ssl.rst - OpenGrok cross reference for /external/python/cpython3/Doc/library/ssl.rst

Lines Matching refs:SSLContext
48 For more sophisticated applications, the :class:`ssl.SSLContext` class
50 by SSL sockets created through the :meth:`SSLContext.wrap_socket` method.
70 :meth:`SSLContext.wrap_socket` of an :class:`SSLContext` instance to wrap
94     context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
104     context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
118 A convenience function helps create :class:`SSLContext` objects for common
123    Return a new :class:`SSLContext` object with default settings for
126    :class:`SSLContext` constructor directly.
130    :meth:`SSLContext.load_verify_locations`.  If all three are
137    as *purpose* sets :data:`~SSLContext.verify_mode` to :data:`CERT_REQUIRED`
139    *cadata* is given) or uses :meth:`SSLContext.load_default_certs` to load
148       :class:`SSLContext` and apply the settings yourself.
152       with a :class:`SSLContext` created by this function that they get an error
428    :meth:`SSLContext.wrap_socket`.  The call will attempt to validate the
453    :meth:`SSLContext.set_default_verify_paths`. The return value is a
516    Internally, function creates a :class:`SSLContext` with protocol
517    *ssl_version* and :attr:`SSLContext.options` set to *cert_reqs*. If
519    the values are passed to :meth:`SSLContext.load_cert_chain`,
520    :meth:`SSLContext.load_verify_locations`, and
521    :meth:`SSLContext.set_ciphers`.
525    :meth:`SSLContext.wrap_socket`.
530       :meth:`SSLContext.wrap_socket` instead of :func:`wrap_socket`. The
543    Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs``
556    Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs``
568    be passed, either to :meth:`SSLContext.load_verify_locations` or as a
573    Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs``
578    it does not match hostnames.  :attr:`~SSLContext.check_hostname` must be
581    enables :attr:`~SSLContext.check_hostname` by default.
588    be passed, either to :meth:`SSLContext.load_verify_locations` or as a
599    Possible value for :attr:`SSLContext.verify_flags`. In this mode, certificate
607    Possible value for :attr:`SSLContext.verify_flags`. In this mode, only the
611    :attr:`SSLContext.load_verify_locations`, validation will fail.
617    Possible value for :attr:`SSLContext.verify_flags`. In this mode, CRLs of
624    Possible value for :attr:`SSLContext.verify_flags` to disable workarounds
631    Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to
654    enables :data:`CERT_REQUIRED` and :attr:`~SSLContext.check_hostname` by
782       :attr:`SSLContext.minimum_version` and
783       :attr:`SSLContext.maximum_version` instead.
891    common name and :attr:`SSLContext.hostname_checks_common_name` is
916    When true, you can use the :meth:`SSLContext.set_npn_protocols` method to advertise
1003    :meth:`SSLContext.set_servername_callback`.
1016    :meth:`SSLContext.load_default_certs`.  This value indicates that the
1025    :meth:`SSLContext.load_default_certs`.  This value indicates that the
1040    :attr:`SSLContext.maximum_version` and :attr:`SSLContext.minimum_version`.
1092    :meth:`SSLContext.wrap_socket` method.
1104       :meth:`SSLContext.wrap_socket` to wrap a socket.
1108       :meth:`~SSLContext.wrap_socket`. In earlier versions, it was possible
1170       :attr:`~SSLContext.check_hostname` attribute of the socket's
1293    :meth:`SSLContext.set_alpn_protocols` was not called, if the other party does
1303    handshake. If :meth:`SSLContext.set_npn_protocols` was not called, or
1322    :attr:`SSLContext.post_handshake_auth`.
1354    The :class:`SSLContext` object this SSL socket is tied to.  If the SSL
1356    (rather than :meth:`SSLContext.wrap_socket`), this is a custom context
1405 .. class:: SSLContext(protocol=PROTOCOL_TLS)
1433    .. [1] :class:`SSLContext` disables SSLv2 with :data:`OP_NO_SSLv2` by default.
1434    .. [2] :class:`SSLContext` disables SSLv3 with :data:`OP_NO_SSLv3` by default.
1455 :class:`SSLContext` objects have the following methods and attributes:
1457 .. method:: SSLContext.cert_store_stats()
1471 .. method:: SSLContext.load_cert_chain(certfile, keyfile=None, password=None)
1501 .. method:: SSLContext.load_default_certs(purpose=Purpose.SERVER_AUTH)
1506    :meth:`SSLContext.set_default_verify_paths`. In the future the method may
1517 .. method:: SSLContext.load_verify_locations(cafile=None, capath=None, cadata=None)
1524    DER format. In order to make use of CRLs, :attr:`SSLContext.verify_flags`
1545 .. method:: SSLContext.get_ca_certs(binary_form=False)
1560 .. method:: SSLContext.get_ciphers()
1563    See :meth:`SSLContext.set_ciphers`.
1567        >>> ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
1617 .. method:: SSLContext.set_default_verify_paths()
1626 .. method:: SSLContext.set_ciphers(ciphers)
1640       cannot be disabled with :meth:`~SSLContext.set_ciphers`.
