OpenSSLWrapper
from panda3d.core import OpenSSLWrapper
- class OpenSSLWrapper
Bases:
Provides an interface wrapper around the OpenSSL library, to ensure that the library is properly initialized in the application, and to provide some hooks into global OpenSSL context data.
Inheritance diagram
- clear_certificates()
Removes all the certificates from the global store, including the compiled- in certificates loaded from ca_bundle_data.c. You can add new certificates by calling
load_certificates()
.
- static get_global_ptr() OpenSSLWrapper
- get_x509_store() X509_STORE
Returns the global X509_STORE object.
It has to be a global object, because OpenSSL seems to store some global pointers associated with this object whether you want it to or not, and keeping independent copies of a local X509_STORE object doesn’t seem to work that well. So, we have one store that keeps all certificates the application might need.
- load_certificates(filename: Filename) int
Reads the PEM-formatted certificate(s) (delimited by —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–) from the indicated file and adds them to the global store object, retrieved via
get_x509_store()
.Returns the number of certificates read on success, or 0 on failure.
You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.
- load_certificates_from_der_ram(data: str, data_size: int) int
Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be DER- formatted. Returns the number of certificates read on success, or 0 on failure.
You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.
- load_certificates_from_der_ram(data: str) int
Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be DER- formatted. Returns the number of certificates read on success, or 0 on failure.
You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.
- load_certificates_from_pem_ram(data: str, data_size: int) int
Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be PEM- formatted. Returns the number of certificates read on success, or 0 on failure.
You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.
- load_certificates_from_pem_ram(data: str) int
Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be PEM- formatted. Returns the number of certificates read on success, or 0 on failure.
You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.
- notify_debug_ssl_errors()
As
notify_ssl_errors()
, but sends the output to debug instead of warning.
- notify_ssl_errors()
A convenience function that is itself a wrapper around the OpenSSL convenience function to output the recent OpenSSL errors. This function sends the error string to express_cat.warning(). If REPORT_OPENSSL_ERRORS is not defined, the function does nothing.