blob: d5a2ab0ffd39291a1a1c54d70957c3f14d1815ff [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>3.3.1 Context objects </title>
<META NAME="description" CONTENT="3.3.1 Context objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<link rel="STYLESHEET" href="pyOpenSSL.css">
<LINK REL="next" href="openssl-connection.html">
<LINK REL="previous" href="openssl-ssl.html">
<LINK REL="up" href="openssl-ssl.html">
<LINK REL="next" href="openssl-connection.html">
</head>
<body>
<DIV CLASS="navigation">
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl-ssl.html"><img src="previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="openssl-ssl.html"><img src="up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A href="openssl-connection.html"><img src="next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
<H3><A NAME="SECTION000431000000000000000">&nbsp;</A>
<BR>
3.3.1 Context objects
</H3>
<P>
<EM><EM><EM>Context objects have the following methods:
</EM></EM></EM>
<P>
<dl><dt><b><a name='l2h-114'><tt class='method'>check_privatekey</tt></a></b>()
<dd>
Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>)
matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>).
Returns true if they match, false otherwise.
</dl>
<P>
<dl><dt><b><a name='l2h-115'><tt class='method'>get_app_data</tt></a></b>()
<dd>
Retrieve application data as set by <tt class="method">set_app_data</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-116'><tt class='method'>get_cert_store</tt></a></b>()
<dd>
Retrieve the certificate store (a X509Store object) that the context uses.
This can be used to add "trusted" certificates without using the.
<tt class="method">load_verify_locations()</tt> method.
</dl>
<P>
<dl><dt><b><a name='l2h-117'><tt class='method'>get_timeout</tt></a></b>()
<dd>
Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300
seconds.
</dl>
<P>
<dl><dt><b><a name='l2h-118'><tt class='method'>get_verify_depth</tt></a></b>()
<dd>
Retrieve the Context object's verify depth, as set by
<tt class="method">set_verify_depth</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-119'><tt class='method'>get_verify_mode</tt></a></b>()
<dd>
Retrieve the Context object's verify mode, as set by <tt class="method">set_verify_mode</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-120'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
<dd>
Read a file with PEM-formatted certificates that will be sent to the client
when requesting a client certificate.
</dl>
<P>
<dl><dt><b><a name='l2h-121'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile</var>)
<dd>
Specify where CA certificates for verification purposes are located. These are
trusted certificates. Note that the certificates have to be in PEM format.
</dl>
<P>
<dl><dt><b><a name='l2h-122'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
<dd>
Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>.
</dl>
<P>
<dl><dt><b><a name='l2h-123'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
<dd>
Associate <var>data</var> with this Context object. <var>data</var> can be retrieved
later using the <tt class="method">get_app_data</tt> method.
</dl>
<P>
<dl><dt><b><a name='l2h-124'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
<dd>
Set the list of ciphers to be used in this context. See the OpenSSL manual for
more information (e.g. ciphers(1))
</dl>
<P>
<dl><dt><b><a name='l2h-125'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
<dd>
Set the information callback to <var>callback</var>. This function will be called
from time to time during SSL handshakes.
<var>callback</var> should take three arguments: a Connection object and two
integers. The first integer specifies where in the SSL handshake the function
was called, and the other the return code from a (possibly failed) internal
function call.
</dl>
<P>
<dl><dt><b><a name='l2h-126'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
<dd>
Add SSL options. Options you have set before are not cleared!
This method should be used with the <tt class="constant">OP_*</tt> constants.
</dl>
<P>
<dl><dt><b><a name='l2h-127'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
<dd>
Set the passphrase callback to <var>callback</var>. This function will be called
when a private key with a passphrase is loaded.
<var>callback</var> should take a boolean argument <var>repeat</var> and an arbitrary
argument <var>data</var> and return the passphrase entered by the user. If
<var>repeat</var> is true then <var>callback</var> should ask for the passphrase twice
and make sure that the two entries are equal. The <var>data</var> argument is the
<var>userdata</var> variable passed to the <tt class="method">set_passwd_cb</tt> method. If an
error occurs, <var>callback</var> should return a false value (e.g. an empty
string).
</dl>
<P>
<dl><dt><b><a name='l2h-128'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
<dd>
Set the context <var>name</var> within which a session can be reused for this
Context object. This is needed when doing session resumption, because there is
no way for a stored session to know which Context object it is associated with.
<var>name</var> may be any binary data.
</dl>
<P>
<dl><dt><b><a name='l2h-129'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
<dd>
Set the timeout for newly created sessions for this Context object to
<var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default
value is 300 seconds. See the OpenSSL manual for more information (e.g.
SSL_CTX_set_timeout(3)).
</dl>
<P>
<dl><dt><b><a name='l2h-130'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
<dd>
Set the verification flags for this Context object to <var>mode</var> and specify
that <var>callback</var> should be used for verification callbacks. <var>mode</var>
should be one of <tt class="constant">VERIFY_NONE</tt> and <tt class="constant">VERIFY_PEER</tt>. If
<tt class="constant">VERIFY_PEER</tt> is used, <var>mode</var> can be OR:ed with
<tt class="constant">VERIFY_FAIL_IF_NO_PEER_CERT</tt> and <tt class="constant">VERIFY_CLIENT_ONCE</tt> to
further control the behaviour.
<var>callback</var> should take five arguments: A Connection object, an X509 object,
and three integer variables, which are in turn potential error number, error
depth and return code. <var>callback</var> should return true if verification passes
and false otherwise.
</dl>
<P>
<dl><dt><b><a name='l2h-131'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
<dd>
Set the maximum depth for the certificate chain verification that shall be
allowed for this Context object.
</dl>
<P>
<dl><dt><b><a name='l2h-132'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
<dd>
Use the certificate <var>cert</var> which has to be a X509 object.
</dl>
<P>
<dl><dt><b><a name='l2h-133'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
<dd>
Adds the certificate <var>cert</var>, which has to be a X509 object, to the
certificate chain presented together with the certificate.
</dl>
<P>
<dl><dt><b><a name='l2h-134'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
<dd>
Load a certificate chain from <var>file</var> which must be PEM encoded.
</dl>
<P>
<dl><dt><b><a name='l2h-135'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
<dd>
Use the private key <var>pkey</var> which has to be a PKey object.
</dl>
<P>
<dl><dt><b><a name='l2h-136'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first certificate found in <var>file</var>. The certificate must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-137'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first private key found in <var>file</var>. The private key must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
</dl>
<P>
<DIV CLASS="navigation">
<p><hr>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl-ssl.html"><img src="previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="openssl-ssl.html"><img src="up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A href="openssl-connection.html"><img src="next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
<hr>
<span class="release-info">Release 0.6.</span>
</DIV>
<!--End of Navigation Panel-->
</BODY>
</HTML>