old-doc/html/openssl-context.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>3.3.1 Context objects </title>
<META NAME="description" CONTENT="3.3.1 Context objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<link rel="STYLESHEET" href="pyOpenSSL.css">
<LINK REL="next" href="openssl-connection.html">
<LINK REL="previous" href="openssl-ssl.html">
<LINK REL="up" href="openssl-ssl.html">
<LINK REL="next" href="openssl-connection.html">
</head>
<body>
<DIV CLASS="navigation">
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl-ssl.html"><img src="previous.gif"
  border="0" height="32"
  alt="Previous Page" width="32"></A></td>
<td><A href="openssl-ssl.html"><img src="up.gif"
  border="0" height="32"
  alt="Up One Level" width="32"></A></td>
<td><A href="openssl-connection.html"><img src="next.gif"
  border="0" height="32"
  alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
  border="0" height="32"
  alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
  border="0" height="32"
  alt="" width="32"></td>
<td><img src="blank.gif"
  border="0" height="32"
  alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->

<H3><A NAME="SECTION000431000000000000000">&nbsp;</A>
<BR>
3.3.1 Context objects 
</H3>

<P>
Context objects have the following methods:

<P>
<dl><dt><b><a name='l2h-152'><tt class='method'>check_privatekey</tt></a></b>()
<dd>
Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>)
matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>).
Returns <code>None</code> if they match, raises <tt class="exception">Error</tt> otherwise.
</dl>

<P>
<dl><dt><b><a name='l2h-153'><tt class='method'>get_app_data</tt></a></b>()
<dd>
Retrieve application data as set by <tt class="method">set_app_data</tt>.
</dl>

<P>
<dl><dt><b><a name='l2h-154'><tt class='method'>get_cert_store</tt></a></b>()
<dd>
Retrieve the certificate store (a X509Store object) that the context uses.
This can be used to add "trusted" certificates without using the.
<tt class="method">load_verify_locations()</tt> method.
</dl>

<P>
<dl><dt><b><a name='l2h-155'><tt class='method'>get_timeout</tt></a></b>()
<dd>
Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300
seconds.
</dl>

<P>
<dl><dt><b><a name='l2h-156'><tt class='method'>get_verify_depth</tt></a></b>()
<dd>
Retrieve the Context object's verify depth, as set by
<tt class="method">set_verify_depth</tt>.
</dl>

<P>
<dl><dt><b><a name='l2h-157'><tt class='method'>get_verify_mode</tt></a></b>()
<dd>
Retrieve the Context object's verify mode, as set by <tt class="method">set_verify</tt>.
</dl>

<P>
<dl><dt><b><a name='l2h-158'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
<dd>
Read a file with PEM-formatted certificates that will be sent to the client
when requesting a client certificate.
</dl>

<P>
<dl><dt><b><a name='l2h-159'><tt class='method'>set_client_ca_list</tt></a></b>(<var>certificate_authorities</var>)
<dd>
Replace the current list of preferred certificate signers that would be
sent to the client when requesting a client certificate with the
<var>certificate_authorities</var> sequence of <tt class="class">OpenSSL.crypto.X509Name</tt>s.

<P>

<span class='versionnote'>New in version 0.10.</span>

</dl>

<P>
<dl><dt><b><a name='l2h-160'><tt class='method'>add_client_ca</tt></a></b>(<var>certificate_authority</var>)
<dd>
Extract a <tt class="class">OpenSSL.crypto.X509Name</tt> from the <var>certificate_authority</var>
<tt class="class">OpenSSL.crypto.X509</tt> certificate and add it to the list of preferred
certificate signers sent to the client when requesting a client certificate.

<P>

<span class='versionnote'>New in version 0.10.</span>

</dl>

<P>
<dl><dt><b><a name='l2h-161'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile, capath</var>)
<dd>
Specify where CA certificates for verification purposes are located. These
are trusted certificates. Note that the certificates have to be in PEM
format.  If capath is passed, it must be a directory prepared using the
<code>c_rehash</code> tool included with OpenSSL.  Either, but not both, of
<var>pemfile</var> or <var>capath</var> may be <code>None</code>.
</dl>

<P>
<dl><dt><b><a name='l2h-162'><tt class='method'>set_default_verify_paths</tt></a></b>()
<dd>
Specify that the platform provided CA certificates are to be used for
verification purposes.  This method may not work properly on OS X.
</dl>

<P>
<dl><dt><b><a name='l2h-163'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
<dd>
Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>.
</dl>

<P>
<dl><dt><b><a name='l2h-164'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
<dd>
Associate <var>data</var> with this Context object. <var>data</var> can be retrieved
later using the <tt class="method">get_app_data</tt> method.
</dl>

