Package tlslite :: Module Checker :: Class Checker
[show private | hide private]
[frames | no frames]

Class Checker


This class is passed to a handshake function to check the other party's certificate chain.

If a handshake function completes successfully, but the Checker judges the other party's certificate chain to be missing or inadequate, a subclass of tlslite.errors.TLSAuthenticationError will be raised.

Currently, the Checker can check either an X.509 or a cryptoID chain (for the latter, cryptoIDlib must be installed).
Method Summary
  __init__(self, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, checkResumedSession)
Create a new Checker instance.
  __call__(self, connection)
Check a TLSConnection.

Method Details

__init__(self, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, checkResumedSession=False)
(Constructor)

Create a new Checker instance.

You must pass in one of these argument combinations:
  • cryptoID[, protocol] (requires cryptoIDlib)
  • x509Fingerprint
  • x509TrustList[, x509CommonName] (requires cryptlib_py)
Parameters:
cryptoID - A cryptoID which the other party's certificate chain must match. The cryptoIDlib module must be installed. Mutually exclusive with all of the 'x509...' arguments.
           (type=str)
protocol - A cryptoID protocol URI which the other party's certificate chain must match. Requires the 'cryptoID' argument.
           (type=str)
x509Fingerprint - A hex-encoded X.509 end-entity fingerprint which the other party's end-entity certificate must match. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
           (type=str)
x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
           (type=list of tlslite.X509.X509)
x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
           (type=str)
checkResumedSession - If resumed sessions should be checked. This defaults to False, on the theory that if the session was checked once, we don't need to bother re-checking it.
           (type=bool)

__call__(self, connection)
(Call operator)

Check a TLSConnection.

When a Checker is passed to a handshake function, this will be called at the end of the function.
Parameters:
connection - The TLSConnection to examine.
           (type=tlslite.TLSConnection.TLSConnection)
Raises:
tlslite.errors.TLSAuthenticationError - If the other party's certificate chain is missing or bad.

Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net