Context object.
</dl>

<P>
<dl><dt><b><a name='l2h-139'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
<dd>
Use the certificate <var>cert</var> which has to be a X509 object.
</dl>

<P>
<dl><dt><b><a name='l2h-140'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
<dd>
Adds the certificate <var>cert</var>, which has to be a X509 object, to the
certificate chain presented together with the certificate.
</dl>

<P>
<dl><dt><b><a name='l2h-141'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
<dd>
Load a certificate chain from <var>file</var> which must be PEM encoded.
</dl>

<P>
<dl><dt><b><a name='l2h-142'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
<dd>
Use the private key <var>pkey</var> which has to be a PKey object.
</dl>

<P>
<dl><dt><b><a name='l2h-143'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first certificate found in <var>file</var>. The certificate must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
</dl>

<P>
<dl><dt><b><a name='l2h-144'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first private key found in <var>file</var>. The private key must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
</dl>

<P>

<DIV CLASS="navigation">
<p><hr>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl-ssl.html"><img src="previous.gif"
border="0" height="32"
  alt="Previous Page" width="32"></A></td>
<td><A href="openssl-ssl.html"><img src="up.gif"
border="0" height="32"
  alt="Up One Level" width="32"></A></td>
<td><A href="openssl-connection.html"><img src="next.gif"
border="0" height="32"
  alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
border="0" height="32"
  alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
  border="0" height="32"
  alt="" width="32"></td>
<td><img src="blank.gif"
  border="0" height="32"
  alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
<hr>
<span class="release-info">Release 0.7.</span>
</DIV>
<!--End of Navigation Panel-->

</BODY>
</HTML>