tls.context

Functions

new(method: string) → tls.context

Constructor.

method must be one of:

  • "sslv2"

  • "sslv2_client"

  • "sslv2_server"

  • "sslv3"

  • "sslv3_client"

  • "sslv3_server"

  • "tlsv1"

  • "tlsv1_client"

  • "tlsv1_server"

  • "sslv23"

  • "sslv23_client"

  • "sslv23_server"

  • "tlsv11"

  • "tlsv11_client"

  • "tlsv11_server"

  • "tlsv12"

  • "tlsv12_client"

  • "tlsv12_server"

  • "tlsv13"

  • "tlsv13_client"

  • "tlsv13_server"

  • "tls"

  • "tls_client"

  • "tls_server"

add_certificate_authority(self, data: byte_span)

Add certification authority for performing verification.

add_verify_path(self, path: filesystem.path)

Add a directory containing certificate authority files to be used for performing verification.

clear_options(self, flags: string[])

Clear options on the context.

load_verify_file(self, filename: filesystem.path)

Load a certification authority file for performing verification.

set_default_verify_paths(self)

Configures the context to use the default directories for finding certification authority certificates.

set_options(self, flags: string[])

Set options on the context.

set_password_callback(self, callback: function)

Set the password callback.

callback's signature must be:

function callback(max_length: integer, purpose: string) -> string

purpose will be either "for_reading" or "for_writing".

The function callback will be called from an unspecified fiber where IO/blocking operations are disabled.

set_verify_callback(self, callback: string[, callback_options…​])

Set the callback used to verify peer certificates.

For now only one callback is supported:

"host_name_verification"

callback_options will be a single string containing the host name.

set_verify_depth(self, depth: integer)

Set the peer verification depth.

set_verify_mode(self, mode: string)

Set the peer verification mode.

mode might be one of the following:

  • "none".

  • "peer".

  • "fail_if_no_peer_cert".

  • "client_once".

use_certificate(self, data: byte_span, fmt: string)

Use a certificate from a memory buffer.

fmt might be one of the following:

"asn1"

ASN.1 file.

"pem"

PEM file.

use_certificate_chain(self, data: byte_span)

Use a certificate chain from a memory buffer.

use_certificate_chain_file(self, filename: filesystem.path)

Use a certificate chain from a file.

use_certificate_file(self, filename: filesystem.path, fmt: string)

Use a certificate from a file.

fmt might be one of the following:

"asn1"

ASN.1 file.

"pem"

PEM file.

use_private_key(self, data: byte_span, fmt: string)

Use a private key from a memory buffer.

fmt might be one of the following:

"asn1"

ASN.1 file.

"pem"

PEM file.

use_private_key_file(self, filename: filesystem.path, fmt: string)

Use a private key from a file.

fmt might be one of the following:

"asn1"

ASN.1 file.

"pem"

PEM file.

use_rsa_private_key(self, data: byte_span, fmt: string)

Use an RSA private key from a memory buffer.

fmt might be one of the following:

"asn1"

ASN.1 file.

"pem"

PEM file.

use_rsa_private_key_file(self, filename: filesystem.path, fmt: string)

Use an RSA private key from a file.

fmt might be one of the following:

"asn1"

ASN.1 file.

"pem"

PEM file.

use_tmp_dh(self, data: byte_span)

Use the specified memory buffer to obtain the temporary Diffie-Hellman parameters.

use_tmp_dh_file(self, filename: filesystem.path)

Use the specified file to obtain the temporary Diffie-Hellman parameters.

Function flags

default_workarounds

Implement various bug workarounds.

no_compression

Disable compression. Compression is disabled by default.

no_sslv2

Disable SSL v2.

no_sslv3

Disable SSL v3.

no_tlsv1

Disable TLS v1.

no_tlsv1_1

Disable TLS v1.1.

no_tlsv1_2

Disable TLS v1.2.

no_tlsv1_3

Disable TLS v1.3.

single_dh_use

Always create a new key when using tmp_dh parameters.