Create an OpenSSL context SSL connection context factory.
| Parameters | privateKey | A PKey object holding the private key.
|
| certificate | An X509 object holding the certificate.
|
| method | The SSL protocol to use, one of SSLv23_METHOD, SSLv2_METHOD,
SSLv3_METHOD, TLSv1_METHOD. Defaults to TLSv1_METHOD.
|
| verify | If True, verify certificates received from the peer and fail the
handshake if verification fails. Otherwise, allow anonymous sessions and
sessions with certificates which fail validation. By default this is
False.
|
| caCerts | List of certificate authority certificate objects to use to verify the
peer's certificate. Only used if verify is True, and if
verify is True, this must be specified. Since verify is
False by default, this is None by default.
(type: list of OpenSSL.crypto.X509
) |
| verifyDepth | Depth in certificate chain down to which to verify. If unspecified, use
the underlying default (9).
|
| requireCertificate | If True, do not allow anonymous sessions.
|
| verifyOnce | If True, do not re-verify the certificate on session resumption.
|
| enableSingleUseKeys | If True, generate a new key whenever ephemeral DH parameters are used to
prevent small subgroup attacks.
|
| enableSessions | If True, set a session ID on each context. This allows a shortened
handshake to be used when a known client reconnects.
|
| fixBrokenPeers | If True, enable various non-spec protocol fixes for broken SSL
implementations. This should be entirely safe, according to the OpenSSL
documentation, but YMMV. This option is now off by default, because it
causes problems with connections between peers using OpenSSL 0.9.8a.
|
| enableSessionTickets | If True, enable session ticket extension for session resumption per RFC
5077. Note there is no support for controlling session tickets. This option
is off by default, as some server implementations don't correctly process
incoming empty session ticket extensions in the hello.
|