Class SSL.context
- Description
Keeps the state that is shared by all SSL-connections for one server (or one port). It includes policy configuration, a server certificate, the server's private key(s), etc. It also includes the session cache.
- Variable advertised_protocols
array(string) SSL.context.advertised_protocols- Description
List of advertised protocols using using TLS next protocol negotiation.
- Variable auth_level
intSSL.context.auth_level- Description
Policy for client authentication. One of
SSL.Constants.AUTHLEVEL_none,SSL.Constants.AUTHLEVEL_askandSSL.Constants.AUTHLEVEL_require.
- Variable certificates
array(string) SSL.context.certificates- Description
The server's certificate, or a chain of X509.v3 certificates, with the server's certificate first and root certificate last.
- Variable client_certificate_selector
function(.context,array(int),array(string):array(string)) SSL.context.client_certificate_selector- Description
A function which will select an acceptable client certificate for presentation to a remote server. This function will receive the SSL context, an array of acceptable certificate types, and a list of DNs of acceptable certificate authorities. This function should return an array of strings containing a certificate chain, with the client certificate first, (and the root certificate last, if applicable.)
- Variable client_certificates
array(array(string)) SSL.context.client_certificates- Description
An array of certificate chains a client may present to a server when client certificate authentication is requested.
- Variable client_rsa
Crypto.RSASSL.context.client_rsa- Description
The client's private key (used with client certificate authentication)
- Variable client_server_names
array(string) SSL.context.client_server_names- Description
Host names to send to the server when using the Server Name extension.
- Variable client_use_sni
intSSL.context.client_use_sni- Description
Should an SSL client include the Server Name extension?
If so, then client_server_names should specify the values to send.
- Variable dh_params
.Cipher.DHParametersSSL.context.dh_params- Description
Parameters for dh keyexchange.
- Variable dsa
Crypto.DSASSL.context.dsa- Description
Servers default dsa key.
- Note
If SNI (Server Name Indication) is used and multiple keys are available, this key will not be used, instead the appropriate SNI key will be used (the default implementation stores these in sni_keys.
- Variable
long_rsa
Variable short_rsa
Crypto.RSASSL.context.long_rsa
Crypto.RSASSL.context.short_rsa- Description
Temporary, non-certified, private keys, used with a server_key_exchange message. The rules are as follows:
If the long_rsa is not zero its public part will be sent. If it is zero and short_rsa is set, its public part will be sent instead. If they are both zero, no server_key_exchange message is sent.
- Variable max_sessions
intSSL.context.max_sessions- Description
Maximum number of sessions to keep in the cache.
- Variable preferred_auth_methods
array(int) SSL.context.preferred_auth_methods- Description
For client authentication. Used only if auth_level is AUTH_ask or AUTH_require.
- Variable preferred_compressors
array(int) SSL.context.preferred_compressors- Description
Always ({ COMPRESSION_null })
- Variable preferred_suites
array(int) SSL.context.preferred_suites- Description
Cipher suites we want to support, in order of preference, best first.
- Variable random
function(int:string) SSL.context.random- Description
Used to generate random cookies for the hello-message. If we use the RSA keyexchange method, and this is a server, this random number generator is not used for generating the master_secret.
- Variable require_trust
intSSL.context.require_trust- Description
When set, require the chain to be known, even if the root is self signed.
Note that if set, and certificates are set to be verified, trusted issuers must be provided, or no connections will be accepted.
- Variable rsa
Crypto.RSASSL.context.rsa- Description
The server's default private key
- Note
If SNI (Server Name Indication) is used and multiple keys are available, this key will not be used, instead the appropriate SNI key will be used (the default implementation stores these in sni_keys.
- Variable select_server_certificate_func
function(.context,array(string):array(string)) SSL.context.select_server_certificate_func- Description
A function which will select an acceptable server certificate for presentation to a client. This function will receive the SSL context, and an array of server names, if provided by the client. This function should return an array of strings containing a certificate chain, with the client certificate first, (and the root certificate last, if applicable.)
The default implementation will select a certificate chain for a given server based on values contained in sni_certificates.
- Variable select_server_key_func
function(.context,array(string):object) SSL.context.select_server_key_func- Description
A function which will select an acceptable server key for presentation to a client. This function will receive the SSL context, and an array of server names, if provided by the client. This function should return an object matching the certificate for the server hostname.
The default implementation will select the key for a given server based on values contained in sni_keys.
- Variable session_lifetime
intSSL.context.session_lifetime- Description
Sessions are removed from the cache when they are older than this limit (in seconds). Sessions are also removed from the cache if a connection using the session dies unexpectedly.
- Variable sni_certificates
mapping(string:array(string)) SSL.context.sni_certificates- Description
A mapping containing certificate chains for use by SNI (Server Name Indication). Each entry should consist of a key indicating the server hostname and the value containing the certificate chain for that hostname.
- Variable sni_keys
mapping(string:object) SSL.context.sni_keys- Description
A mapping containing private keys for use by SNI (Server Name Indication). Each entry should consist of a key indicating the server hostname and the value containing the private key object for that hostname.
- Note
keys objects may be generated from a decoded key string using Standards.PKCS.RSA.parse_private_key().
- Variable use_cache
intSSL.context.use_cache- Description
Non-zero to enable cahing of sessions
- Variable verify_certificates
intSSL.context.verify_certificates- Description
Determines whether certificates presented by the peer are verified, or just accepted as being valid.