tlslite.checker module¶

Class for post-handshake certificate checking.

class tlslite.checker.Checker(x509Fingerprint=None, checkResumedSession=False)¶

Bases: object

This class is passed to a handshake function to check the other party’s certificate chain.

If a handshake function completes successfully, but the Checker judges the other party’s certificate chain to be missing or inadequate, a subclass of tlslite.errors.TLSAuthenticationError will be raised.

Currently, the Checker can check an X.509 chain.

__call__(connection)¶

Check a TLSConnection.

When a Checker is passed to a handshake function, this will be called at the end of the function.

Parameters:	connection (tlslite.tlsconnection.TLSConnection) – The TLSConnection to examine.
Raises:	tlslite.errors.TLSAuthenticationError – If the other party’s certificate chain is missing or bad.

__init__(x509Fingerprint=None, checkResumedSession=False)¶

Create a new Checker instance.

You must pass in one of these argument combinations:

x509Fingerprint

Parameters:	x509Fingerprint (str) – A hex-encoded X.509 end-entity fingerprint which the other party’s end-entity certificate must match. checkResumedSession (bool) – If resumed sessions should be checked. This defaults to False, on the theory that if the session was checked once, we don’t need to bother re-checking it.

tlslite.checker module¶

tlslite-ng

Navigation

Related Topics