QSslSocket¶

Inheritance diagram of QSslSocket

Synopsis¶

Functions¶

def addCaCertificate (certificate)
def addCaCertificates (certificates)
def addCaCertificates (path[, format=QSsl.Pem[, syntax=QRegExp.FixedString]])
def caCertificates ()
def ciphers ()
def connectToHostEncrypted (hostName, port, sslPeerName[, mode=QIODevice.ReadWrite])
def connectToHostEncrypted (hostName, port[, mode=QIODevice.ReadWrite])
def encryptedBytesAvailable ()
def encryptedBytesToWrite ()
def ignoreSslErrors (errors)
def isEncrypted ()
def localCertificate ()
def mode ()
def peerCertificate ()
def peerCertificateChain ()
def peerVerifyDepth ()
def peerVerifyMode ()
def privateKey ()
def protocol ()
def sessionCipher ()
def setCaCertificates (certificates)
def setCiphers (ciphers)
def setCiphers (ciphers)
def setLocalCertificate (certificate)
def setLocalCertificate (fileName[, format=QSsl.Pem])
def setPeerVerifyDepth (depth)
def setPeerVerifyMode (mode)
def setPrivateKey (fileName[, algorithm=QSsl.Rsa[, format=QSsl.Pem[, passPhrase=QByteArray()]]])
def setPrivateKey (key)
def setProtocol (protocol)
def setSslConfiguration (config)
def sslConfiguration ()
def sslErrors ()
def waitForEncrypted ([msecs=30000])

Detailed Description¶

The PySide.QtNetwork.QSslSocket class provides an SSL encrypted socket for both clients and servers.

PySide.QtNetwork.QSslSocket establishes a secure, encrypted TCP connection you can use for transmitting encrypted data. It can operate in both client and server mode, and it supports modern SSL protocols, including SSLv3 and TLSv1. By default, PySide.QtNetwork.QSslSocket uses SSLv3, but you can change the SSL protocol by calling PySide.QtNetwork.QSslSocket.setProtocol() as long as you do it before the handshake has started.

SSL encryption operates on top of the existing TCP stream after the socket enters the ConnectedState . There are two simple ways to establish a secure connection using PySide.QtNetwork.QSslSocket : With an immediate SSL handshake, or with a delayed SSL handshake occurring after the connection has been established in unencrypted mode.

The most common way to use PySide.QtNetwork.QSslSocket is to construct an object and start a secure connection by calling PySide.QtNetwork.QSslSocket.connectToHostEncrypted() . This method starts an immediate SSL handshake once the connection has been established.
socket = QSslSocket(self)
QObject.connect(socket, SIGNAL("encrypted()"), self, SLOT("ready()"))

socket.connectToHostEncrypted("imap.example.com", 993)
As with a plain PySide.QtNetwork.QTcpSocket , PySide.QtNetwork.QSslSocket enters the HostLookupState , ConnectingState , and finally the ConnectedState , if the connection is successful. The handshake then starts automatically, and if it succeeds, the PySide.QtNetwork.QSslSocket.encrypted() signal is emitted to indicate the socket has entered the encrypted state and is ready for use.

Note that data can be written to the socket immediately after the return from PySide.QtNetwork.QSslSocket.connectToHostEncrypted() (i.e., before the PySide.QtNetwork.QSslSocket.encrypted() signal is emitted). The data is queued in PySide.QtNetwork.QSslSocket until after the PySide.QtNetwork.QSslSocket.encrypted() signal is emitted.

