Pike v8.1 release 6

Class SSL.Constants.CertificatePair

Description

A chain of X509 certificates with corresponding private key.

It also contains some derived metadata.


Variable cert_type

int SSL.Constants.CertificatePair.cert_type

Description

Cerificate type for the leaf cert.

One of the AUTH_* constants.


Variable certs

array(string(8bit)) SSL.Constants.CertificatePair.certs

Description

Chain of certificates, root cert last.


Variable globs

array(string(8bit)) SSL.Constants.CertificatePair.globs

Description

Array of commonName globs from the first certificate in certs.


Variable issuers

array(string(8bit)) SSL.Constants.CertificatePair.issuers

Description

Array of DER for the issuers matching certs.


Variable ke_mask

int(0..) SSL.Constants.CertificatePair.ke_mask

Description

Bitmask of the key exchange algorithms supported by the main certificate. This is used for TLS 1.1 and earlier.

See also

ke_mask_invariant


Variable ke_mask_invariant

int(0..) SSL.Constants.CertificatePair.ke_mask_invariant

Description

Bitmask of the key exchange algorithms supported by the main certificate. This is the same as ke_mask, but unified with respect to KE_dh_dss/KE_dh_rsa and KE_ecdh_ecdsa/KE_ecdh_rsa, as supported by TLS 1.2 and later.


Variable key

Crypto.Sign.State SSL.Constants.CertificatePair.key

Description

Private key.


Variable sign_algs

array(array(HashAlgorithm|SignatureAlgorithm)) SSL.Constants.CertificatePair.sign_algs

Description

TLS 1.2-style hash and signature pairs matching the certs.


Method create

SSL.Constants.CertificatePair SSL.Constants.CertificatePair(Crypto.Sign.State key, array(string(8bit)) certs, array(string(8bit))|void extra_name_globs)

Description

Initializa a new CertificatePair.

Parameter key

Private key.

Parameter certs

Chain of certificates, root cert last.

Parameter extra_globs

The set of globs from the first certificate is optionally extended with these.

Note

Performs various validation checks.