1642 .. method:: SSLContext.set_alpn_protocols(protocols)
1660 .. method:: SSLContext.set_npn_protocols(protocols)
1675 .. attribute:: SSLContext.sni_callback
1682    Only one callback can be set per ``SSLContext``.  If *sni_callback*
1690    and the third argument is the original :class:`SSLContext`. The server name
1696    :class:`SSLContext` representing a certificate chain that matches the server
1722 .. attribute:: SSLContext.set_servername_callback(server_name_callback)
1736 .. method:: SSLContext.load_dh_params(dhfile)
1749 .. method:: SSLContext.set_ecdh_curve(curve_name)
1768 .. method:: SSLContext.wrap_socket(sock, server_side=False, \
1773    :attr:`SSLContext.sslsocket_class` (default :class:`SSLSocket`). The
1819       The method returns on instance of :attr:`SSLContext.sslsocket_class`
1822 .. attribute:: SSLContext.sslsocket_class
1824    The return type of :meth:`SSLContext.wrap_sockets`, defaults to
1830 .. method:: SSLContext.wrap_bio(incoming, outgoing, server_side=False, \
1834    attr:`SSLContext.sslobject_class` (default :class:`SSLObject`). The SSL
1839    same meaning as in :meth:`SSLContext.wrap_socket`.
1845       The method returns on instance of :attr:`SSLContext.sslobject_class`
1848 .. attribute:: SSLContext.sslobject_class
1850    The return type of :meth:`SSLContext.wrap_bio`, defaults to
1856 .. method:: SSLContext.session_stats()
1867 .. attribute:: SSLContext.check_hostname
1871    :attr:`~SSLContext.verify_mode` must be set to :data:`CERT_OPTIONAL` or
1873    :meth:`~SSLContext.wrap_socket` in order to match the hostname.  Enabling
1874    hostname checking automatically sets :attr:`~SSLContext.verify_mode` from
1882       context = ssl.SSLContext()
1895       :attr:`~SSLContext.verify_mode` is now automatically changed
1897       :attr:`~SSLContext.verify_mode` is :data:`CERT_NONE`. Previously
1904 .. attribute:: SSLContext.maximum_version
1911    The attributes :attr:`~SSLContext.maximum_version`,
1912    :attr:`~SSLContext.minimum_version` and
1913    :attr:`SSLContext.options` all affect the supported SSL
1916    :attr:`OP_NO_TLSv1_2` in :attr:`~SSLContext.options` and
1917    :attr:`~SSLContext.maximum_version` set to :attr:`TLSVersion.TLSv1_2`
1927 .. attribute:: SSLContext.minimum_version
1929    Like :attr:`SSLContext.maximum_version` except it is the lowest
1939 .. attribute:: SSLContext.options
1951       :attr:`SSLContext.options` returns :class:`Options` flags:
1956 .. attribute:: SSLContext.post_handshake_auth
1966    When enabled on server-side sockets, :attr:`SSLContext.verify_mode` must
1978 .. attribute:: SSLContext.protocol
1983 .. attribute:: SSLContext.hostname_checks_common_name
1985    Whether :attr:`~SSLContext.check_hostname` falls back to verify the cert's
1994 .. attribute:: SSLContext.verify_flags
2004       :attr:`SSLContext.verify_flags` returns :class:`VerifyFlags` flags:
2009 .. attribute:: SSLContext.verify_mode
2016       :attr:`SSLContext.verify_mode` returns :class:`VerifyMode` enum:
2100 be used by calling :meth:`SSLContext.load_default_certs`, this is done
2107 case, only the ``certfile`` parameter to :meth:`SSLContext.load_cert_chain`
2184    >>> context = ssl.SSLContext()
2294 new socket from the other end, and use the context's :meth:`SSLContext.wrap_socket`
2428    must be created using the :meth:`~SSLContext.wrap_bio` method. This
2470      :meth:`SSLContext.set_servername_callback` will get an :class:`SSLObject`
2481      :meth:`~SSLContext.wrap_socket`. An :class:`SSLObject` is always created
2482      via an :class:`SSLContext`.
2486       :meth:`~SSLContext.wrap_bio`. In earlier versions, it was possible to
2569 :meth:`SSLContext.load_cert_chain`.
2571 By contrast, if you create the SSL context by calling the :class:`SSLContext`
2582 When calling the :class:`SSLContext` constructor directly,
2592 check is automatically performed when :attr:`SSLContext.check_hostname` is
2615    >>> client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2631 :meth:`SSLContext.set_ciphers` method.  Starting from Python 3.2.3, the
2636 :meth:`SSLContext.get_ciphers` or the ``openssl ciphers`` command on your
2664   :meth:`SSLContext.set_ciphers` cannot enable or disable any TLS 1.3
2665   ciphers yet, but :meth:`SSLContext.get_ciphers` returns them.
2687   :meth:`SSLContext.set_npn_protocols` and
2689 * :meth:`SSLContext.set_default_verify_paths` ignores the env vars