Home
Ratchet Library :: API Reference
API  ·  Manual

Module ratchet.ssl

The ssl library provides an SSL encryption context. This context can be used by sockets other other encrypted sessions, so that certain initialization only needs to happen once.

Functions

create_session (self, engine, rbio, wbio) Creates a new SSL session object using the context.
generate_tmp_rsa (self, bits, e) Generates an ephemeral RSA key.
load_cas (self, ca_path, ca_file, depth) Loads the certificate authorities used to verify remote certificates.
load_certs (self, certchainfile, privkeyfile, password) Loads a certificate chain and private key, optionally using a password to decrypt the private key file.
load_dh_params (self, file) Loads DH parameters from a file.
load_randomness (self, randomfile, max_bytes) Loads randomness, from a dependably random source.
new (method) Creates a new SSL encryption context.
set_verify_mode (self, mode) Sets a new verification mode for the peer.


Functions

create_session (self, engine, rbio, wbio)
Creates a new SSL session object using the context. The session is initialized using BIO objects to abstract the communication layer.

Parameters

  • self: the ssl context object.
  • engine: the communication engine object.
  • rbio: the abstract BIO object for reading.
  • wbio: the abstract BIO object for writing, defaults to rbio.

Return value:

a new ssl session object.
generate_tmp_rsa (self, bits, e)
Generates an ephemeral RSA key.

Parameters

  • self: the ssl context object.
  • bits: optional bit-size to generate for, default 512.
  • e: exponent for generation, default RSA_F4.
load_cas (self, ca_path, ca_file, depth)
Loads the certificate authorities used to verify remote certificates. Either ca_path or ca_file must be given.

Parameters

  • self: the ssl context object.
  • ca_path: path to a directory containing trusted CA files.
  • ca_file: path to a file containing trusted CA info.
  • depth: optional maximum depth for certificate chain, default 1.
load_certs (self, certchainfile, privkeyfile, password)
Loads a certificate chain and private key, optionally using a password to decrypt the private key file.

Parameters

  • self: the ssl context object.
  • certchainfile: file containing the certificate chain.
  • privkeyfile: file containing the, possibly encrypted, private key.
  • password: optional password to decrypt private key.
load_dh_params (self, file)
Loads DH parameters from a file.

Parameters

  • self: the ssl context object.
  • file: path to a PEM file with DH parameters.
load_randomness (self, randomfile, max_bytes)
Loads randomness, from a dependably random source. Typically this is "/dev/urandom". The default action, if randomfile is not given, is to check the RANDFILE environment variable or a ~/.rnd file if one exists.

Parameters

  • self: the ssl context object.
  • randomfile: path to a file with random bytes.
  • max_bytes: maximum bytes to read from file, default 1 Mb.
new (method)
Creates a new SSL encryption context.

Parameters

  • method: optional SSL method light userdata, defaults to SSLv3.

Return value:

a new ssl context object.
set_verify_mode (self, mode)
Sets a new verification mode for the peer. If mode is "none", the peer is not asked to provide a certificate. If mode is "peer", the initial and default value, the peer should provide a certificate if one is available. A mode of "once" is like "peer" except the peer is only asked on the first handshake. A mode of "fail" will cause a handshake error if the peer does not provide a certificate.

Parameters

  • self: the ssl context object.
  • mode: the new verify mode.