Home | History | Annotate | Download | only in library

Lines Matching full:certificate

48 certificate of the other side of the connection, and :meth:`cipher`,which
129    Raised to signal an error with a certificate (such as mismatching
130    hostname).  Certificate errors detected by OpenSSL, though, raise
157    contain a certificate to be used to identify the local side of the
159    information on how the certificate is stored in the ``certfile``.
164    The parameter ``cert_reqs`` specifies whether a certificate is required from
243    trust for certificate verification, as in
297    default verification checks that the certificate is signed by a Certificate
299    Alternate Name) on the presented certificate matches the requested host.
304    Setting *enable* to :const:`False` reverts the default HTTPS certificate
308    where the hostname does not match the presented server certificate.
312    Python 2.7 implementations. The portable approach to bypassing certificate
324       * :pep:`476` -- Enabling certificate verification by default for HTTPS
364 Certificate handling
395    certificate in ``"%b %d %H:%M:%S %Y %Z"`` strptime format (C
421    *port-number*) pair, fetches the server's certificate, and returns it as a
426    will attempt to validate the server certificate against that set of root
437    Given a certificate as a DER-encoded blob of bytes, returns a PEM-encoded
438    string version of the same certificate.
442    Given a certificate as an ASCII PEM string, returns a DER-encoded sequence of
443    bytes for that same certificate.
473    PKCS#7 ASN.1 data. Trust specifies the purpose of the certificate as a set
474    of OIDS or exactly ``True`` if the certificate is trustworthy for all
511    If a certificate is received from the other end, no attempt to validate it
533    will be raised if no certificate is provided, or if its validation fails.
541    Possible value for :attr:`SSLContext.verify_flags`. In this mode, certificate
575    certificate. This flag is enabled by default.
878    If there is no certificate for the peer on the other end of the connection,
882    If the ``binary_form`` parameter is :const:`False`, and a certificate was
884    certificate was not validated, the dict is empty.  If the certificate was
886    (the principal for which the certificate was issued) and ``issuer``
887    (the principal issuing the certificate).  If a certificate contains an
892    of relative distinguished names (RDNs) given in the certificate's data
899                     'Secure Digital Certificate Signing'),),
917       To validate a certificate for a particular service, you can use the
920    If the ``binary_form`` parameter is :const:`True`, and a certificate was
921    provided, this method returns the DER-encoded form of the entire certificate
923    certificate.  Whether the peer provides a certificate depends on the SSL
926    * for a client SSL socket, the server will always provide a certificate,
929    * for a server SSL socket, the client will only provide a certificate
1022 such as SSL configuration options, certificate(s) and private key(s).
1043    X.509 certificates flagged as CA certificates and certificate revocation
1054    Load a private key and the corresponding certificate.  The *certfile*
1056    certificate as well as any number of CA certificates needed to establish
1057    the certificate's authenticity.  The *keyfile* string, if present, must
1060    :ref:`ssl-certificates` for more information on how the certificate
1077    match with the certificate.
1091    certificate verification on the server side.
1116    certificates are ignored but at least one certificate must be present.
1124    does not contain certificates from *capath* unless a certificate was
1199    :class:`SSLContext` representing a certificate chain that matches the server
1294    certificate.
1343    The flags for certificate verification operations. You can set flags like
1345    does neither require nor verify certificate revocation lists (CRLs).
1357 .. index:: single: X509 certificate
1372 A certificate contains information about two principals.  It contains the name
1378 statement with it, and comparing it to the other information in the certificate.
1379 The certificate also contains information about the time period over which it is
1382 In the Python use of certificates, a client or server can use a certificate to
1384 to produce a certificate, and that certificate can be validated to the
1396       -----BEGIN CERTIFICATE-----
1397       ... (certificate in base64 PEM encoding) ...
1398       -----END CERTIFICATE-----
1400 Certificate chains
1404 certificates, sometimes called a *certificate chain*.  This chain should start
1405 with the specific certificate for the principal who "is" the client or server,
1406 and then the certificate for the issuer of that certificate, and then the
1407 certificate for the issuer of *that* certificate, and so on up the chain till
1408 you get to a certificate which is *self-signed*, that is, a certificate which
1409 has the same subject and issuer, sometimes called a *root certificate*.  The
1410 certificates should just be concatenated together in the certificate file.  For
1411 example, suppose we had a three certificate chain, from our server certificate
1412 to the certificate of the certification authority that signed our server
1413 certificate, to the root certificate of the agency which issued the
1414 certification authority's certificate::
1416       -----BEGIN CERTIFICATE-----
1417       ... (certificate for your server)...
1418       -----END CERTIFICATE-----
1419       -----BEGIN CERTIFICATE-----
1420       ... (the certificate for the CA)...
1421       -----END CERTIFICATE-----
1422       -----BEGIN CERTIFICATE-----
1423       ... (the root certificate for the CA's issuer)...
1424       -----END CERTIFICATE-----
1430 certificate, you need to provide a "CA certs" file, filled with the certificate
1437 Combined key and certificate
1440 Often the private key is stored in the same file as the certificate; in this
1443 with the certificate, it should come before the first certificate in
1444 the certificate chain::
1449    -----BEGIN CERTIFICATE-----
1450    ... (certificate in base64 PEM encoding) ...
1451    -----END CERTIFICATE-----
1457 services, you will need to acquire a certificate for that service.  There are
1460 certificate.  The simplest way to do this is with the OpenSSL package, using
1470   into your certificate request.
1485 The disadvantage of a self-signed certificate is that it is its own root
1486 certificate, and no one else will have it in their cache of known (and trusted)
1510 for client sockets, including automatic certificate verification::
1528 validates the server certificate: it ensures that the server certificate
1536 You may then fetch the certificate::
1540 Visual inspection shows that the certificate does identify the desired service
1583 Now the SSL channel is established and the certificate verified, you can
1612 For server operation, typically you'll need to have a server certificate, and
1614 and the certificate, so that clients can check your authenticity.  Then
1709 It will load the system's trusted CA certificates, enable certificate
1713 If a client certificate is needed for the connection, it can be added with
1717 constructor yourself, it will not have certificate validation nor hostname
1733 have to check that the server certificate, which can be obtained by calling
1742 to specify :const:`CERT_REQUIRED` and similarly check the client certificate.
1798    `RFC 1422: Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management <https://www.ietf.org/rfc/rfc1422>`_
1804    `RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile <https://www.ietf.org/rfc/rfc3280>`_