def options(self, *authorities):
"""
Behaves like L{twisted.internet.ssl.PrivateCertificate.options}().
"""
if not self.client:
# do some crud with sslverify to generate a temporary self-signed
# certificate. This is SLOOOWWWWW so it is only in the absolute
# worst, most naive case.
# We have to do this because OpenSSL will not let both the server
# and client be anonymous.
sharedDN = DN(CN='TEMPORARY CERTIFICATE')
key = KeyPair.generate()
cr = key.certificateRequest(sharedDN)
sscrd = key.signCertificateRequest(sharedDN, cr, lambda dn: True, 1)
cert = key.newCertificate(sscrd)
return cert.options(*authorities)
options = dict()
if authorities:
options.update(dict(verify=True,
requireCertificate=True,
caCerts=[auth.original for auth in authorities]))
occo = CertificateOptions(**options)
return occo
评论列表
文章目录
