| <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| <html> |
| <head> |
| <title>3.3.1 Context objects </title> |
| <META NAME="description" CONTENT="3.3.1 Context objects "> |
| <META NAME="keywords" CONTENT="pyOpenSSL"> |
| <META NAME="resource-type" CONTENT="document"> |
| <META NAME="distribution" CONTENT="global"> |
| <link rel="STYLESHEET" href="pyOpenSSL.css"> |
| <LINK REL="next" href="openssl-connection.html"> |
| <LINK REL="previous" href="openssl-ssl.html"> |
| <LINK REL="up" href="openssl-ssl.html"> |
| <LINK REL="next" href="openssl-connection.html"> |
| </head> |
| <body> |
| <DIV CLASS="navigation"> |
| <table align="center" width="100%" cellpadding="0" cellspacing="2"> |
| <tr> |
| <td><A href="openssl-ssl.html"><img src="previous.gif" |
| border="0" height="32" |
| alt="Previous Page" width="32"></A></td> |
| <td><A href="openssl-ssl.html"><img src="up.gif" |
| border="0" height="32" |
| alt="Up One Level" width="32"></A></td> |
| <td><A href="openssl-connection.html"><img src="next.gif" |
| border="0" height="32" |
| alt="Next Page" width="32"></A></td> |
| <td align="center" width="100%">Python OpenSSL Manual</td> |
| <td><A href="contents.html"><img src="contents.gif" |
| border="0" height="32" |
| alt="Contents" width="32"></A></td> |
| <td><img src="blank.gif" |
| border="0" height="32" |
| alt="" width="32"></td> |
| <td><img src="blank.gif" |
| border="0" height="32" |
| alt="" width="32"></td> |
| </tr></table> |
| <b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> |
| <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> |
| <b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A> |
| <br><hr> |
| </DIV> |
| <!--End of Navigation Panel--> |
| |
| <H3><A NAME="SECTION000431000000000000000"> </A> |
| <BR> |
| 3.3.1 Context objects |
| </H3> |
| <P> |
| <EM><EM><EM>Context objects have the following methods: |
| </EM></EM></EM> |
| <P> |
| <dl><dt><b><a name='l2h-114'><tt class='method'>check_privatekey</tt></a></b>() |
| <dd> |
| Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>) |
| matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>). |
| Returns true if they match, false otherwise. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-115'><tt class='method'>get_app_data</tt></a></b>() |
| <dd> |
| Retrieve application data as set by <tt class="method">set_app_data</tt>. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-116'><tt class='method'>get_cert_store</tt></a></b>() |
| <dd> |
| Retrieve the certificate store (a X509Store object) that the context uses. |
| This can be used to add "trusted" certificates without using the. |
| <tt class="method">load_verify_locations()</tt> method. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-117'><tt class='method'>get_timeout</tt></a></b>() |
| <dd> |
| Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300 |
| seconds. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-118'><tt class='method'>get_verify_depth</tt></a></b>() |
| <dd> |
| Retrieve the Context object's verify depth, as set by |
| <tt class="method">set_verify_depth</tt>. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-119'><tt class='method'>get_verify_mode</tt></a></b>() |
| <dd> |
| Retrieve the Context object's verify mode, as set by <tt class="method">set_verify_mode</tt>. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-120'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>) |
| <dd> |
| Read a file with PEM-formatted certificates that will be sent to the client |
| when requesting a client certificate. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-121'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile</var>) |
| <dd> |
| Specify where CA certificates for verification purposes are located. These are |
| trusted certificates. Note that the certificates have to be in PEM format. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-122'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>) |
| <dd> |
| Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-123'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>) |
| <dd> |
| Associate <var>data</var> with this Context object. <var>data</var> can be retrieved |
| later using the <tt class="method">get_app_data</tt> method. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-124'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>) |
| <dd> |
| Set the list of ciphers to be used in this context. See the OpenSSL manual for |
| more information (e.g. ciphers(1)) |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-125'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>) |
| <dd> |
| Set the information callback to <var>callback</var>. This function will be called |
| from time to time during SSL handshakes. |
| <var>callback</var> should take three arguments: a Connection object and two |
| integers. The first integer specifies where in the SSL handshake the function |
| was called, and the other the return code from a (possibly failed) internal |
| function call. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-126'><tt class='method'>set_options</tt></a></b>(<var>options</var>) |
| <dd> |
| Add SSL options. Options you have set before are not cleared! |
| This method should be used with the <tt class="constant">OP_*</tt> constants. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-127'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>) |
