tlslite.checker module¶
Class for post-handshake certificate checking.
-
class
tlslite.checker.
Checker
(x509Fingerprint=None, checkResumedSession=False)¶ Bases:
object
This class is passed to a handshake function to check the other party’s certificate chain.
If a handshake function completes successfully, but the Checker judges the other party’s certificate chain to be missing or inadequate, a subclass of
tlslite.errors.TLSAuthenticationError
will be raised.Currently, the Checker can check an X.509 chain.
-
__call__
(connection)¶ Check a TLSConnection.
When a Checker is passed to a handshake function, this will be called at the end of the function.
Parameters: connection (tlslite.tlsconnection.TLSConnection) – The TLSConnection to examine. Raises: tlslite.errors.TLSAuthenticationError – If the other party’s certificate chain is missing or bad.
-
__init__
(x509Fingerprint=None, checkResumedSession=False)¶ Create a new Checker instance.
- You must pass in one of these argument combinations:
- x509Fingerprint
Parameters: - x509Fingerprint (str) – A hex-encoded X.509 end-entity fingerprint which the other party’s end-entity certificate must match.
- checkResumedSession (bool) – If resumed sessions should be checked. This defaults to False, on the theory that if the session was checked once, we don’t need to bother re-checking it.
-