An example of using the delayed SSL handshake to secure an existing connection is the case where an SSL server secures an incoming connection. Suppose you create an SSL server class as a subclass of PySide.QtNetwork.QTcpServer . You would override QTcpServer.incomingConnection() with something like the example below, which first constructs an instance of PySide.QtNetwork.QSslSocket and then calls PySide.QtNetwork.QSslSocket.setSocketDescriptor() to set the new socket’s descriptor to the existing one passed in. It then initiates the SSL handshake by calling PySide.QtNetwork.QSslSocket.startServerEncryption() .
def incomingConnection(socketDescriptor):
    serverSocket = QSslSocket()
    if serverSocket.setSocketDescriptor(socketDescriptor):
        QObject.connect(serverSocket, SIGNAL("encrypted()"), self, SLOT("ready()"))
        serverSocket.startServerEncryption()
If an error occurs, PySide.QtNetwork.QSslSocket emits the PySide.QtNetwork.QSslSocket.sslErrors() signal. In this case, if no action is taken to ignore the error(s), the connection is dropped. To continue, despite the occurrence of an error, you can call PySide.QtNetwork.QSslSocket.ignoreSslErrors() , either from within this slot after the error occurs, or any time after construction of the PySide.QtNetwork.QSslSocket and before the connection is attempted. This will allow PySide.QtNetwork.QSslSocket to ignore the errors it encounters when establishing the identity of the peer. Ignoring errors during an SSL handshake should be used with caution, since a fundamental characteristic of secure connections is that they should be established with a successful handshake.

Once encrypted, you use PySide.QtNetwork.QSslSocket as a regular PySide.QtNetwork.QTcpSocket . When PySide.QtCore.QIODevice.readyRead() is emitted, you can call PySide.QtCore.QIODevice.read() , PySide.QtNetwork.QSslSocket.canReadLine() and PySide.QtCore.QIODevice.readLine() , or PySide.QtCore.QIODevice.getChar() to read decrypted data from PySide.QtNetwork.QSslSocket ‘s internal buffer, and you can call PySide.QtCore.QIODevice.write() or PySide.QtCore.QIODevice.putChar() to write data back to the peer. PySide.QtNetwork.QSslSocket will automatically encrypt the written data for you, and emit PySide.QtNetwork.QSslSocket.encryptedBytesWritten() once the data has been written to the peer.

As a convenience, PySide.QtNetwork.QSslSocket supports PySide.QtNetwork.QTcpSocket ‘s blocking functions PySide.QtNetwork.QSslSocket.waitForConnected() , PySide.QtNetwork.QSslSocket.waitForReadyRead() , PySide.QtNetwork.QSslSocket.waitForBytesWritten() , and PySide.QtNetwork.QSslSocket.waitForDisconnected() . It also provides PySide.QtNetwork.QSslSocket.waitForEncrypted() , which will block the calling thread until an encrypted connection has been established.
socket = QSslSocket()
socket.connectToHostEncrypted("http.example.com", 443)
if not socket.waitForEncrypted():
    print socket.errorString()
    return false

socket.write("GET / HTTP/1.0\r\n\r\n")
while socket.waitForReadyRead():
    print socket.readAll().data()
PySide.QtNetwork.QSslSocket provides an extensive, easy-to-use API for handling cryptographic ciphers, private keys, and local, peer, and Certification Authority (CA) certificates. It also provides an API for handling errors that occur during the handshake phase.

The following features can also be customized:

The socket’s cryptographic cipher suite can be customized before the handshake phase with PySide.QtNetwork.QSslSocket.setCiphers() and PySide.QtNetwork.QSslSocket.setDefaultCiphers() .

The socket’s local certificate and private key can be customized before the handshake phase with PySide.QtNetwork.QSslSocket.setLocalCertificate() and PySide.QtNetwork.QSslSocket.setPrivateKey() .

The CA certificate database can be extended and customized with PySide.QtNetwork.QSslSocket.addCaCertificate() , PySide.QtNetwork.QSslSocket.addCaCertificates() , PySide.QtNetwork.QSslSocket.setCaCertificates() , PySide.QtNetwork.QSslSocket.addDefaultCaCertificate() , PySide.QtNetwork.QSslSocket.addDefaultCaCertificates() , and PySide.QtNetwork.QSslSocket.setDefaultCaCertificates() .

For more information about ciphers and certificates, refer to PySide.QtNetwork.QSslCipher and PySide.QtNetwork.QSslCertificate .

