t.i.s.CertificateOptions(object) : class documentation

Part of twisted.internet.ssl View Source View In Hierarchy

A factory for SSL context objects for both SSL servers and clients.
Method __init__ Create an OpenSSL context SSL connection context factory.
Method __getstate__ Undocumented
Method __setstate__ Undocumented
Method getContext Return a SSL.Context object.
Method _makeContext Undocumented
def __init__(self, privateKey=None, certificate=None, method=None, verify=False, caCerts=None, verifyDepth=9, requireCertificate=True, verifyOnce=True, enableSingleUseKeys=True, enableSessions=True, fixBrokenPeers=False, enableSessionTickets=False, extraCertChain=None): (source)
Create an OpenSSL context SSL connection context factory.
ParametersprivateKeyA PKey object holding the private key.
certificateAn X509 object holding the certificate.
methodThe SSL protocol to use, one of SSLv23_METHOD, SSLv2_METHOD, SSLv3_METHOD, TLSv1_METHOD. Defaults to TLSv1_METHOD.
verifyIf True, verify certificates received from the peer and fail the handshake if verification fails. Otherwise, allow anonymous sessions and sessions with certificates which fail validation. By default this is False.
caCertsList of certificate authority certificate objects to use to verify the peer's certificate. Only used if verify is True and will be ignored otherwise. Since verify is False by default, this is None by default. (type: list of OpenSSL.crypto.X509)
verifyDepthDepth in certificate chain down to which to verify. If unspecified, use the underlying default (9).
requireCertificateIf True, do not allow anonymous sessions.
verifyOnceIf True, do not re-verify the certificate on session resumption.
enableSingleUseKeysIf True, generate a new key whenever ephemeral DH parameters are used to prevent small subgroup attacks.
enableSessionsIf True, set a session ID on each context. This allows a shortened handshake to be used when a known client reconnects.
fixBrokenPeersIf True, enable various non-spec protocol fixes for broken SSL implementations. This should be entirely safe, according to the OpenSSL documentation, but YMMV. This option is now off by default, because it causes problems with connections between peers using OpenSSL 0.9.8a.
enableSessionTicketsIf True, enable session ticket extension for session resumption per RFC 5077. Note there is no support for controlling session tickets. This option is off by default, as some server implementations don't correctly process incoming empty session ticket extensions in the hello.
extraCertChainList of certificates that complete your verification chain if the certificate authority that signed your certificate isn't widely supported. Do not add certificate to it. (type: list of OpenSSL.crypto.X509)
def __getstate__(self): (source)
def __setstate__(self, state): (source)
def getContext(self): (source)
Return a SSL.Context object.
def _makeContext(self): (source)
API Documentation for Twisted, generated by pydoctor at 2013-11-08 22:07:30.