| <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| <html> |
| <head> |
| <title>3.3.1 Context objects </title> |
| <META NAME="description" CONTENT="3.3.1 Context objects "> |
| <META NAME="keywords" CONTENT="pyOpenSSL"> |
| <META NAME="resource-type" CONTENT="document"> |
| <META NAME="distribution" CONTENT="global"> |
| <link rel="STYLESHEET" href="pyOpenSSL.css"> |
| <LINK REL="next" href="openssl-connection.html"> |
| <LINK REL="previous" href="openssl-ssl.html"> |
| <LINK REL="up" href="openssl-ssl.html"> |
| <LINK REL="next" href="openssl-connection.html"> |
| </head> |
| <body> |
| <DIV CLASS="navigation"> |
| <table align="center" width="100%" cellpadding="0" cellspacing="2"> |
| <tr> |
| <td><A href="openssl-ssl.html"><img src="previous.gif" |
| border="0" height="32" |
| alt="Previous Page" width="32"></A></td> |
| <td><A href="openssl-ssl.html"><img src="up.gif" |
| border="0" height="32" |
| alt="Up One Level" width="32"></A></td> |
| <td><A href="openssl-connection.html"><img src="next.gif" |
| border="0" height="32" |
| alt="Next Page" width="32"></A></td> |
| <td align="center" width="100%">Python OpenSSL Manual</td> |
| <td><A href="contents.html"><img src="contents.gif" |
| border="0" height="32" |
| alt="Contents" width="32"></A></td> |
| <td><img src="blank.gif" |
| border="0" height="32" |
| alt="" width="32"></td> |
| <td><img src="blank.gif" |
| border="0" height="32" |
| alt="" width="32"></td> |
| </tr></table> |
| <b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> |
| <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> |
| <b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A> |
| <br><hr> |
| </DIV> |
| <!--End of Navigation Panel--> |
| |
| <H3><A NAME="SECTION000431000000000000000"> </A> |
| <BR> |
| 3.3.1 Context objects |
| </H3> |
| |
| <P> |
| Context objects have the following methods: |
| |
| <P> |
| <dl><dt><b><a name='l2h-152'><tt class='method'>check_privatekey</tt></a></b>() |
| <dd> |
| Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>) |
| matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>). |
| Returns <code>None</code> if they match, raises <tt class="exception">Error</tt> otherwise. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-153'><tt class='method'>get_app_data</tt></a></b>() |
| <dd> |
| Retrieve application data as set by <tt class="method">set_app_data</tt>. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-154'><tt class='method'>get_cert_store</tt></a></b>() |
| <dd> |
| Retrieve the certificate store (a X509Store object) that the context uses. |
| This can be used to add "trusted" certificates without using the. |
| <tt class="method">load_verify_locations()</tt> method. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-155'><tt class='method'>get_timeout</tt></a></b>() |
| <dd> |
| Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300 |
| seconds. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-156'><tt class='method'>get_verify_depth</tt></a></b>() |
| <dd> |
| Retrieve the Context object's verify depth, as set by |
| <tt class="method">set_verify_depth</tt>. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-157'><tt class='method'>get_verify_mode</tt></a></b>() |
| <dd> |
| Retrieve the Context object's verify mode, as set by <tt class="method">set_verify</tt>. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-158'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>) |
| <dd> |
| Read a file with PEM-formatted certificates that will be sent to the client |
| when requesting a client certificate. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-159'><tt class='method'>set_client_ca_list</tt></a></b>(<var>certificate_authorities</var>) |
| <dd> |
| Replace the current list of preferred certificate signers that would be |
| sent to the client when requesting a client certificate with the |
| <var>certificate_authorities</var> sequence of <tt class="class">OpenSSL.crypto.X509Name</tt>s. |
| |
| <P> |
| |
| <span class='versionnote'>New in version 0.10.</span> |
| |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-160'><tt class='method'>add_client_ca</tt></a></b>(<var>certificate_authority</var>) |
| <dd> |
| Extract a <tt class="class">OpenSSL.crypto.X509Name</tt> from the <var>certificate_authority</var> |
| <tt class="class">OpenSSL.crypto.X509</tt> certificate and add it to the list of preferred |
| certificate signers sent to the client when requesting a client certificate. |
| |
| <P> |
| |
| <span class='versionnote'>New in version 0.10.</span> |
| |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-161'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile, capath</var>) |
| <dd> |
| Specify where CA certificates for verification purposes are located. These |
| are trusted certificates. Note that the certificates have to be in PEM |
| format. If capath is passed, it must be a directory prepared using the |
| <code>c_rehash</code> tool included with OpenSSL. Either, but not both, of |
| <var>pemfile</var> or <var>capath</var> may be <code>None</code>. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-162'><tt class='method'>set_default_verify_paths</tt></a></b>() |
| <dd> |
| Specify that the platform provided CA certificates are to be used for |
| verification purposes. This method may not work properly on OS X. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-163'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>) |
| <dd> |
| Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-164'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>) |
| <dd> |
| Associate <var>data</var> with this Context object. <var>data</var> can be retrieved |
| later using the <tt class="method">get_app_data</tt> method. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-165'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>) |
| <dd> |
| Set the list of ciphers to be used in this context. See the OpenSSL manual for |
| more information (e.g. ciphers(1)) |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-166'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>) |
| <dd> |
| Set the information callback to <var>callback</var>. This function will be called |