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

Note

Be aware of the difference between the PySide.QtCore.QIODevice.bytesWritten() signal and the PySide.QtNetwork.QSslSocket.encryptedBytesWritten() signal. For a PySide.QtNetwork.QTcpSocket , PySide.QtCore.QIODevice.bytesWritten() will get emitted as soon as data has been written to the TCP socket. For a PySide.QtNetwork.QSslSocket , PySide.QtCore.QIODevice.bytesWritten() will get emitted when the data is being encrypted and PySide.QtNetwork.QSslSocket.encryptedBytesWritten() will get emitted as soon as data has been written to the TCP socket.

Symbian Platform Security Requirements¶

On Symbian, processes which use this class must have the NetworkServices platform security capability. If the client process lacks this capability, operations will fail.

Platform security capabilities are added via the TARGET.CAPABILITY qmake variable.

See also

PySide.QtNetwork.QSslCertificate PySide.QtNetwork.QSslCipher PySide.QtNetwork.QSslError

class PySide.QtNetwork.QSslSocket([parent=None])¶

Parameters:	parent – `PySide.QtCore.QObject`

Constructs a PySide.QtNetwork.QSslSocket object. parent is passed to PySide.QtCore.QObject ‘s constructor. The new socket’s cipher suite is set to the one returned by the static method PySide.QtNetwork.QSslSocket.defaultCiphers() .

PySide.QtNetwork.QSslSocket.SslMode¶

Describes the connection modes available for PySide.QtNetwork.QSslSocket .

Constant	Description
QSslSocket.UnencryptedMode	The socket is unencrypted. Its behavior is identical to `PySide.QtNetwork.QTcpSocket` .
QSslSocket.SslClientMode	The socket is a client-side SSL socket. It is either alreayd encrypted, or it is in the SSL handshake phase (see `QSslSocket.isEncrypted()` ).
QSslSocket.SslServerMode	The socket is a server-side SSL socket. It is either already encrypted, or it is in the SSL handshake phase (see `QSslSocket.isEncrypted()` ).

PySide.QtNetwork.QSslSocket.PeerVerifyMode¶

Describes the peer verification modes for PySide.QtNetwork.QSslSocket . The default mode is AutoVerifyPeer , which selects an appropriate mode depending on the socket’s QSocket::SslMode.

Constant	Description
QSslSocket.VerifyNone	`PySide.QtNetwork.QSslSocket` will not request a certificate from the peer. You can set this mode if you are not interested in the identity of the other side of the connection. The connection will still be encrypted, and your socket will still send its local certificate to the peer if it’s requested.
QSslSocket.QueryPeer	`PySide.QtNetwork.QSslSocket` will request a certificate from the peer, but does not require this certificate to be valid. This is useful when you want to display peer certificate details to the user without affecting the actual SSL handshake. This mode is the default for servers.
QSslSocket.VerifyPeer	`PySide.QtNetwork.QSslSocket` will request a certificate from the peer during the SSL handshake phase, and requires that this certificate is valid. On failure, `PySide.QtNetwork.QSslSocket` will emit the `QSslSocket.sslErrors()` signal. This mode is the default for clients.
QSslSocket.AutoVerifyPeer	`PySide.QtNetwork.QSslSocket` will automatically use `QueryPeer` for server sockets and `VerifyPeer` for client sockets.

See also

QSslSocket.peerVerifyMode()

PySide.QtNetwork.QSslSocket.addCaCertificate(certificate)¶

Parameters:	certificate – `PySide.QtNetwork.QSslCertificate`

Adds the certificate to this socket’s CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer’s certificate.

To add multiple certificates, use PySide.QtNetwork.QSslSocket.addCaCertificates() .

