D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
alt
/
python27
/
share
/
doc
/
alt-python27-pyOpenSSL-0.10
/
html
/
Filename :
openssl-context.html
back
Copy
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>3.3.1 Context objects </title> <META NAME="description" CONTENT="3.3.1 Context objects "> <META NAME="keywords" CONTENT="pyOpenSSL"> <META NAME="resource-type" CONTENT="document"> <META NAME="distribution" CONTENT="global"> <link rel="STYLESHEET" href="pyOpenSSL.css"> <LINK REL="next" href="openssl-connection.html"> <LINK REL="previous" href="openssl-ssl.html"> <LINK REL="up" href="openssl-ssl.html"> <LINK REL="next" href="openssl-connection.html"> </head> <body> <DIV CLASS="navigation"> <table align="center" width="100%" cellpadding="0" cellspacing="2"> <tr> <td><A href="openssl-ssl.html"><img src="previous.gif" border="0" height="32" alt="Previous Page" width="32"></A></td> <td><A href="openssl-ssl.html"><img src="up.gif" border="0" height="32" alt="Up One Level" width="32"></A></td> <td><A href="openssl-connection.html"><img src="next.gif" border="0" height="32" alt="Next Page" width="32"></A></td> <td align="center" width="100%">Python OpenSSL Manual</td> <td><A href="contents.html"><img src="contents.gif" border="0" height="32" alt="Contents" width="32"></A></td> <td><img src="blank.gif" border="0" height="32" alt="" width="32"></td> <td><img src="blank.gif" border="0" height="32" alt="" width="32"></td> </tr></table> <b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> <b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A> <br><hr> </DIV> <!--End of Navigation Panel--> <H3><A NAME="SECTION000431000000000000000"> </A> <BR> 3.3.1 Context objects </H3> <P> Context objects have the following methods: <P> <dl><dt><b><a name='l2h-133'><tt class='method'>check_privatekey</tt></a></b>() <dd> Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>) matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>). Returns <code>None</code> if they match, raises <tt class="exception">Error</tt> otherwise. </dl> <P> <dl><dt><b><a name='l2h-134'><tt class='method'>get_app_data</tt></a></b>() <dd> Retrieve application data as set by <tt class="method">set_app_data</tt>. </dl> <P> <dl><dt><b><a name='l2h-135'><tt class='method'>get_cert_store</tt></a></b>() <dd> Retrieve the certificate store (a X509Store object) that the context uses. This can be used to add "trusted" certificates without using the. <tt class="method">load_verify_locations()</tt> method. </dl> <P> <dl><dt><b><a name='l2h-136'><tt class='method'>get_timeout</tt></a></b>() <dd> Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300 seconds. </dl> <P> <dl><dt><b><a name='l2h-137'><tt class='method'>get_verify_depth</tt></a></b>() <dd> Retrieve the Context object's verify depth, as set by <tt class="method">set_verify_depth</tt>. </dl> <P> <dl><dt><b><a name='l2h-138'><tt class='method'>get_verify_mode</tt></a></b>() <dd> Retrieve the Context object's verify mode, as set by <tt class="method">set_verify</tt>. </dl> <P> <dl><dt><b><a name='l2h-139'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>) <dd> Read a file with PEM-formatted certificates that will be sent to the client when requesting a client certificate. </dl> <P> <dl><dt><b><a name='l2h-140'><tt class='method'>set_client_ca_list</tt></a></b>(<var>certificate_authorities</var>) <dd> Replace the current list of preferred certificate signers that would be sent to the client when requesting a client certificate with the <var>certificate_authorities</var> sequence of <tt class="class">OpenSSL.crypto.X509Name</tt>s. <P> <span class='versionnote'>New in version 0.10.</span> </dl> <P> <dl><dt><b><a name='l2h-141'><tt class='method'>add_client_ca</tt></a></b>(<var>certificate_authority</var>) <dd> Extract a <tt class="class">OpenSSL.crypto.X509Name</tt> from the <var>certificate_authority</var> <tt class="class">OpenSSL.crypto.X509</tt> certificate and add it to the list of preferred certificate signers sent to the client when requesting a client certificate. <P> <span class='versionnote'>New in version 0.10.</span> </dl> <P> <dl><dt><b><a name='l2h-142'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile, capath</var>) <dd> Specify where CA certificates for verification purposes are located. These are trusted certificates. Note that the certificates have to be in PEM format. If capath is passed, it must be a directory prepared using the <code>c_rehash</code> tool included with OpenSSL. Either, but not both, of <var>pemfile</var> or <var>capath</var> may be <code>None</code>. </dl> <P> <dl><dt><b><a name='l2h-143'><tt class='method'>set_default_verify_paths</tt></a></b>() <dd> Specify that the platform provided CA certificates are to be used for verification purposes. This method may not work properly on OS X. </dl> <P> <dl><dt><b><a name='l2h-144'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>) <dd> Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>. </dl> <P> <dl><dt><b><a name='l2h-145'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>) <dd> Associate <var>data</var> with this Context object. <var>data</var> can be retrieved later using the <tt class="method">get_app_data</tt> method. </dl> <P> <dl><dt><b><a name='l2h-146'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>) <dd> Set the list of ciphers to be used in this context. See the OpenSSL manual for more information (e.g. ciphers(1)) </dl> <P> <dl><dt><b><a name='l2h-147'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>) <dd> Set