Lines Matching refs:SSLContext

48 For more sophisticated applications, the :class:`ssl.SSLContext` class
50 by SSL sockets created through the :meth:`SSLContext.wrap_socket` method.
70 :meth:`SSLContext.wrap_socket` of an :class:`SSLContext` instance to wrap
94     context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
104     context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
118 A convenience function helps create :class:`SSLContext` objects for common
123    Return a new :class:`SSLContext` object with default settings for
126    :class:`SSLContext` constructor directly.
130    :meth:`SSLContext.load_verify_locations`.  If all three are
137    as *purpose* sets :data:`~SSLContext.verify_mode` to :data:`CERT_REQUIRED`
139    *cadata* is given) or uses :meth:`SSLContext.load_default_certs` to load
142    When :attr:`~SSLContext.keylog_filename` is supported and the environment
152       :class:`SSLContext` and apply the settings yourself.
156       with a :class:`SSLContext` created by this function that they get an error
436    :meth:`SSLContext.wrap_socket`.  The call will attempt to validate the
461    :meth:`SSLContext.set_default_verify_paths`. The return value is a
524    Internally, function creates a :class:`SSLContext` with protocol
525    *ssl_version* and :attr:`SSLContext.options` set to *cert_reqs*. If
527    the values are passed to :meth:`SSLContext.load_cert_chain`,
528    :meth:`SSLContext.load_verify_locations`, and
529    :meth:`SSLContext.set_ciphers`.
533    :meth:`SSLContext.wrap_socket`.
538       :meth:`SSLContext.wrap_socket` instead of :func:`wrap_socket`. The
551    Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs``
564    Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs``
576    be passed, either to :meth:`SSLContext.load_verify_locations` or as a
581    Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs``
586    it does not match hostnames.  :attr:`~SSLContext.check_hostname` must be
589    enables :attr:`~SSLContext.check_hostname` by default.
596    be passed, either to :meth:`SSLContext.load_verify_locations` or as a
607    Possible value for :attr:`SSLContext.verify_flags`. In this mode, certificate
615    Possible value for :attr:`SSLContext.verify_flags`. In this mode, only the
619    :attr:`SSLContext.load_verify_locations`, validation will fail.
625    Possible value for :attr:`SSLContext.verify_flags`. In this mode, CRLs of
632    Possible value for :attr:`SSLContext.verify_flags` to disable workarounds
639    Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to
662    enables :data:`CERT_REQUIRED` and :attr:`~SSLContext.check_hostname` by
790       :attr:`SSLContext.minimum_version` and
791       :attr:`SSLContext.maximum_version` instead.
899    common name and :attr:`SSLContext.hostname_checks_common_name` is
924    When true, you can use the :meth:`SSLContext.set_npn_protocols` method to advertise
1011    :meth:`SSLContext.set_servername_callback`.
1024    :meth:`SSLContext.load_default_certs`.  This value indicates that the
1033    :meth:`SSLContext.load_default_certs`.  This value indicates that the
1048    :attr:`SSLContext.maximum_version` and :attr:`SSLContext.minimum_version`.
1101    :meth:`SSLContext.wrap_socket` method.
1113       :meth:`SSLContext.wrap_socket` to wrap a socket.
1117       :meth:`~SSLContext.wrap_socket`. In earlier versions, it was possible
1179       :attr:`~SSLContext.check_hostname` attribute of the socket's
1305    :meth:`SSLContext.set_alpn_protocols` was not called, if the other party does
1315    handshake. If :meth:`SSLContext.set_npn_protocols` was not called, or
1334    :attr:`SSLContext.post_handshake_auth`.
1366    The :class:`SSLContext` object this SSL socket is tied to.  If the SSL
1368    (rather than :meth:`SSLContext.wrap_socket`), this is a custom context
1417 .. class:: SSLContext(protocol=PROTOCOL_TLS)
1445    .. [1] :class:`SSLContext` disables SSLv2 with :data:`OP_NO_SSLv2` by default.
1446    .. [2] :class:`SSLContext` disables SSLv3 with :data:`OP_NO_SSLv3` by default.
1467 :class:`SSLContext` objects have the following methods and attributes:
1469 .. method:: SSLContext.cert_store_stats()
1483 .. method:: SSLContext.load_cert_chain(certfile, keyfile=None, password=None)
1513 .. method:: SSLContext.load_default_certs(purpose=Purpose.SERVER_AUTH)
1518    :meth:`SSLContext.set_default_verify_paths`. In the future the method may
1529 .. method:: SSLContext.load_verify_locations(cafile=None, capath=None, cadata=None)
1536    DER format. In order to make use of CRLs, :attr:`SSLContext.verify_flags`
1557 .. method:: SSLContext.get_ca_certs(binary_form=False)
1572 .. method:: SSLContext.get_ciphers()
1575    See :meth:`SSLContext.set_ciphers`.
1579        >>> ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
1629 .. method:: SSLContext.set_default_verify_paths()
1638 .. method:: SSLContext.set_ciphers(ciphers)
1652       cannot be disabled with :meth:`~SSLContext.set_ciphers`.
