[Top]
SSL
SSL.context
|
Class SSL.context
- Description
-
Keeps the state that is shared by all SSL-connections for
one server (or one port). It includes policy configuration, a server
certificate, the server's private key(s), etc. It also includes the
session cache.
-
- Variable
rsa
-
Crypto.RSA SSL.context.rsa
- Description
-
The server's private key
- Variable
client_rsa
-
Crypto.RSA SSL.context.client_rsa
- Description
-
The client's private key (used with client certificate authentication)
- Variable
client_certificates
-
array(array(string)) SSL.context.client_certificates
- Description
-
An array of certificate chains a client may present to a server
when client certificate authentication is requested.
- Variable
client_certificate_selector
-
function(.context:array(string)) SSL.context.client_certificate_selector
- Description
-
A function which will select an acceptable client certificate for
presentation to a remote server. This function will receive
the SSL context, an array of acceptable certificate types,
and a list of DNs of acceptable certificate authorities. This function
should return an array of strings containing a certificate chain,
with the client certificate first, (and the root certificate last, if
applicable.)
- Variable
auth_level
-
int SSL.context.auth_level
- Description
-
Policy for client authentication. One of SSL.Constants.AUTHLEVEL_none ,
SSL.Constants.AUTHLEVEL_ask and SSL.Constants.AUTHLEVEL_require .
- Variable
require_trust
-
int SSL.context.require_trust
- Description
-
When set, require the chain to be known, even if the root is self signed.
Note that if set, and certificates are set to be verified, trusted issuers must be
provided, or no connections will be accepted.
- Variable
verify_certificates
-
int SSL.context.verify_certificates
- Description
-
Determines whether certificates presented by the peer are verified, or
just accepted as being valid.
-
Crypto.RSA SSL.context.long_rsa
Crypto.RSA SSL.context.short_rsa
- Description
-
Temporary, non-certified, private keys, used with a
server_key_exchange message. The rules are as follows:
If the negotiated cipher_suite has the "exportable" property, and
short_rsa is not zero, send a server_key_exchange message with the
(public part of) the short_rsa key.
If the negotiated cipher_suite does not have the exportable
property, and long_rsa is not zero, send a server_key_exchange
message with the (public part of) the long_rsa key.
Otherwise, dont send any server_key_exchange message.
- Variable
dsa
-
Crypto.DSA SSL.context.dsa
- Description
-
Servers dsa key.
- Variable
dh_params
-
.Cipher.DHParameters SSL.context.dh_params
- Description
-
Parameters for dh keyexchange.
- Variable
random
-
function(int:string) SSL.context.random
- Description
-
Used to generate random cookies for the hello-message. If we use
the RSA keyexchange method, and this is a server, this random
number generator is not used for generating the master_secret.
- Variable
certificates
-
array(string) SSL.context.certificates
- Description
-
The server's certificate, or a chain of X509.v3 certificates, with the
server's certificate first and root certificate last.
- Variable
preferred_auth_methods
-
array(int) SSL.context.preferred_auth_methods
- Description
-
For client authentication. Used only if auth_level is AUTH_ask or
AUTH_require.
- Variable
preferred_suites
-
array(int) SSL.context.preferred_suites
- Description
-
Cipher suites we want the server to support, best first.
- Variable
preferred_compressors
-
array(int) SSL.context.preferred_compressors
- Description
-
Always ({ COMPRESSION_null })
- Variable
use_cache
-
int SSL.context.use_cache
- Description
-
Non-zero to enable cahing of sessions
- Variable
session_lifetime
-
int SSL.context.session_lifetime
- Description
-
Sessions are removed from the cache when they are older than this
limit (in seconds). Sessions are also removed from the cache if a
connection using the session dies unexpectedly.
- Variable
max_sessions
-
int SSL.context.max_sessions
- Description
-
Maximum number of sessions to keep in the cache.
|