PySide.QtNetwork.QSslSocket.addCaCertificates(path[, format=QSsl.Pem[, syntax=QRegExp.FixedString]])¶

Parameters:	path – unicode format – `PySide.QtNetwork.QSsl.EncodingFormat` syntax – `PySide.QtCore.QRegExp.PatternSyntax`
Return type:	`PySide.QtCore.bool`

PySide.QtNetwork.QSslSocket.addCaCertificates(certificates)

Parameters:	certificates –

static PySide.QtNetwork.QSslSocket.addDefaultCaCertificate(certificate)¶

Parameters:	certificate – `PySide.QtNetwork.QSslCertificate`

Adds certificate to the default CA certificate database. Each SSL socket’s CA certificate database is initialized to the default CA certificate database.

static PySide.QtNetwork.QSslSocket.addDefaultCaCertificates(path[, format=QSsl.Pem[, syntax=QRegExp.FixedString]])¶

Parameters:	path – unicode format – `PySide.QtNetwork.QSsl.EncodingFormat` syntax – `PySide.QtCore.QRegExp.PatternSyntax`
Return type:	`PySide.QtCore.bool`

static PySide.QtNetwork.QSslSocket.addDefaultCaCertificates(certificates)

Parameters:	certificates –

PySide.QtNetwork.QSslSocket.caCertificates()¶

Return type:

Returns this socket’s CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer’s certificate. It can be moodified prior to the handshake with PySide.QtNetwork.QSslSocket.addCaCertificate() , PySide.QtNetwork.QSslSocket.addCaCertificates() , and PySide.QtNetwork.QSslSocket.setCaCertificates() .

PySide.QtNetwork.QSslSocket.ciphers()¶

Return type:

Returns this socket’s current cryptographic cipher suite. This list is used during the socket’s handshake phase for choosing a session cipher. The returned list of ciphers is ordered by descending preference. (i.e., the first cipher in the list is the most preferred cipher). The session cipher will be the first one in the list that is also supported by the peer.

By default, the handshake phase can choose any of the ciphers supported by this system’s SSL libraries, which may vary from system to system. The list of ciphers supported by this system’s SSL libraries is returned by PySide.QtNetwork.QSslSocket.supportedCiphers() . You can restrict the list of ciphers used for choosing the session cipher for this socket by calling PySide.QtNetwork.QSslSocket.setCiphers() with a subset of the supported ciphers. You can revert to using the entire set by calling PySide.QtNetwork.QSslSocket.setCiphers() with the list returned by PySide.QtNetwork.QSslSocket.supportedCiphers() .

You can restrict the list of ciphers used for choosing the session cipher for all sockets by calling PySide.QtNetwork.QSslSocket.setDefaultCiphers() with a subset of the supported ciphers. You can revert to using the entire set by calling PySide.QtNetwork.QSslSocket.setCiphers() with the list returned by PySide.QtNetwork.QSslSocket.supportedCiphers() .

PySide.QtNetwork.QSslSocket.connectToHostEncrypted(hostName, port, sslPeerName[, mode=QIODevice.ReadWrite])¶

Parameters:	hostName – unicode port – `PySide.QtCore.quint16` sslPeerName – unicode mode – `PySide.QtCore.QIODevice.OpenMode`

PySide.QtNetwork.QSslSocket.connectToHostEncrypted(hostName, port[, mode=QIODevice.ReadWrite])

Parameters:	hostName – unicode port – `PySide.QtCore.quint16` mode – `PySide.QtCore.QIODevice.OpenMode`

static PySide.QtNetwork.QSslSocket.defaultCaCertificates()¶

Return type:

Returns the current default CA certificate database. This database is originally set to your system’s default CA certificate database. If no system default database is found, an empty database will be returned. You can override the default CA certificate database with your own CA certificate database using PySide.QtNetwork.QSslSocket.setDefaultCaCertificates() .

Each SSL socket’s CA certificate database is initialized to the default CA certificate database.

static PySide.QtNetwork.QSslSocket.defaultCiphers()¶

Return type:

Returns the default cryptographic cipher suite for all sockets in this application. This list is used during the socket’s handshake phase when negotiating with the peer to choose a session cipher. The list is ordered by preference (i.e., the first cipher in the list is the most preferred cipher).

