| |
| <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| <html><head><title>Python: module gdata.tlslite.Checker</title> |
| </head><body bgcolor="#f0f0f8"> |
| |
| <table width="100%" cellspacing=0 cellpadding=2 border=0 summary="heading"> |
| <tr bgcolor="#7799ee"> |
| <td valign=bottom> <br> |
| <font color="#ffffff" face="helvetica, arial"> <br><big><big><strong><a href="gdata.html"><font color="#ffffff">gdata</font></a>.<a href="gdata.tlslite.html"><font color="#ffffff">tlslite</font></a>.Checker</strong></big></big></font></td |
| ><td align=right valign=bottom |
| ><font color="#ffffff" face="helvetica, arial"><a href=".">index</a><br><a href="file:/usr/local/google/home/afshar/src/external-gdata-release/google3/src/gdata/tlslite/Checker.py">/usr/local/google/home/afshar/src/external-gdata-release/google3/src/gdata/tlslite/Checker.py</a></font></td></tr></table> |
| <p><tt>Class for post-handshake certificate checking.</tt></p> |
| <p> |
| <table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section"> |
| <tr bgcolor="#ee77aa"> |
| <td colspan=3 valign=bottom> <br> |
| <font color="#ffffff" face="helvetica, arial"><big><strong>Classes</strong></big></font></td></tr> |
| |
| <tr><td bgcolor="#ee77aa"><tt> </tt></td><td> </td> |
| <td width="100%"><dl> |
| <dt><font face="helvetica, arial"><a href="gdata.tlslite.Checker.html#Checker">Checker</a> |
| </font></dt></dl> |
| <p> |
| <table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section"> |
| <tr bgcolor="#ffc8d8"> |
| <td colspan=3 valign=bottom> <br> |
| <font color="#000000" face="helvetica, arial"><a name="Checker">class <strong>Checker</strong></a></font></td></tr> |
| |
| <tr bgcolor="#ffc8d8"><td rowspan=2><tt> </tt></td> |
| <td colspan=2><tt>This class is passed to a handshake function to check the other<br> |
| party's certificate chain.<br> |
| <br> |
| If a handshake function completes successfully, but the <a href="#Checker">Checker</a><br> |
| judges the other party's certificate chain to be missing or<br> |
| inadequate, a subclass of<br> |
| L{tlslite.errors.TLSAuthenticationError} will be raised.<br> |
| <br> |
| Currently, the <a href="#Checker">Checker</a> can check either an X.509 or a cryptoID<br> |
| chain (for the latter, cryptoIDlib must be installed).<br> </tt></td></tr> |
| <tr><td> </td> |
| <td width="100%">Methods defined here:<br> |
| <dl><dt><a name="Checker-__call__"><strong>__call__</strong></a>(self, connection)</dt><dd><tt>Check a TLSConnection.<br> |
| <br> |
| When a <a href="#Checker">Checker</a> is passed to a handshake function, this will<br> |
| be called at the end of the function.<br> |
| <br> |
| @type connection: L{tlslite.TLSConnection.TLSConnection}<br> |
| @param connection: The TLSConnection to examine.<br> |
| <br> |
| @raise tlslite.errors.TLSAuthenticationError: If the other<br> |
| party's certificate chain is missing or bad.</tt></dd></dl> |
| |
| <dl><dt><a name="Checker-__init__"><strong>__init__</strong></a>(self, cryptoID<font color="#909090">=None</font>, protocol<font color="#909090">=None</font>, x509Fingerprint<font color="#909090">=None</font>, x509TrustList<font color="#909090">=None</font>, x509CommonName<font color="#909090">=None</font>, checkResumedSession<font color="#909090">=False</font>)</dt><dd><tt>Create a new <a href="#Checker">Checker</a> instance.<br> |
| <br> |
| You must pass in one of these argument combinations:<br> |
| - cryptoID[, protocol] (requires cryptoIDlib)<br> |
| - x509Fingerprint<br> |
| - x509TrustList[, x509CommonName] (requires cryptlib_py)<br> |
| <br> |
| @type cryptoID: str<br> |
| @param cryptoID: A cryptoID which the other party's certificate<br> |
| chain must match. The cryptoIDlib module must be installed.<br> |
| Mutually exclusive with all of the 'x509...' arguments.<br> |
| <br> |
| @type protocol: str<br> |
| @param protocol: A cryptoID protocol URI which the other<br> |
| party's certificate chain must match. Requires the 'cryptoID'<br> |
| argument.<br> |
| <br> |
| @type x509Fingerprint: str<br> |
| @param x509Fingerprint: A hex-encoded X.509 end-entity<br> |
| fingerprint which the other party's end-entity certificate must<br> |
| match. Mutually exclusive with the 'cryptoID' and<br> |
| 'x509TrustList' arguments.<br> |
| <br> |
| @type x509TrustList: list of L{tlslite.X509.X509}<br> |
| @param x509TrustList: A list of trusted root certificates. The<br> |
| other party must present a certificate chain which extends to<br> |
| one of these root certificates. The cryptlib_py module must be<br> |
| installed. Mutually exclusive with the 'cryptoID' and<br> |
| 'x509Fingerprint' arguments.<br> |
| <br> |
| @type x509CommonName: str<br> |
| @param x509CommonName: The end-entity certificate's 'CN' field<br> |
| must match this value. For a web server, this is typically a<br> |
| server name such as 'www.amazon.com'. Mutually exclusive with<br> |
| the 'cryptoID' and 'x509Fingerprint' arguments. Requires the<br> |
| 'x509TrustList' argument.<br> |
| <br> |
| @type checkResumedSession: bool<br> |
| @param checkResumedSession: If resumed sessions should be<br> |
| checked. This defaults to False, on the theory that if the<br> |
| session was checked once, we don't need to bother<br> |
| re-checking it.</tt></dd></dl> |
| |
| </td></tr></table></td></tr></table> |
| </body></html> |