3.3.1 Context objects

Context objects have the following methods:

check_privatekey(): Check if the private key (loaded with use_privatekey[_file]) matches the certificate (loaded with use_certificate[_file]). Returns None if they match, raises Error otherwise.

get_cert_store(): Retrieve the certificate store (a X509Store object) that the context uses. This can be used to add "trusted" certificates without using the. load_verify_locations() method.

get_timeout(): Retrieve session timeout, as set by set_timeout. The default is 300 seconds.

get_verify_depth(): Retrieve the Context object's verify depth, as set by set_verify_depth.

get_verify_mode(): Retrieve the Context object's verify mode, as set by set_verify.

load_client_ca(pemfile): Read a file with PEM-formatted certificates that will be sent to the client when requesting a client certificate.

load_verify_locations(pemfile, capath): Specify where CA certificates for verification purposes are located. These are trusted certificates. Note that the certificates have to be in PEM format. If capath is passed, it must be a directory prepared using the c_rehash tool included with OpenSSL. Either, but not both, of pemfile or capath may be None.

set_default_verify_paths(): Specify that the platform provided CA certificates are to be used for verification purposes. This method may not work properly on OS X.

load_tmp_dh(dhfile): Load parameters for Ephemeral Diffie-Hellman from dhfile.

set_app_data(data): Associate data with this Context object. data can be retrieved later using the get_app_data method.

set_cipher_list(ciphers): Set the list of ciphers to be used in this context. See the OpenSSL manual for more information (e.g. ciphers(1))

set_info_callback(callback): Set the information callback to callback. This function will be called from time to time during SSL handshakes. callback should take three arguments: a Connection object and two integers. The first integer specifies where in the SSL handshake the function was called, and the other the return code from a (possibly failed) internal function call.

set_options(options): Add SSL options. Options you have set before are not cleared! This method should be used with the OP_* constants.

set_passwd_cb(callback[, userdata]): Set the passphrase callback to callback. This function will be called when a private key with a passphrase is loaded. callback must accept three positional arguments. First, an integer giving the maximum length of the passphrase it may return. If the returned passphrase is longer than this, it will be truncated. Second, a boolean value which will be true if the user should be prompted for the passphrase twice and the callback should verify that the two values supplied are equal. Third, the value given as the userdata parameter to set_passwd_cb. If an error occurs, callback should return a false value (e.g. an empty string).

set_session_id(name): Set the context name within which a session can be reused for this Context object. This is needed when doing session resumption, because there is no way for a stored session to know which Context object it is associated with. name may be any binary data.

set_timeout(timeout): Set the timeout for newly created sessions for this Context object to timeout. timeout must be given in (whole) seconds. The default value is 300 seconds. See the OpenSSL manual for more information (e.g. SSL_CTX_set_timeout(3)).

set_verify(mode, callback): Set the verification flags for this Context object to mode and specify that callback should be used for verification callbacks. mode should be one of VERIFY_NONE and VERIFY_PEER. If VERIFY_PEER is used, mode can be OR:ed with VERIFY_FAIL_IF_NO_PEER_CERT and VERIFY_CLIENT_ONCE to further control the behaviour. callback should take five arguments: A Connection object, an X509 object, and three integer variables, which are in turn potential error number, error depth and return code. callback should return true if verification passes and false otherwise.

set_verify_depth(depth): Set the maximum depth for the certificate chain verification that shall be allowed for this Context object.

use_certificate(cert): Use the certificate cert which has to be a X509 object.

add_extra_chain_cert(cert): Adds the certificate cert, which has to be a X509 object, to the certificate chain presented together with the certificate.

use_certificate_chain_file(file): Load a certificate chain from file which must be PEM encoded.

use_privatekey(pkey): Use the private key pkey which has to be a PKey object.

use_certificate_file(file[, format]): Load the first certificate found in file. The certificate must be in the format specified by format, which is either FILETYPE_PEM or FILETYPE_ASN1. The default is FILETYPE_PEM.

use_privatekey_file(file[, format]): Load the first private key found in file. The private key must be in the format specified by format, which is either FILETYPE_PEM or FILETYPE_ASN1. The default is FILETYPE_PEM.