Create an OpenSSL context SSL connection context factory.
Parameters | privateKey | A PKey object holding the private key. |
| certificate | An X509 object holding the certificate. |
| method | The SSL protocol to use, one of SSLv23_METHOD, SSLv2_METHOD, SSLv3_METHOD,
TLSv1_METHOD. Defaults to TLSv1_METHOD. |
| verify | If True , verify certificates received from the peer and fail
the handshake if verification fails. Otherwise, allow anonymous sessions
and sessions with certificates which fail validation. By default this is
False . |
| caCerts | List of certificate authority certificate objects to use to verify the
peer's certificate. Only used if verify is True and will be
ignored otherwise. Since verify is False by default, this is
None by default. (type: list of OpenSSL.crypto.X509 ) |
| verifyDepth | Depth in certificate chain down to which to verify. If unspecified, use the
underlying default (9). |
| requireCertificate | If True, do not allow anonymous sessions. |
| verifyOnce | If True, do not re-verify the certificate on session resumption. |
| enableSingleUseKeys | If True, generate a new key whenever ephemeral DH parameters are used to
prevent small subgroup attacks. |
| enableSessions | If True, set a session ID on each context. This allows a shortened
handshake to be used when a known client reconnects. |
| fixBrokenPeers | If True, enable various non-spec protocol fixes for broken SSL
implementations. This should be entirely safe, according to the OpenSSL
documentation, but YMMV. This option is now off by default, because it
causes problems with connections between peers using OpenSSL 0.9.8a. |
| enableSessionTickets | If True, enable session ticket extension for session resumption per RFC
5077. Note there is no support for controlling session tickets. This option
is off by default, as some server implementations don't correctly process
incoming empty session ticket extensions in the hello. |
| extraCertChain | List of certificates that complete your verification chain if the
certificate authority that signed your certificate isn't
widely supported. Do not add certificate to it. (type: list of OpenSSL.crypto.X509 ) |