TransportSecurity

class c104.TransportSecurity

This class is used to configure transport layer security for server and clients

__init__(self: c104.TransportSecurity, validate: bool = True, only_known: bool = True) → None

Create a new transport layer configuration

Parameters:

• validate (bool) – validate certificates of communication partners

• only_known (bool) – accept communication only from partners with certificate added to the list of allowed remote certificates

Example

>>> tls = c104.TransportSecurity(validate=True, only_known=False)

add_allowed_remote_certificate(self: c104.TransportSecurity, cert: str) → None

add a trusted communication partners x509 certificate from file

Parameters:

cert (str) – path to trusted communication partners certificate file

Return type:

None

Raises:

ValueError – If loading the certificate file fails

Example

>>> tls = c104.TransportSecurity(validate=True, only_known=False)
>>> tls.add_allowed_remote_certificate(cert="certs/client2.crt")

set_ca_certificate(self: c104.TransportSecurity, cert: str) → None

load x509 certificate of trusted authority from file

Parameters:

cert (str) – path to certificate authorities certificate file

Return type:

None

Raises:

ValueError – If loading the certificate file fails

Example

>>> tls = c104.TransportSecurity(validate=True, only_known=False)
>>> tls.set_ca_certificate(cert="certs/ca.crt")

set_certificate(self: c104.TransportSecurity, cert: str, key: str, passphrase: str = '') → None

load x509 certificate from file with (optional encrypted) key from file used to encrypt the connection

Parameters:

• cert (str) – path to certificate file

• key (bool) – path to certificates private key file

• passphrase (str) – password required to decrypt the certificates private key file

Return type:

None

Raises:

ValueError – If loading the certificate file, loading the private key file or decrypting the private key fails

Example

>>> tls = c104.TransportSecurity(validate=True, only_known=False)
>>> tls.set_certificate(cert="certs/server.crt", key="certs/server.key")

set_version(self: c104.TransportSecurity, min: c104.TlsVersion = c104.TlsVersion.NOT_SELECTED, max: c104.TlsVersion = c104.TlsVersion.NOT_SELECTED) → None

set the supported min and/or max TLS version

Parameters:

• min (TlsVersion) – minimum required TLS version for communication

• max (TlsVersion) – maximum allowed TLS version for communication

Return type:

None

Example

>>> tls = c104.TransportSecurity(validate=True, only_known=False)
>>> tls.set_version(min=c104.TLSVersion.TLS_1_2, max=c104.TLSVersion.TLS_1_2)