| from time to time during SSL handshakes. |
| <var>callback</var> should take three arguments: a Connection object and two |
| integers. The first integer specifies where in the SSL handshake the function |
| was called, and the other the return code from a (possibly failed) internal |
| function call. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-167'><tt class='method'>set_options</tt></a></b>(<var>options</var>) |
| <dd> |
| Add SSL options. Options you have set before are not cleared! |
| This method should be used with the <tt class="constant">OP_*</tt> constants. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-168'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>) |
| <dd> |
| Set the passphrase callback to <var>callback</var>. This function will be called |
| when a private key with a passphrase is loaded. <var>callback</var> must accept |
| three positional arguments. First, an integer giving the maximum length of |
| the passphrase it may return. If the returned passphrase is longer than |
| this, it will be truncated. Second, a boolean value which will be true if |
| the user should be prompted for the passphrase twice and the callback should |
| verify that the two values supplied are equal. Third, the value given as the |
| <var>userdata</var> parameter to <tt class="method">set_passwd_cb</tt>. If an error occurs, |
| <var>callback</var> should return a false value (e.g. an empty string). |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-169'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>) |
| <dd> |
| Set the context <var>name</var> within which a session can be reused for this |
| Context object. This is needed when doing session resumption, because there is |
| no way for a stored session to know which Context object it is associated with. |
| <var>name</var> may be any binary data. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-170'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>) |
| <dd> |
| Set the timeout for newly created sessions for this Context object to |
| <var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default |
| value is 300 seconds. See the OpenSSL manual for more information (e.g. |
| SSL_CTX_set_timeout(3)). |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-171'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>) |
| <dd> |
| Set the verification flags for this Context object to <var>mode</var> and specify |
| that <var>callback</var> should be used for verification callbacks. <var>mode</var> |
| should be one of <tt class="constant">VERIFY_NONE</tt> and <tt class="constant">VERIFY_PEER</tt>. If |
| <tt class="constant">VERIFY_PEER</tt> is used, <var>mode</var> can be OR:ed with |
| <tt class="constant">VERIFY_FAIL_IF_NO_PEER_CERT</tt> and <tt class="constant">VERIFY_CLIENT_ONCE</tt> to |
| further control the behaviour. |
| <var>callback</var> should take five arguments: A Connection object, an X509 object, |
| and three integer variables, which are in turn potential error number, error |
| depth and return code. <var>callback</var> should return true if verification passes |
| and false otherwise. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-172'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>) |
| <dd> |
| Set the maximum depth for the certificate chain verification that shall be |
| allowed for this Context object. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-173'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>) |
| <dd> |
| Use the certificate <var>cert</var> which has to be a X509 object. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-174'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>) |
| <dd> |
| Adds the certificate <var>cert</var>, which has to be a X509 object, to the |
| certificate chain presented together with the certificate. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-175'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>) |
| <dd> |
| Load a certificate chain from <var>file</var> which must be PEM encoded. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-176'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>) |
| <dd> |
| Use the private key <var>pkey</var> which has to be a PKey object. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-177'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>) |
| <dd> |
| Load the first certificate found in <var>file</var>. The certificate must be in the |
| format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or |
| <tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>. |
| </dl> |
| |
| <P> |
| <dl><dt><b><a name='l2h-178'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>) |
| <dd> |
| Load the first private key found in <var>file</var>. The private key must be in the |
| format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or |
| <tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>. |
| </dl> |
| |
| <P> |
| |
| <DIV CLASS="navigation"> |
| <p><hr> |
| <table align="center" width="100%" cellpadding="0" cellspacing="2"> |
| <tr> |
| <td><A href="openssl-ssl.html"><img src="previous.gif" |
| border="0" height="32" |
| alt="Previous Page" width="32"></A></td> |
| <td><A href="openssl-ssl.html"><img src="up.gif" |
| border="0" height="32" |
| alt="Up One Level" width="32"></A></td> |
| <td><A href="openssl-connection.html"><img src="next.gif" |
| border="0" height="32" |
| alt="Next Page" width="32"></A></td> |
| <td align="center" width="100%">Python OpenSSL Manual</td> |
| <td><A href="contents.html"><img src="contents.gif" |
| border="0" height="32" |
| alt="Contents" width="32"></A></td> |
| <td><img src="blank.gif" |
| border="0" height="32" |
| alt="" width="32"></td> |
| <td><img src="blank.gif" |
| border="0" height="32" |
| alt="" width="32"></td> |
| </tr></table> |
| <b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> |
| <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A> |
| <b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A> |
| <hr> |
| <span class="release-info">Release 0.12.</span> |
| </DIV> |
| <!--End of Navigation Panel--> |
| |
| </BODY> |
| </HTML> |