SslContextConfigurator class

class V12.FIXAntenna.SslContextConfigurator

SSL context configurator. SslContext uses this class instance to setup SSL configuration (certificates, private keys, ciphers and so on).

reset() None

Resets configurator internal state if any. This routine is called right before any other routines are called to give configurator a chance to reset its internal state if any from previous configuration rounds and prepare to new one since configurator instance can be reused accross different SSL contexts.

Returns:

None

Return type:

None

get_protocols() int

Returns protocols value to use. See V12.FIXAntenna.SslContext PROTOCOL_* constants. If 0 is returned the value passed directly to SslContext constructor is used.

Returns:

Allowed protocols to use.

Return type:

int

get_verify_locations() None

Provides location where to search for CA certificates. It is called by both Client and Server contexts. It is used to search for root CA certificates during peer certificate validation.

Returns:

Returns location where to search for CA certificates.

Return type:

CACertificateLocations

get_next_certificate_private_key_pair(index: int) CertificatePrivateKeyPair

Provides next certificate to set. It is called by both Client and Server contexts. Certificate matching against private key is performed for every certificate provided and exception is thrown if mismatch is detected.

Param:

int index: tracking index

Returns:

Return next certificate to set

Return type:

CertificatePrivateKeyPair

is_validate_peer_certificate() bool

Returns true if peer certificate has to be validated, false otherwise.

Returns:

Returns true if peer certificate has to be validated, false otherwise.

Return type:

bool

get_ciphers_list() str

Returns ciphers configuration string. See https://www.openssl.org/docs/man1.0.2/apps/ciphers.html for details. If empty string is returned cipher’s list remains untouched and OpenSSL default list is used.

Returns:

Returns ciphers configuration string.

Return type:

str

password_callback(index: int, array_index: int, max_password_size: int) str

This routing is called when password for private key or certificate is required. Certificate matching against private key set before is performed for every certificate provided.

Parameters:
  • index (int) – Tracking index of certificate/key pair or -1 if password for CA certificate from get_client_ca_list() is requested.

  • array_index (int) – Index of password requested - -1 for private key, 0 for certificate, 1,2,3,… for every certificate from certificate chain array if password is required.

  • max_password_size (int) – Maximal password length accepted. Return password should not be bigger the this value. All characted above this value will be truncated.

Returns:

Returns password requested or empty string if no password is provided.

Return type:

str

get_client_ca_list() None

Provides data to build acceptable CAs list sent to client.

Returns:

Returns a ClientCAList instance with the data.

Return type:

ClientCAList

lock() None

This routine gets the lock over the object and have to be called when exclusive access to the configurator instance is required.

Returns:

None

Return type:

None

unlock() None

This routine releases the lock over the object and have to be called when no further exclusive access to the configurator instance is required.

Returns:

None

Return type:

None