<P>
<dl><dt><b><a name='l2h-165'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
<dd>
Set the list of ciphers to be used in this context. See the OpenSSL manual for
more information (e.g. ciphers(1))
</dl>

<P>
<dl><dt><b><a name='l2h-166'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
<dd>
Set the information callback to <var>callback</var>. This function will be called
from time to time during SSL handshakes.
<var>callback</var> should take three arguments: a Connection object and two
integers. The first integer specifies where in the SSL handshake the function
was called, and the other the return code from a (possibly failed) internal
function call.
</dl>

<P>
<dl><dt><b><a name='l2h-167'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
<dd>
Add SSL options. Options you have set before are not cleared!
This method should be used with the <tt class="constant">OP_*</tt> constants.
</dl>

<P>
<dl><dt><b><a name='l2h-168'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
<dd>
Set the passphrase callback to <var>callback</var>. This function will be called
when a private key with a passphrase is loaded. <var>callback</var> must accept
three positional arguments.  First, an integer giving the maximum length of
the passphrase it may return.  If the returned passphrase is longer than
this, it will be truncated.  Second, a boolean value which will be true if
the user should be prompted for the passphrase twice and the callback should
verify that the two values supplied are equal. Third, the value given as the
<var>userdata</var> parameter to <tt class="method">set_passwd_cb</tt>.  If an error occurs,
<var>callback</var> should return a false value (e.g. an empty string).
</dl>

<P>
<dl><dt><b><a name='l2h-169'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
<dd>
Set the context <var>name</var> within which a session can be reused for this
Context object. This is needed when doing session resumption, because there is
no way for a stored session to know which Context object it is associated with.
<var>name</var> may be any binary data.
</dl>

<P>
<dl><dt><b><a name='l2h-170'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
<dd>
Set the timeout for newly created sessions for this Context object to
<var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default
value is 300 seconds. See the OpenSSL manual for more information (e.g.
SSL_CTX_set_timeout(3)).
</dl>

<P>
<dl><dt><b><a name='l2h-171'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
<dd>
Set the verification flags for this Context object to <var>mode</var> and specify
that <var>callback</var> should be used for verification callbacks. <var>mode</var>
should be one of <tt class="constant">VERIFY_NONE</tt> and <tt class="constant">VERIFY_PEER</tt>. If
<tt class="constant">VERIFY_PEER</tt> is used, <var>mode</var> can be OR:ed with
<tt class="constant">VERIFY_FAIL_IF_NO_PEER_CERT</tt> and <tt class="constant">VERIFY_CLIENT_ONCE</tt> to
further control the behaviour.
<var>callback</var> should take five arguments: A Connection object, an X509 object,
and three integer variables, which are in turn potential error number, error
depth and return code. <var>callback</var> should return true if verification passes
and false otherwise.
</dl>

<P>
<dl><dt><b><a name='l2h-172'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
<dd>
Set the maximum depth for the certificate chain verification that shall be
allowed for this Context object.
</dl>

<P>
<dl><dt><b><a name='l2h-173'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
<dd>
Use the certificate <var>cert</var> which has to be a X509 object.
</dl>

<P>
<dl><dt><b><a name='l2h-174'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
<dd>
Adds the certificate <var>cert</var>, which has to be a X509 object, to the
certificate chain presented together with the certificate.
</dl>

<P>
<dl><dt><b><a name='l2h-175'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
<dd>
Load a certificate chain from <var>file</var> which must be PEM encoded.
</dl>

<P>
<dl><dt><b><a name='l2h-176'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
<dd>
Use the private key <var>pkey</var> which has to be a PKey object.
</dl>

<P>
<dl><dt><b><a name='l2h-177'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first certificate found in <var>file</var>. The certificate must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
</dl>

<P>
<dl><dt><b><a name='l2h-178'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first private key found in <var>file</var>. The private key must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
<tt class="constant">FILETYPE_ASN1</tt>. The default is <tt class="constant">FILETYPE_PEM</tt>.
</dl>

<P>

<DIV CLASS="navigation">
<p><hr>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl-ssl.html"><img src="previous.gif"
  border="0" height="32"
  alt="Previous Page" width="32"></A></td>
<td><A href="openssl-ssl.html"><img src="up.gif"
  border="0" height="32"
  alt="Up One Level" width="32"></A></td>
<td><A href="openssl-connection.html"><img src="next.gif"
  border="0" height="32"
  alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
  border="0" height="32"
  alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
  border="0" height="32"
  alt="" width="32"></td>
<td><img src="blank.gif"
  border="0" height="32"
  alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
<hr>
<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->

</BODY>
</HTML>