the information callback to <var>callback</var>. This function will be called from time to time during SSL handshakes. <var>callback</var> should take three arguments: a Connection object and two integers. The first integer specifies where in the SSL handshake the function was called, and the other the return code from a (possibly failed) internal function call. </dl> <P> <dl><dt><b><a name='l2h-148'><tt class='method'>set_options</tt></a></b>(<var>options</var>) <dd> Add SSL options. Options you have set before are not cleared! This method should be used with the <tt class="constant">OP_*</tt> constants. </dl> <P> <dl><dt><b><a name='l2h-149'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>) <dd> Set the passphrase callback to <var>callback</var>. This function will be called when a private key with a passphrase is loaded. <var>callback</var> must accept three positional arguments. First, an integer giving the maximum length of the passphrase it may return. If the returned passphrase is longer than this, it will be truncated. Second, a boolean value which will be true if the user should be prompted for the passphrase twice and the callback should verify that the two values supplied are equal. Third, the value given as the <var>userdata</var> parameter to <tt class="method">set_passwd_cb</tt>. If an error occurs, <var>callback</var> should return a false value (e.g. an empty string). </dl> <P> <dl><dt><b><a name='l2h-150'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>) <dd> Set the context <var>name</var> within which a session can be reused for this Context object. This is needed when doing session resumption, because there is no way for a stored session to know which Context object it is associated with. <var>name</var> may be any binary data. </dl> <P> <dl><dt><b><a name='l2h-151'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>) <dd> Set the timeout for newly created sessions for this Context object to <var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default value is 300 seconds. See the OpenSSL manual for more information (e.g. SSL_CTX_set_timeout(3)). </dl> <P> <dl><dt><b><a name='l2h-152'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>) <dd> Set the verification flags for this Context object to <var>mode</var> and specify that <var>callback</var> should be used for verification callbacks. <var>mode</var> should be one of <tt class="constant">VERIFY_NONE</tt> and <tt class="constant">VERIFY_PEER</tt>. If <tt class="constant">VERIFY_PEER</tt> is used, <var>mode</var> can be OR:ed with <tt class="constant">VERIFY_FAIL_IF_NO_PEER_CERT</tt> and <tt class="constant">VERIFY_CLIENT_ONCE</tt> to further control the behaviour. <var>callback</var> should take five arguments: A Connection object, an X509 object, and three integer variables, which are in turn potential error number, error depth and return code. <var>callback</var> should return true if verification passes and false otherwise. </dl> <P> <dl><dt><b><a name='l2h-153'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>) <dd> Set the maximum depth for the certificate chain verification that shall be allowed for this Context object. </dl> <P> <dl><dt><b><a name='l2h-154'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>) <dd> Use the certificate <var>cert</var> which has to be a X509 object. </dl> <P> <dl><dt><b><a name='l2h-155'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>) <dd> Adds the certificate <var>cert</var>, which has to be a X509 object, to the certificate chain presented together with the certificate. </dl> <P> <dl><dt><b><a name='l2h-156'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>) <dd> Load a certificate chain from <var>file</var> which must be PEM encoded. </dl> <P> <dl><dt><b><a name='l2h-157'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>) <dd> Use the private key <var>pkey</var> which has to be a PKey object. </dl> <P> <dl><dt><b><a name='l2h-158'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>) <dd> Load the first certificate found in <var>file</var>. The certificate must be in the format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or <tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>. </dl> <P> <dl><dt><b><a name='l2h-159'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>) <dd> Load the first private key found in <var>file</var>. The private key must be in the format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or <tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>. </dl> <P> <DIV CLASS="navigation"> <p><hr> <table align="center" width="100%" cellpadding="0" cellspacing="2"> <tr> <td><A href="openssl-ssl.html"><img src="previous.gif" border="0" height="32" alt="Previous Page" width="32"></A></td> <td><A href="openssl-ssl.html"><img src="up.gif" border="0" height="32" alt="Up One Level" width="32"></A></td> <td><A href="openssl-connection.html"><img src="next.gif" border="0" height="32" alt="Next Page" width="32"></A></td> <td align="center" width="100%">Python OpenSSL Manual</td> <td><A href="contents.html"><img src="contents.gif" border="0" height="32" alt="Contents" width="32"></A></td> <td><img src="blank.gif" border="0" height="32" alt="" width="32"></td> <td><img src="blank.gif" border="0" height="32" alt="" width="32"></td> </tr></table> <b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> <b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A> <hr> <span class="release-info">Release 0.10.</span> </DIV> <!--End of Navigation Panel--> </BODY> </HTML>