doc/html/openssl-context.html - platform/external/python/pyopenssl - Gitiles

 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <html>
 <head>
 <title>3.3.1 Context objects </title>
 <META NAME="description" CONTENT="3.3.1 Context objects ">
 <META NAME="keywords" CONTENT="pyOpenSSL">
 <META NAME="resource-type" CONTENT="document">
 <META NAME="distribution" CONTENT="global">
 <link rel="STYLESHEET" href="pyOpenSSL.css">
 <LINK REL="next" href="openssl-connection.html">
 <LINK REL="previous" href="openssl-ssl.html">
 <LINK REL="up" href="openssl-ssl.html">
 <LINK REL="next" href="openssl-connection.html">
 </head>
 <body>
 <DIV CLASS="navigation">
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-ssl.html"><img src="previous.gif"
 border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-ssl.html"><img src="up.gif"
 border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-connection.html"><img src="next.gif"
 border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
 border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
   alt="" width="32"></td>
 <td><img src="blank.gif"
   border="0" height="32"
   alt="" width="32"></td>
 </tr></table>
 <b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
 <br><hr>
 </DIV>
 <!--End of Navigation Panel-->

 <H3><A NAME="SECTION000431000000000000000">&nbsp;</A>
 <BR>
 3.3.1 Context objects
 </H3>
 <P>
 <EM><EM><EM>Context objects have the following methods:
 </EM></EM></EM>
 <P>
 <dl><dt><b><a name='l2h-114'><tt class='method'>check_privatekey</tt></a></b>()
 <dd>
 Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>)
 matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>).
 Returns true if they match, false otherwise.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-115'><tt class='method'>get_app_data</tt></a></b>()
 <dd>
 Retrieve application data as set by <tt class="method">set_app_data</tt>.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-116'><tt class='method'>get_cert_store</tt></a></b>()
 <dd>
 Retrieve the certificate store (a X509Store object) that the context uses.
 This can be used to add "trusted" certificates without using the.
 <tt class="method">load_verify_locations()</tt> method.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-117'><tt class='method'>get_timeout</tt></a></b>()
 <dd>
 Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300
 seconds.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-118'><tt class='method'>get_verify_depth</tt></a></b>()
 <dd>
 Retrieve the Context object's verify depth, as set by
 <tt class="method">set_verify_depth</tt>.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-119'><tt class='method'>get_verify_mode</tt></a></b>()
 <dd>
 Retrieve the Context object's verify mode, as set by <tt class="method">set_verify_mode</tt>.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-120'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
 <dd>
 Read a file with PEM-formatted certificates that will be sent to the client
 when requesting a client certificate.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-121'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile</var>)
 <dd>
 Specify where CA certificates for verification purposes are located. These are
 trusted certificates. Note that the certificates have to be in PEM format.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-122'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
 <dd>
 Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-123'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
 <dd>
 Associate <var>data</var> with this Context object. <var>data</var> can be retrieved
 later using the <tt class="method">get_app_data</tt> method.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-124'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
 <dd>
 Set the list of ciphers to be used in this context. See the OpenSSL manual for
 more information (e.g. ciphers(1))
 </dl>
 <P>
 <dl><dt><b><a name='l2h-125'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
 <dd>
 Set the information callback to <var>callback</var>. This function will be called
 from time to time during SSL handshakes.
 <var>callback</var> should take three arguments: a Connection object and two
 integers. The first integer specifies where in the SSL handshake the function
 was called, and the other the return code from a (possibly failed) internal
 function call.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-126'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
 <dd>
 Add SSL options. Options you have set before are not cleared!
 This method should be used with the <tt class="constant">OP_*</tt> constants.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-127'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
 <dd>
 Set the passphrase callback to <var>callback</var>. This function will be called
 when a private key with a passphrase is loaded.
 <var>callback</var> should take a boolean argument <var>repeat</var> and an arbitrary
 argument <var>data</var> and return the passphrase entered by the user. If
 <var>repeat</var> is true then <var>callback</var> should ask for the passphrase twice
 and make sure that the two entries are equal. The <var>data</var> argument is the
 <var>userdata</var> variable passed to the <tt class="method">set_passwd_cb</tt> method. If an
 error occurs, <var>callback</var> should return a false value (e.g. an empty
 string).
 </dl>
 <P>
 <dl><dt><b><a name='l2h-128'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
 <dd>
 Set the context <var>name</var> within which a session can be reused for this
 Context object. This is needed when doing session resumption, because there is
 no way for a stored session to know which Context object it is associated with.
 <var>name</var> may be any binary data.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-129'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
 <dd>
 Set the timeout for newly created sessions for this Context object to
 <var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default
 value is 300 seconds. See the OpenSSL manual for more information (e.g.
 SSL_CTX_set_timeout(3)).
 </dl>
 <P>
 <dl><dt><b><a name='l2h-130'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
 <dd>
 Set the verification flags for this Context object to <var>mode</var> and specify
 that <var>callback</var> should be used for verification callbacks. <var>mode</var>
 should be one of <tt class="constant">VERIFY_NONE</tt> and <tt class="constant">VERIFY_PEER</tt>. If
 <tt class="constant">VERIFY_PEER</tt> is used, <var>mode</var> can be OR:ed with
 <tt class="constant">VERIFY_FAIL_IF_NO_PEER_CERT</tt> and <tt class="constant">VERIFY_CLIENT_ONCE</tt> to
 further control the behaviour.
 <var>callback</var> should take five arguments: A Connection object, an X509 object,
 and three integer variables, which are in turn potential error number, error
 depth and return code. <var>callback</var> should return true if verification passes
 and false otherwise.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-131'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
 <dd>
 Set the maximum depth for the certificate chain verification that shall be
 allowed for this Context object.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-132'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
 <dd>
 Use the certificate <var>cert</var> which has to be a X509 object.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-133'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
 <dd>
 Adds the certificate <var>cert</var>, which has to be a X509 object, to the
 certificate chain presented together with the certificate.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-134'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
 <dd>
 Load a certificate chain from <var>file</var> which must be PEM encoded.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-135'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
 <dd>
 Use the private key <var>pkey</var> which has to be a PKey object.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-136'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
 <dd>
 Load the first certificate found in <var>file</var>. The certificate must be in the
 format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
 <tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
 </dl>
 <P>
 <dl><dt><b><a name='l2h-137'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
 <dd>
 Load the first private key found in <var>file</var>. The private key must be in the
 format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
 <tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
 </dl>
 <P>

