blob: e3ac0bbbffff266f49fa433c743939b9a6437c63 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
2<html>
3<head>
4<title>3.3 SSL -- An interface to the SSL-specific parts of OpenSSL </title>
5<META NAME="description" CONTENT="3.3 SSL -- An interface to the SSL-specific parts of OpenSSL ">
6<META NAME="keywords" CONTENT="pyOpenSSL">
7<META NAME="resource-type" CONTENT="document">
8<META NAME="distribution" CONTENT="global">
9<link rel="STYLESHEET" href="pyOpenSSL.css">
10<LINK REL="previous" href="openssl-rand.html">
11<LINK REL="up" href="openssl.html">
12<LINK REL="next" href="openssl-context.html">
13</head>
14<body>
15<DIV CLASS="navigation">
16<table align="center" width="100%" cellpadding="0" cellspacing="2">
17<tr>
18<td><A href="openssl-rand.html"><img src="previous.gif"
19border="0" height="32"
20 alt="Previous Page" width="32"></A></td>
21<td><A href="openssl.html"><img src="up.gif"
22border="0" height="32"
23 alt="Up One Level" width="32"></A></td>
24<td><A href="openssl-context.html"><img src="next.gif"
25border="0" height="32"
26 alt="Next Page" width="32"></A></td>
27<td align="center" width="100%">Python OpenSSL Manual</td>
28<td><A href="contents.html"><img src="contents.gif"
29border="0" height="32"
30 alt="Contents" width="32"></A></td>
31<td><img src="blank.gif"
32 border="0" height="32"
33 alt="" width="32"></td>
34<td><img src="blank.gif"
35 border="0" height="32"
36 alt="" width="32"></td>
37</tr></table>
38<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-rand.html">3.2 rand </A>
39<b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
40<b class="navlabel">Next:</b> <a class="sectref" href="openssl-context.html">3.3.1 Context objects</A>
41<br><hr>
42</DIV>
43<!--End of Navigation Panel-->
44<H2><A NAME="SECTION000430000000000000000">&nbsp;</A>
45<BR>
463.3 <tt class="module">SSL</tt> -- An interface to the SSL-specific parts of OpenSSL
47</H2>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -050048
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050049<P>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -050050
51
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050052<P>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -050053This module handles things specific to SSL. There are two objects defined:
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050054Context, Connection.
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -050055
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050056<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -040057<dl><dt><b><a name='l2h-96'><tt>SSLv2_METHOD</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050058<dd>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -040059<dt><b><a name='l2h-110'><tt>SSLv3_METHOD</tt></a></b><dd>
60<dt><b><a name='l2h-111'><tt>SSLv23_METHOD</tt></a></b><dd>
61<dt><b><a name='l2h-112'><tt>TLSv1_METHOD</tt></a></b><dd>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050062These constants represent the different SSL methods to use when creating a
63context object.
64</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -050065
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050066<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -040067<dl><dt><b><a name='l2h-97'><tt>VERIFY_NONE</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050068<dd>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -040069<dt><b><a name='l2h-113'><tt>VERIFY_PEER</tt></a></b><dd>
70<dt><b><a name='l2h-114'><tt>VERIFY_FAIL_IF_NO_PEER_CERT</tt></a></b><dd>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050071These constants represent the verification mode used by the Context
72object's <tt class="method">set_verify</tt> method.
73</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -050074
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050075<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -040076<dl><dt><b><a name='l2h-98'><tt>FILETYPE_PEM</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050077<dd>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -040078<dt><b><a name='l2h-115'><tt>FILETYPE_ASN1</tt></a></b><dd>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050079File type constants used with the <tt class="method">use_certificate_file</tt> and
80<tt class="method">use_privatekey_file</tt> methods of Context objects.
81</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -050082
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050083<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -040084<dl><dt><b><a name='l2h-99'><tt>OP_SINGLE_DH_USE</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050085<dd>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -040086<dt><b><a name='l2h-116'><tt>OP_EPHEMERAL_RSA</tt></a></b><dd>
87<dt><b><a name='l2h-117'><tt>OP_NO_SSLv2</tt></a></b><dd>
88<dt><b><a name='l2h-118'><tt>OP_NO_SSLv3</tt></a></b><dd>
89<dt><b><a name='l2h-119'><tt>OP_NO_TLSv1</tt></a></b><dd>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050090Constants used with <tt class="method">set_options</tt> of Context objects.
91<tt class="constant">OP_SINGLE_DH_USE</tt> means to always create a new key when using ephemeral
92Diffie-Hellman. <tt class="constant">OP_EPHEMERAL_RSA</tt> means to always use ephemeral RSA keys
93when doing RSA operations. <tt class="constant">OP_NO_SSLv2</tt>, <tt class="constant">OP_NO_SSLv3</tt> and
94<tt class="constant">OP_NO_TLSv1</tt> means to disable those specific protocols. This is
95interesting if you're using e.g. <tt class="constant">SSLv23_METHOD</tt> to get an SSLv2-compatible
96handshake, but don't want to use SSLv2.
97</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -050098
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050099<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400100<dl><dt><b><a name='l2h-100'><tt>ContextType</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500101<dd>
102A Python type object representing the Context object type.
103</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500104
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500105<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400106<dl><dt><b><a name='l2h-101'><tt class='function'>Context</tt></a></b>(<var>method</var>)
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500107<dd>
108Factory function that creates a new Context object given an SSL method. The
109method should be <tt class="constant">SSLv2_METHOD</tt>, <tt class="constant">SSLv3_METHOD</tt>,
110<tt class="constant">SSLv23_METHOD</tt> or <tt class="constant">TLSv1_METHOD</tt>.
