[Top]
SSL
SSL.context
|
Class SSL.context
- Description
Keeps the state that is shared by all SSL-connections for
one server (or one port). It includes policy configuration, a server
certificate, the server's private key(s), etc. It also includes the
session cache.
- Variable
rsa
Crypto.RSA SSL.context.rsa
- Description
The server's private key
- Variable
client_rsa
Crypto.RSA SSL.context.client_rsa
- Description
The client's private key (used with client certificate authentication)
- Variable
client_certificates
array(array(string)) SSL.context.client_certificates
- Description
An array of certificate chains a client may present to a server
when client certificate authentication is requested.
- Variable
client_certificate_selector
function(.context:array(string)) SSL.context.client_certificate_selector
- Description
A function which will select an acceptable client certificate for
presentation to a remote server. This function will receive
the SSL context, an array of acceptable certificate types,
and a list of DNs of acceptable certificate authorities. This function
should return an array of strings containing a certificate chain,
with the client certificate first, (and the root certificate last, if
applicable.)
- Variable
auth_level
int SSL.context.auth_level
- Description
Policy for client authentication. One of SSL.Constants.AUTHLEVEL_none ,
SSL.Constants.AUTHLEVEL_ask and SSL.Constants.AUTHLEVEL_require .
- Variable
require_trust
int SSL.context.require_trust
- Description
When set, require the chain to be known, even if the root is self signed.
Note that if set, and certificates are set to be verified, trusted issuers must be
provided, or no connections will be accepted.
- Variable
verify_certificates
int SSL.context.verify_certificates
- Description
Determines whether certificates presented by the peer are verified, or
just accepted as being valid.
Crypto.RSA SSL.context.long_rsa
Crypto.RSA SSL.context.short_rsa
- Description
Temporary, non-certified, private keys, used with a
server_key_exchange message. The rules are as follows:
If the negotiated cipher_suite has the "exportable" property, and
short_rsa is not zero, send a server_key_exchange message with the
(public part of) the short_rsa key.
If the negotiated cipher_suite does not have the exportable
property, and long_rsa is not zero, send a server_key_exchange
message with the (public part of) the long_rsa key.
Otherwise, dont send any server_key_exchange message.
- Variable
dsa
Crypto.DSA SSL.context.dsa
- Description
Servers dsa key.
- Variable
dh_params
.Cipher.DHParameters SSL.context.dh_params
- Description
Parameters for dh keyexchange.
- Variable
random
function(int:string) SSL.context.random
- Description
Used to generate random cookies for the hello-message. If we use
the RSA keyexchange method, and this is a server, this random
number generator is not used for generating the master_secret.
- Variable
certificates
array(string) SSL.context.certificates
- Description
The server's certificate, or a chain of X509.v3 certificates, with the
server's certificate first and root certificate last.
- Variable
preferred_auth_methods
array(int) SSL.context.preferred_auth_methods
- Description
For client authentication. Used only if auth_level is AUTH_ask or
AUTH_require.
- Variable
preferred_suites
array(int) SSL.context.preferred_suites
- Description
Cipher suites we want the server to support, best first.
- Variable
preferred_compressors
array(int) SSL.context.preferred_compressors
- Description
Always ({ COMPRESSION_null })
- Variable
use_cache
int SSL.context.use_cache
- Description
Non-zero to enable cahing of sessions
- Variable
session_lifetime
int SSL.context.session_lifetime
- Description
Sessions are removed from the cache when they are older than this
limit (in seconds). Sessions are also removed from the cache if a
connection using the session dies unexpectedly.
- Variable
max_sessions
int SSL.context.max_sessions
- Description
Maximum number of sessions to keep in the cache.
|