OpenSSLWrapper

from panda3d.core import OpenSSLWrapper
class OpenSSLWrapper

Bases:

Provides an interface wrapper around the OpenSSL library, to ensure that the library is properly initialized in the application, and to provide some hooks into global OpenSSL context data.

Inheritance diagram

Inheritance diagram of OpenSSLWrapper

clear_certificates()

Removes all the certificates from the global store, including the compiled- in certificates loaded from ca_bundle_data.c. You can add new certificates by calling load_certificates().

static get_global_ptr() OpenSSLWrapper
get_x509_store() X509_STORE

Returns the global X509_STORE object.

It has to be a global object, because OpenSSL seems to store some global pointers associated with this object whether you want it to or not, and keeping independent copies of a local X509_STORE object doesn’t seem to work that well. So, we have one store that keeps all certificates the application might need.

load_certificates(filename: Filename) int

Reads the PEM-formatted certificate(s) (delimited by —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–) from the indicated file and adds them to the global store object, retrieved via get_x509_store().

Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

load_certificates_from_der_ram(data: str, data_size: int) int

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be DER- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

load_certificates_from_der_ram(data: str) int

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be DER- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

load_certificates_from_pem_ram(data: str, data_size: int) int

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be PEM- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

load_certificates_from_pem_ram(data: str) int

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be PEM- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

notify_debug_ssl_errors()

As notify_ssl_errors(), but sends the output to debug instead of warning.

notify_ssl_errors()

A convenience function that is itself a wrapper around the OpenSSL convenience function to output the recent OpenSSL errors. This function sends the error string to express_cat.warning(). If REPORT_OPENSSL_ERRORS is not defined, the function does nothing.