 <DIV CLASS="navigation">
 <p><hr>
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-ssl.html"><img src="previous.gif"
 border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-ssl.html"><img src="up.gif"
 border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-connection.html"><img src="next.gif"
 border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
 border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
   alt="" width="32"></td>
 <td><img src="blank.gif"
   border="0" height="32"
   alt="" width="32"></td>
 </tr></table>
 <b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
 <hr>
 <span class="release-info">Release 0.6.</span>
 </DIV>
 <!--End of Navigation Panel-->

 </BODY>
 </HTML>
	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	<html>
	<head>
	<title>3.3.1 Context objects </title>
	<META NAME="description" CONTENT="3.3.1 Context objects ">
	<META NAME="keywords" CONTENT="pyOpenSSL">
	<META NAME="resource-type" CONTENT="document">
	<META NAME="distribution" CONTENT="global">
	<link rel="STYLESHEET" href="pyOpenSSL.css">
	<LINK REL="next" href="openssl-connection.html">
	<LINK REL="previous" href="openssl-ssl.html">
	<LINK REL="up" href="openssl-ssl.html">
	<LINK REL="next" href="openssl-connection.html">
	</head>
	<body>
	<DIV CLASS="navigation">
	<table align="center" width="100%" cellpadding="0" cellspacing="2">
	<tr>
	<td><A href="openssl-ssl.html"><img src="previous.gif"
	border="0" height="32"
	alt="Previous Page" width="32"></A></td>
	<td><A href="openssl-ssl.html"><img src="up.gif"
	border="0" height="32"
	alt="Up One Level" width="32"></A></td>
	<td><A href="openssl-connection.html"><img src="next.gif"
	border="0" height="32"
	alt="Next Page" width="32"></A></td>
	<td align="center" width="100%">Python OpenSSL Manual</td>
	<td><A href="contents.html"><img src="contents.gif"
	border="0" height="32"
	alt="Contents" width="32"></A></td>
	<td><img src="blank.gif"
	border="0" height="32"
	alt="" width="32"></td>
	<td><img src="blank.gif"
	border="0" height="32"
	alt="" width="32"></td>
	</tr></table>
	<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
	<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
	<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
	<br><hr>
	</DIV>
	<!--End of Navigation Panel-->