111</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500112
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500113<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400114<dl><dt><b><a name='l2h-102'><tt>ConnectionType</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500115<dd>
116A Python type object representing the Connection object type.
117</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500118
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500119<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400120<dl><dt><b><a name='l2h-103'><tt class='function'>Connection</tt></a></b>(<var>context, socket</var>)
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500121<dd>
122Factory fucnction that creates a new Connection object given an SSL context and
123a socket <A NAME="tex2html5"
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400124 HREF="#foot955"><SUP>4</SUP></A> object.
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500125</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500126
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500127<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400128<dl><dt><b>exception <a name='l2h-104'><tt class='exception'>Error</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500129<dd>
130This exception is used as a base class for the other SSL-related
131exceptions, but may also be raised directly.
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500132
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500133<P>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500134Whenever this exception is raised directly, it has a list of error messages
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500135from the OpenSSL error queue, where each item is a tuple <code>(<var>lib</var>,
136<var>function</var>, <var>reason</var>)</code>. Here <var>lib</var>, <var>function</var> and <var>reason</var>
137are all strings, describing where and what the problem is. See <span class='manpage'><i>err</i>(3)</span>
138for more information.
139</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500140
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500141<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400142<dl><dt><b>exception <a name='l2h-105'><tt class='exception'>ZeroReturnError</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500143<dd>
144This exception matches the error return code <code>SSL_ERROR_ZERO_RETURN</code>, and
145is raised when the SSL Connection has been closed. In SSL 3.0 and TLS 1.0, this
146only occurs if a closure alert has occurred in the protocol, i.e. the
147connection has been closed cleanly. Note that this does not necessarily
148mean that the transport layer (e.g. a socket) has been closed.
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500149
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500150<P>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500151It may seem a little strange that this is an exception, but it does match an
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500152<code>SSL_ERROR</code> code, and is very convenient.
153</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500154
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500155<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400156<dl><dt><b>exception <a name='l2h-106'><tt class='exception'>WantReadError</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500157<dd>
158The operation did not complete; the same I/O method should be called again
159later, with the same arguments. Any I/O method can lead to this since new
160handshakes can occur at any time.
161</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500162
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500163<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400164<dl><dt><b>exception <a name='l2h-107'><tt class='exception'>WantWriteError</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500165<dd>
166See <tt class="exception">WantReadError</tt>.
167</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500168
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500169<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400170<dl><dt><b>exception <a name='l2h-108'><tt class='exception'>WantX509LookupError</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500171<dd>
172The operation did not complete because an application callback has asked to be
173called again. The I/O method should be called again later, with the same
174arguments. Note: This won't occur in this version, as there are no such
175callbacks in this version.
176</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500177
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500178<P>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400179<dl><dt><b>exception <a name='l2h-109'><tt class='exception'>SysCallError</tt></a></b>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500180<dd>
181The <tt class="exception">SysCallError</tt> occurs when there's an I/O error and OpenSSL's
182error queue does not contain any information. This can mean two things: An
183error in the transport protocol, or an end of file that violates the protocol.
184The parameter to the exception is always a pair <code>(<var>errnum</var>,
185<var>errstr</var>)</code>.
186</dl>
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500187
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500188<P>
189<BR><HR><H4>Footnotes</H4>
190<DL>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400191<DT><A NAME="foot955">... socket</A><A
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500192 href="openssl-ssl.html#tex2html5"><SUP>4</SUP></A></DT>
193<DD>Actually, all that is required is an object that
194<i>behaves</i> like a socket, you could even use files, even though it'd be
195tricky to get the handshakes right!
196
197</DD>
198</DL>
199<p><hr>
200
201<!--Table of Child-Links-->
202<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
203
204<UL CLASS="ChildLinks">
205<LI><A NAME="tex2html263"
206 href="openssl-context.html">3.3.1 Context objects </A>
207<LI><A NAME="tex2html264"
208 href="openssl-connection.html">3.3.2 Connection objects </A>
209</UL>
210<!--End of Table of Child-Links-->
211
212<DIV CLASS="navigation">
213<p><hr>
214<table align="center" width="100%" cellpadding="0" cellspacing="2">
215<tr>
216<td><A href="openssl-rand.html"><img src="previous.gif"
217border="0" height="32"
218 alt="Previous Page" width="32"></A></td>
219<td><A href="openssl.html"><img src="up.gif"
220border="0" height="32"
221 alt="Up One Level" width="32"></A></td>
222<td><A href="openssl-context.html"><img src="next.gif"
223border="0" height="32"
224 alt="Next Page" width="32"></A></td>
225<td align="center" width="100%">Python OpenSSL Manual</td>
226<td><A href="contents.html"><img src="contents.gif"
227border="0" height="32"
228 alt="Contents" width="32"></A></td>
229<td><img src="blank.gif"
230 border="0" height="32"
231 alt="" width="32"></td>
232<td><img src="blank.gif"
233 border="0" height="32"
234 alt="" width="32"></td>
235</tr></table>
236<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-rand.html">3.2 rand </A>
237<b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
238<b class="navlabel">Next:</b> <a class="sectref" href="openssl-context.html">3.3.1 Context objects</A>
239<hr>
Jean-Paul Calderoned2532d82008-03-25 15:20:39 -0400240<span class="release-info">Release 0.7a2.</span>
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500241</DIV>
242<!--End of Navigation Panel-->
243
244</BODY>
245</HTML>