diff options
author | Christian Heimes <christian@cheimes.de> | 2013-06-17 13:44:12 (GMT) |
---|---|---|
committer | Christian Heimes <christian@cheimes.de> | 2013-06-17 13:44:12 (GMT) |
commit | 9a5395ae2b59b31d74fe3ad9c391d89802939d8c (patch) | |
tree | 02aad00f691f885f1bb6261b5f2a93fd0a39dc8e /Doc/library/ssl.rst | |
parent | 9424bb4aea0e0a6f20c8ae6e451dfa83d1101923 (diff) | |
download | cpython-9a5395ae2b59b31d74fe3ad9c391d89802939d8c.zip cpython-9a5395ae2b59b31d74fe3ad9c391d89802939d8c.tar.gz cpython-9a5395ae2b59b31d74fe3ad9c391d89802939d8c.tar.bz2 |
Issue #18147: Add diagnostic functions to ssl.SSLContext().
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
Diffstat (limited to 'Doc/library/ssl.rst')
-rw-r--r-- | Doc/library/ssl.rst | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 3816aca..ec5083c 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -791,6 +791,19 @@ to speed up repeated connections from the same clients. :class:`SSLContext` objects have the following methods and attributes: +.. method:: SSLContext.cert_store_stats() + + Get statistics about quantities of loaded X.509 certificates, count of + X.509 certificates flagged as CA certificates and certificate revocation + lists as dictionary. + + Example for a context with one CA cert and one other cert:: + + >>> context.cert_store_stats() + {'crl': 0, 'x509_ca': 1, 'x509': 2} + + .. versionadded:: 3.4 + .. method:: SSLContext.load_cert_chain(certfile, keyfile=None, password=None) Load a private key and the corresponding certificate. The *certfile* @@ -837,6 +850,17 @@ to speed up repeated connections from the same clients. following an `OpenSSL specific layout <http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>`_. +.. method:: SSLContext.get_ca_certs(binary_form=False) + + Get a list of loaded "certification authority" (CA) certificates. If the + ``binary_form`` parameter is :const:`False` each list + entry is a dict like the output of :meth:`SSLSocket.getpeercert`. Otherwise + the method returns a list of DER-encoded certificates. The returned list + does not contain certificates from *capath* unless a certificate was + requested and loaded by a SSL connection. + + ..versionadded:: 3.4 + .. method:: SSLContext.set_default_verify_paths() Load a set of default "certification authority" (CA) certificates from |