1654 .. method:: SSLContext.set_alpn_protocols(protocols)
1672 .. method:: SSLContext.set_npn_protocols(protocols)
1687 .. attribute:: SSLContext.sni_callback
1694    Only one callback can be set per ``SSLContext``.  If *sni_callback*
1702    and the third argument is the original :class:`SSLContext`. The server name
1708    :class:`SSLContext` representing a certificate chain that matches the server
1734 .. attribute:: SSLContext.set_servername_callback(server_name_callback)
1748 .. method:: SSLContext.load_dh_params(dhfile)
1761 .. method:: SSLContext.set_ecdh_curve(curve_name)
1780 .. method:: SSLContext.wrap_socket(sock, server_side=False, \
1785    :attr:`SSLContext.sslsocket_class` (default :class:`SSLSocket`). The
1831       The method returns on instance of :attr:`SSLContext.sslsocket_class`
1834 .. attribute:: SSLContext.sslsocket_class
1836    The return type of :meth:`SSLContext.wrap_socket`, defaults to
1842 .. method:: SSLContext.wrap_bio(incoming, outgoing, server_side=False, \
1846    :attr:`SSLContext.sslobject_class` (default :class:`SSLObject`). The SSL
1851    same meaning as in :meth:`SSLContext.wrap_socket`.
1857       The method returns on instance of :attr:`SSLContext.sslobject_class`
1860 .. attribute:: SSLContext.sslobject_class
1862    The return type of :meth:`SSLContext.wrap_bio`, defaults to
1868 .. method:: SSLContext.session_stats()
1879 .. attribute:: SSLContext.check_hostname
1883    :attr:`~SSLContext.verify_mode` must be set to :data:`CERT_OPTIONAL` or
1885    :meth:`~SSLContext.wrap_socket` in order to match the hostname.  Enabling
1886    hostname checking automatically sets :attr:`~SSLContext.verify_mode` from
1896       context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
1909       :attr:`~SSLContext.verify_mode` is now automatically changed
1911       :attr:`~SSLContext.verify_mode` is :data:`CERT_NONE`. Previously
1918 .. attribute:: SSLContext.keylog_filename
1932 .. attribute:: SSLContext.maximum_version
1939    The attributes :attr:`~SSLContext.maximum_version`,
1940    :attr:`~SSLContext.minimum_version` and
1941    :attr:`SSLContext.options` all affect the supported SSL
1944    :attr:`OP_NO_TLSv1_2` in :attr:`~SSLContext.options` and
1945    :attr:`~SSLContext.maximum_version` set to :attr:`TLSVersion.TLSv1_2`
1955 .. attribute:: SSLContext.minimum_version
1957    Like :attr:`SSLContext.maximum_version` except it is the lowest
1967 .. attribute:: SSLContext.num_tickets
1980 .. attribute:: SSLContext.options
1992       :attr:`SSLContext.options` returns :class:`Options` flags:
1997 .. attribute:: SSLContext.post_handshake_auth
2007    When enabled on server-side sockets, :attr:`SSLContext.verify_mode` must
2019 .. attribute:: SSLContext.protocol
2024 .. attribute:: SSLContext.hostname_checks_common_name
2026    Whether :attr:`~SSLContext.check_hostname` falls back to verify the cert's
2035 .. attribute:: SSLContext.verify_flags
2045       :attr:`SSLContext.verify_flags` returns :class:`VerifyFlags` flags:
2050 .. attribute:: SSLContext.verify_mode
2057       :attr:`SSLContext.verify_mode` returns :class:`VerifyMode` enum:
2141 be used by calling :meth:`SSLContext.load_default_certs`, this is done
2148 case, only the ``certfile`` parameter to :meth:`SSLContext.load_cert_chain`
2225    >>> context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2233 validation and hostname verification. :attr:`~SSLContext.verify_mode` is
2234 set to :data:`CERT_REQUIRED` and :attr:`~SSLContext.check_hostname` is set
2238 and :attr:`~SSLContext.check_hostname` validate the server certificate: it
2339 new socket from the other end, and use the context's :meth:`SSLContext.wrap_socket`
2473    must be created using the :meth:`~SSLContext.wrap_bio` method. This
2518      :meth:`SSLContext.set_servername_callback` will get an :class:`SSLObject`
2529      :meth:`~SSLContext.wrap_socket`. An :class:`SSLObject` is always created
2530      via an :class:`SSLContext`.
2534       :meth:`~SSLContext.wrap_bio`. In earlier versions, it was possible to
2617 :meth:`SSLContext.load_cert_chain`.
2619 By contrast, if you create the SSL context by calling the :class:`SSLContext`
2630 When calling the :class:`SSLContext` constructor directly,
2640 check is automatically performed when :attr:`SSLContext.check_hostname` is
2663    >>> client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2679 :meth:`SSLContext.set_ciphers` method.  Starting from Python 3.2.3, the
2684 :meth:`SSLContext.get_ciphers` or the ``openssl ciphers`` command on your
2712   :meth:`SSLContext.set_ciphers` cannot enable or disable any TLS 1.3
2713   ciphers yet, but :meth:`SSLContext.get_ciphers` returns them.
2735   :meth:`SSLContext.set_npn_protocols` and
2737 * :meth:`SSLContext.set_default_verify_paths` ignores the env vars