| <dd> |
| Set the passphrase callback to <var>callback</var>. This function will be called |
| when a private key with a passphrase is loaded. |
| <var>callback</var> should take a boolean argument <var>repeat</var> and an arbitrary |
| argument <var>data</var> and return the passphrase entered by the user. If |
| <var>repeat</var> is true then <var>callback</var> should ask for the passphrase twice |
| and make sure that the two entries are equal. The <var>data</var> argument is the |
| <var>userdata</var> variable passed to the <tt class="method">set_passwd_cb</tt> method. If an |
| error occurs, <var>callback</var> should return a false value (e.g. an empty |
| string). |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-128'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>) |
| <dd> |
| Set the context <var>name</var> within which a session can be reused for this |
| Context object. This is needed when doing session resumption, because there is |
| no way for a stored session to know which Context object it is associated with. |
| <var>name</var> may be any binary data. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-129'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>) |
| <dd> |
| Set the timeout for newly created sessions for this Context object to |
| <var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default |
| value is 300 seconds. See the OpenSSL manual for more information (e.g. |
| SSL_CTX_set_timeout(3)). |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-130'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>) |
| <dd> |
| Set the verification flags for this Context object to <var>mode</var> and specify |
| that <var>callback</var> should be used for verification callbacks. <var>mode</var> |
| should be one of <tt class="constant">VERIFY_NONE</tt> and <tt class="constant">VERIFY_PEER</tt>. If |
| <tt class="constant">VERIFY_PEER</tt> is used, <var>mode</var> can be OR:ed with |
| <tt class="constant">VERIFY_FAIL_IF_NO_PEER_CERT</tt> and <tt class="constant">VERIFY_CLIENT_ONCE</tt> to |
| further control the behaviour. |
| <var>callback</var> should take five arguments: A Connection object, an X509 object, |
| and three integer variables, which are in turn potential error number, error |
| depth and return code. <var>callback</var> should return true if verification passes |
| and false otherwise. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-131'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>) |
| <dd> |
| Set the maximum depth for the certificate chain verification that shall be |
| allowed for this Context object. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-132'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>) |
| <dd> |
| Use the certificate <var>cert</var> which has to be a X509 object. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-133'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>) |
| <dd> |
| Adds the certificate <var>cert</var>, which has to be a X509 object, to the |
| certificate chain presented together with the certificate. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-134'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>) |
| <dd> |
| Load a certificate chain from <var>file</var> which must be PEM encoded. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-135'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>) |
| <dd> |
| Use the private key <var>pkey</var> which has to be a PKey object. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-136'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>) |
| <dd> |
| Load the first certificate found in <var>file</var>. The certificate must be in the |
| format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or |
| <tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>. |
| </dl> |
| <P> |
| <dl><dt><b><a name='l2h-137'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>) |
| <dd> |
| Load the first private key found in <var>file</var>. The private key must be in the |
| format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or |
| <tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>. |
| </dl> |
| <P> |
| |
| <DIV CLASS="navigation"> |
| <p><hr> |
| <table align="center" width="100%" cellpadding="0" cellspacing="2"> |
| <tr> |
| <td><A href="openssl-ssl.html"><img src="previous.gif" |
| border="0" height="32" |
| alt="Previous Page" width="32"></A></td> |
| <td><A href="openssl-ssl.html"><img src="up.gif" |
| border="0" height="32" |
| alt="Up One Level" width="32"></A></td> |
| <td><A href="openssl-connection.html"><img src="next.gif" |
| border="0" height="32" |
| alt="Next Page" width="32"></A></td> |
| <td align="center" width="100%">Python OpenSSL Manual</td> |
| <td><A href="contents.html"><img src="contents.gif" |
| border="0" height="32" |
| alt="Contents" width="32"></A></td> |
| <td><img src="blank.gif" |
| border="0" height="32" |
| alt="" width="32"></td> |
| <td><img src="blank.gif" |
| border="0" height="32" |
| alt="" width="32"></td> |
| </tr></table> |
| <b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> |
| <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> |
| <b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A> |
| <hr> |
| <span class="release-info">Release 0.6.</span> |
| </DIV> |
| <!--End of Navigation Panel--> |
| |
| </BODY> |
| </HTML> |