By default, the handshake phase can choose any of the ciphers supported by this system’s SSL libraries, which may vary from system to system. The list of ciphers supported by this system’s SSL libraries is returned by PySide.QtNetwork.QSslSocket.supportedCiphers() .

PySide.QtNetwork.QSslSocket.encrypted()¶

PySide.QtNetwork.QSslSocket.encryptedBytesAvailable()¶

Return type:	`PySide.QtCore.qint64`

Returns the number of encrypted bytes that are awaiting decryption. Normally, this function will return 0 because PySide.QtNetwork.QSslSocket decrypts its incoming data as soon as it can.

PySide.QtNetwork.QSslSocket.encryptedBytesToWrite()¶

Return type:	`PySide.QtCore.qint64`

Returns the number of encrypted bytes that are waiting to be written to the network.

PySide.QtNetwork.QSslSocket.encryptedBytesWritten(totalBytes)¶

Parameters:	totalBytes – `PySide.QtCore.qint64`

PySide.QtNetwork.QSslSocket.ignoreSslErrors()¶

This slot tells PySide.QtNetwork.QSslSocket to ignore errors during PySide.QtNetwork.QSslSocket ‘s handshake phase and continue connecting. If you want to continue with the connection even if errors occur during the handshake phase, then you must call this slot, either from a slot connected to PySide.QtNetwork.QSslSocket.sslErrors() , or before the handshake phase. If you don’t call this slot, either in response to errors or before the handshake, the connection will be dropped after the PySide.QtNetwork.QSslSocket.sslErrors() signal has been emitted.

If there are no errors during the SSL handshake phase (i.e., the identity of the peer is established with no problems), PySide.QtNetwork.QSslSocket will not emit the PySide.QtNetwork.QSslSocket.sslErrors() signal, and it is unnecessary to call this function.

Ignoring errors that occur during an SSL handshake should be done with caution. A fundamental characteristic of secure connections is that they should be established with an error free handshake.

PySide.QtNetwork.QSslSocket.ignoreSslErrors(errors)

Parameters:	errors –

PySide.QtNetwork.QSslSocket.isEncrypted()¶

Return type:	`PySide.QtCore.bool`

Returns true if the socket is encrypted; otherwise, false is returned.

An encrypted socket encrypts all data that is written by calling PySide.QtCore.QIODevice.write() or PySide.QtCore.QIODevice.putChar() before the data is written to the network, and decrypts all incoming data as the data is received from the network, before you call PySide.QtCore.QIODevice.read() , PySide.QtCore.QIODevice.readLine() or PySide.QtCore.QIODevice.getChar() .

PySide.QtNetwork.QSslSocket emits PySide.QtNetwork.QSslSocket.encrypted() when it enters encrypted mode.

You can call PySide.QtNetwork.QSslSocket.sessionCipher() to find which cryptographic cipher is used to encrypt and decrypt your data.

See also

PySide.QtNetwork.QSslSocket.mode()

PySide.QtNetwork.QSslSocket.localCertificate()¶

Return type:	`PySide.QtNetwork.QSslCertificate`

Returns the socket’s local certificate , or an empty certificate if no local certificate has been assigned.

PySide.QtNetwork.QSslSocket.mode()¶

Return type:	`PySide.QtNetwork.QSslSocket.SslMode`

Returns the current mode for the socket; either UnencryptedMode , where PySide.QtNetwork.QSslSocket behaves identially to PySide.QtNetwork.QTcpSocket , or one of SslClientMode or SslServerMode , where the client is either negotiating or in encrypted mode.

When the mode changes, PySide.QtNetwork.QSslSocket emits PySide.QtNetwork.QSslSocket.modeChanged()

See also

QSslSocket.SslMode

PySide.QtNetwork.QSslSocket.modeChanged(newMode)¶

Parameters:	newMode – `PySide.QtNetwork.QSslSocket.SslMode`

PySide.QtNetwork.QSslSocket.peerCertificate()¶

Return type:	`PySide.QtNetwork.QSslCertificate`

Returns the peer’s digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.

