Class SSL.context

Description: Keeps the state that is shared by all SSL-connections for one server (or one port). It includes policy configuration, a server certificate, the server's private key(s), etc. It also includes the session cache.

Variable rsa: Crypto.RSA SSL.context.rsa
Description: The server's private key

Variable client_rsa: Crypto.RSA SSL.context.client_rsa
Description: The client's private key (used with client certificate authentication)

Variable client_certificates: array(array(string)) SSL.context.client_certificates
Description: An array of certificate chains a client may present to a server when client certificate authentication is requested.

Variable client_certificate_selector: function(.context:array(string)) SSL.context.client_certificate_selector
Description: A function which will select an acceptable client certificate for presentation to a remote server. This function will receive the SSL context, an array of acceptable certificate types, and a list of DNs of acceptable certificate authorities. This function should return an array of strings containing a certificate chain, with the client certificate first, (and the root certificate last, if applicable.)

Variable auth_level: int SSL.context.auth_level
Description: Policy for client authentication. One of SSL.Constants.AUTHLEVEL_none , SSL.Constants.AUTHLEVEL_ask and SSL.Constants.AUTHLEVEL_require .

Variable require_trust

int SSL.context.require_trust

Description

When set, require the chain to be known, even if the root is self signed.

Note that if set, and certificates are set to be verified, trusted issuers must be provided, or no connections will be accepted.

Variable verify_certificates: int SSL.context.verify_certificates
Description: Determines whether certificates presented by the peer are verified, or just accepted as being valid.

Crypto.RSA SSL.context.long_rsa
Crypto.RSA SSL.context.short_rsa

Description

Temporary, non-certified, private keys, used with a server_key_exchange message. The rules are as follows:

If the negotiated cipher_suite has the "exportable" property, and short_rsa is not zero, send a server_key_exchange message with the (public part of) the short_rsa key.

If the negotiated cipher_suite does not have the exportable property, and long_rsa is not zero, send a server_key_exchange message with the (public part of) the long_rsa key.

Otherwise, dont send any server_key_exchange message.

Variable dsa: Crypto.DSA SSL.context.dsa
Description: Servers dsa key.

Variable dh_params: .Cipher.DHParameters SSL.context.dh_params
Description: Parameters for dh keyexchange.

Variable random: function(int:string) SSL.context.random
Description: Used to generate random cookies for the hello-message. If we use the RSA keyexchange method, and this is a server, this random number generator is not used for generating the master_secret.

Variable certificates: array(string) SSL.context.certificates
Description: The server's certificate, or a chain of X509.v3 certificates, with the server's certificate first and root certificate last.

Variable preferred_auth_methods: array(int) SSL.context.preferred_auth_methods
Description: For client authentication. Used only if auth_level is AUTH_ask or AUTH_require.

Variable preferred_suites: array(int) SSL.context.preferred_suites
Description: Cipher suites we want the server to support, best first.

Variable preferred_compressors: array(int) SSL.context.preferred_compressors
Description: Always ({ COMPRESSION_null })

Variable use_cache: int SSL.context.use_cache
Description: Non-zero to enable cahing of sessions

Variable session_lifetime: int SSL.context.session_lifetime
Description: Sessions are removed from the cache when they are older than this limit (in seconds). Sessions are also removed from the cache if a connection using the session dies unexpectedly.

Variable max_sessions: int SSL.context.max_sessions
Description: Maximum number of sessions to keep in the cache.