	<H3><A NAME="SECTION000431000000000000000"> </A>
	<BR>
	3.3.1 Context objects
	</H3>
	<P>
	<EM><EM><EM>Context objects have the following methods:
	</EM></EM></EM>
	<P>
	<dl><dt><b><a name='l2h-114'><tt class='method'>check_privatekey</tt></a></b>()
	<dd>
	Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>)
	matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>).
	Returns true if they match, false otherwise.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-115'><tt class='method'>get_app_data</tt></a></b>()
	<dd>
	Retrieve application data as set by <tt class="method">set_app_data</tt>.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-116'><tt class='method'>get_cert_store</tt></a></b>()
	<dd>
	Retrieve the certificate store (a X509Store object) that the context uses.
	This can be used to add "trusted" certificates without using the.
	<tt class="method">load_verify_locations()</tt> method.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-117'><tt class='method'>get_timeout</tt></a></b>()
	<dd>
	Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300
	seconds.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-118'><tt class='method'>get_verify_depth</tt></a></b>()
	<dd>
	Retrieve the Context object's verify depth, as set by
	<tt class="method">set_verify_depth</tt>.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-119'><tt class='method'>get_verify_mode</tt></a></b>()
	<dd>
	Retrieve the Context object's verify mode, as set by <tt class="method">set_verify_mode</tt>.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-120'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
	<dd>
	Read a file with PEM-formatted certificates that will be sent to the client
	when requesting a client certificate.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-121'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile</var>)
	<dd>
	Specify where CA certificates for verification purposes are located. These are
	trusted certificates. Note that the certificates have to be in PEM format.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-122'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
	<dd>
	Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-123'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
	<dd>
	Associate <var>data</var> with this Context object. <var>data</var> can be retrieved
	later using the <tt class="method">get_app_data</tt> method.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-124'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
	<dd>
	Set the list of ciphers to be used in this context. See the OpenSSL manual for
	more information (e.g. ciphers(1))
	</dl>
	<P>
	<dl><dt><b><a name='l2h-125'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
	<dd>
	Set the information callback to <var>callback</var>. This function will be called
	from time to time during SSL handshakes.
	<var>callback</var> should take three arguments: a Connection object and two
	integers. The first integer specifies where in the SSL handshake the function
	was called, and the other the return code from a (possibly failed) internal
	function call.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-126'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
	<dd>
	Add SSL options. Options you have set before are not cleared!
	This method should be used with the <tt class="constant">OP_*</tt> constants.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-127'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
	<dd>
	Set the passphrase callback to <var>callback</var>. This function will be called
	when a private key with a passphrase is loaded.
	<var>callback</var> should take a boolean argument <var>repeat</var> and an arbitrary
	argument <var>data</var> and return the passphrase entered by the user. If
	<var>repeat</var> is true then <var>callback</var> should ask for the passphrase twice
	and make sure that the two entries are equal. The <var>data</var> argument is the
	<var>userdata</var> variable passed to the <tt class="method">set_passwd_cb</tt> method. If an
	error occurs, <var>callback</var> should return a false value (e.g. an empty
	string).
	</dl>
	<P>
	<dl><dt><b><a name='l2h-128'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
	<dd>
	Set the context <var>name</var> within which a session can be reused for this
	Context object. This is needed when doing session resumption, because there is
	no way for a stored session to know which Context object it is associated with.
	<var>name</var> may be any binary data.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-129'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
	<dd>
	Set the timeout for newly created sessions for this Context object to
	<var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default
	value is 300 seconds. See the OpenSSL manual for more information (e.g.
	SSL_CTX_set_timeout(3)).
	</dl>
	<P>
	<dl><dt><b><a name='l2h-130'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
	<dd>
	Set the verification flags for this Context object to <var>mode</var> and specify
	that <var>callback</var> should be used for verification callbacks. <var>mode</var>
	should be one of <tt class="constant">VERIFY_NONE</tt> and <tt class="constant">VERIFY_PEER</tt>. If
	<tt class="constant">VERIFY_PEER</tt> is used, <var>mode</var> can be OR:ed with
	<tt class="constant">VERIFY_FAIL_IF_NO_PEER_CERT</tt> and <tt class="constant">VERIFY_CLIENT_ONCE</tt> to
	further control the behaviour.
	<var>callback</var> should take five arguments: A Connection object, an X509 object,
	and three integer variables, which are in turn potential error number, error
	depth and return code. <var>callback</var> should return true if verification passes
	and false otherwise.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-131'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
	<dd>
	Set the maximum depth for the certificate chain verification that shall be
	allowed for this Context object.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-132'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
	<dd>
	Use the certificate <var>cert</var> which has to be a X509 object.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-133'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
	<dd>
	Adds the certificate <var>cert</var>, which has to be a X509 object, to the
	certificate chain presented together with the certificate.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-134'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
	<dd>
	Load a certificate chain from <var>file</var> which must be PEM encoded.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-135'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
	<dd>
	Use the private key <var>pkey</var> which has to be a PKey object.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-136'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
	<dd>
	Load the first certificate found in <var>file</var>. The certificate must be in the
	format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
	<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
	</dl>
	<P>
	<dl><dt><b><a name='l2h-137'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
	<dd>
	Load the first private key found in <var>file</var>. The private key must be in the
	format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
	<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
	</dl>
	<P>

	<DIV CLASS="navigation">
	<p><hr>
	<table align="center" width="100%" cellpadding="0" cellspacing="2">
	<tr>
	<td><A href="openssl-ssl.html"><img src="previous.gif"
	border="0" height="32"
	alt="Previous Page" width="32"></A></td>
	<td><A href="openssl-ssl.html"><img src="up.gif"
	border="0" height="32"
	alt="Up One Level" width="32"></A></td>
	<td><A href="openssl-connection.html"><img src="next.gif"
	border="0" height="32"
	alt="Next Page" width="32"></A></td>
	<td align="center" width="100%">Python OpenSSL Manual</td>
	<td><A href="contents.html"><img src="contents.gif"
	border="0" height="32"
	alt="Contents" width="32"></A></td>
	<td><img src="blank.gif"
	border="0" height="32"
	alt="" width="32"></td>
	<td><img src="blank.gif"
	border="0" height="32"
	alt="" width="32"></td>
	</tr></table>
	<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
	<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
	<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
	<hr>
	<span class="release-info">Release 0.6.</span>
	</DIV>
	<!--End of Navigation Panel-->

	</BODY>
	</HTML>