The peer certificate is checked automatically during the handshake phase, so this function is normally used to fetch the certificate for display or for connection diagnostic purposes. It contains information about the peer, including its host name, the certificate issuer, and the peer’s public key.

Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the PySide.QtNetwork.QSslSocket.sslErrors() signal or the PySide.QtNetwork.QSslSocket.encrypted() signal.

If a null certificate is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn’t have a certificate, or it can mean there is no connection.

If you want to check the peer’s complete chain of certificates, use PySide.QtNetwork.QSslSocket.peerCertificateChain() to get them all at once.

PySide.QtNetwork.QSslSocket.peerCertificateChain()¶

Return type:

Returns the peer’s chain of digital certificates, or an empty list of certificates.

Peer certificates are checked automatically during the handshake phase. This function is normally used to fetch certificates for display, or for performing connection diagnostics. Certificates contain information about the peer and the certificate issuers, including host name, issuer names, and issuer public keys.

The peer certificates are set in PySide.QtNetwork.QSslSocket during the handshake phase, so it is safe to call this function from a slot connected to the PySide.QtNetwork.QSslSocket.sslErrors() signal or the PySide.QtNetwork.QSslSocket.encrypted() signal.

If an empty list is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn’t have a certificate, or it can mean there is no connection.

If you want to get only the peer’s immediate certificate, use PySide.QtNetwork.QSslSocket.peerCertificate() .

PySide.QtNetwork.QSslSocket.peerVerifyDepth()¶

Return type:	`PySide.QtCore.int`

Returns the maximum number of certificates in the peer’s certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer’s own certificate, then its issuer’s certificate, and so on.

PySide.QtNetwork.QSslSocket.peerVerifyError(error)¶

Parameters:	error – `PySide.QtNetwork.QSslError`

PySide.QtNetwork.QSslSocket.peerVerifyMode()¶

Return type:	`PySide.QtNetwork.QSslSocket.PeerVerifyMode`

Returns the socket’s verify mode. This mode mode decides whether PySide.QtNetwork.QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer , which tells PySide.QtNetwork.QSslSocket to use VerifyPeer for clients and QueryPeer for servers.

PySide.QtNetwork.QSslSocket.privateKey()¶

Return type:	`PySide.QtNetwork.QSslKey`

Returns this socket’s private key.

PySide.QtNetwork.QSslSocket.protocol()¶

Return type:	`PySide.QtNetwork.QSsl.SslProtocol`

Returns the socket’s SSL protocol. By default, QSsl.SslV3 is used.

PySide.QtNetwork.QSslSocket.sessionCipher()¶

Return type:	`PySide.QtNetwork.QSslCipher`

Returns the socket’s cryptographic cipher , or a null cipher if the connection isn’t encrypted. The socket’s cipher for the session is set during the handshake phase. The cipher is used to encrypt and decrypt data transmitted through the socket.

PySide.QtNetwork.QSslSocket also provides functions for setting the ordered list of ciphers from which the handshake phase will eventually select the session cipher. This ordered list must be in place before the handshake phase begins.

PySide.QtNetwork.QSslSocket.setCaCertificates(certificates)¶

Parameters:	certificates –

PySide.QtNetwork.QSslSocket.setCiphers(ciphers)¶

Parameters:	ciphers –

PySide.QtNetwork.QSslSocket.setCiphers(ciphers)

Parameters:	ciphers – unicode

Sets the cryptographic cipher suite for this socket to ciphers , which is a colon-separated list of cipher suite names. The ciphers are listed in order of preference, starting with the most preferred cipher. For example:

socket = QSslSocket()
socket.setCiphers("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA")

Each cipher name in ciphers must be the name of a cipher in the list returned by PySide.QtNetwork.QSslSocket.supportedCiphers() . Restricting the cipher suite must be done before the handshake phase, where the session cipher is chosen.

static PySide.QtNetwork.QSslSocket.setDefaultCaCertificates(certificates)¶

Parameters:	certificates –

static PySide.QtNetwork.QSslSocket.setDefaultCiphers(ciphers)¶

Parameters:	ciphers –

PySide.QtNetwork.QSslSocket.setLocalCertificate(fileName[, format=QSsl.Pem])¶

Parameters:	fileName – unicode format – `PySide.QtNetwork.QSsl.EncodingFormat`

PySide.QtNetwork.QSslSocket.setLocalCertificate(certificate)

Parameters:	certificate – `PySide.QtNetwork.QSslCertificate`

Sets the socket’s local certificate to certificate . The local certificate is necessary if you need to confirm your identity to the peer. It is used together with the private key; if you set the local certificate, you must also set the private key.

The local certificate and private key are always necessary for server sockets, but are also rarely used by client sockets if the server requires the client to authenticate.

PySide.QtNetwork.QSslSocket.setPeerVerifyDepth(depth)¶

Parameters:	depth – `PySide.QtCore.int`

Sets the maximum number of certificates in the peer’s certificate chain to be checked during the SSL handshake phase, to depth . Setting a depth of 0 means that no maximum depth is set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer’s own certificate, then its issuer’s certificate, and so on.

PySide.QtNetwork.QSslSocket.setPeerVerifyMode(mode)¶

Parameters:	mode – `PySide.QtNetwork.QSslSocket.PeerVerifyMode`

PySide.QtNetwork.QSslSocket.setPrivateKey(fileName[, algorithm=QSsl.Rsa[, format=QSsl.Pem[, passPhrase=QByteArray()]]])¶

Parameters:	fileName – unicode algorithm – `PySide.QtNetwork.QSsl.KeyAlgorithm` format – `PySide.QtNetwork.QSsl.EncodingFormat` passPhrase – `PySide.QtCore.QByteArray`

PySide.QtNetwork.QSslSocket.setPrivateKey(key)

Parameters:	key – `PySide.QtNetwork.QSslKey`

Sets the socket’s private key to key . The private key and the local certificate are used by clients and servers that must prove their identity to SSL peers.

Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.

PySide.QtNetwork.QSslSocket.setProtocol(protocol)¶

Parameters:	protocol – `PySide.QtNetwork.QSsl.SslProtocol`

PySide.QtNetwork.QSslSocket.setSslConfiguration(config)¶

Parameters:	config – `PySide.QtNetwork.QSslConfiguration`

Sets the socket’s SSL configuration to be the contents of configuration . This function sets the local certificate, the ciphers, the private key and the CA certificates to those stored in configuration .

It is not possible to set the SSL-state related fields.

PySide.QtNetwork.QSslSocket.sslConfiguration()¶

Return type:	`PySide.QtNetwork.QSslConfiguration`

Returns the socket’s SSL configuration state. The default SSL configuration of a socket is to use the default ciphers, default CA certificates, no local private key or certificate.

The SSL configuration also contains fields that can change with time without notice.

PySide.QtNetwork.QSslSocket.sslErrors(errors)¶

Parameters:	errors –

PySide.QtNetwork.QSslSocket.sslErrors()

Return type:

Returns a list of the last SSL errors that occurred. This is the same list as PySide.QtNetwork.QSslSocket passes via the PySide.QtNetwork.QSslSocket.sslErrors() signal. If the connection has been encrypted with no errors, this function will return an empty list.

PySide.QtNetwork.QSslSocket.startClientEncryption()¶

Starts a delayed SSL handshake for a client connection. This function can be called when the socket is in the ConnectedState but still in the UnencryptedMode . If it is not yet connected, or if it is already encrypted, this function has no effect.

Clients that implement STARTTLS functionality often make use of delayed SSL handshakes. Most other clients can avoid calling this function directly by using PySide.QtNetwork.QSslSocket.connectToHostEncrypted() instead, which automatically performs the handshake.

PySide.QtNetwork.QSslSocket.startServerEncryption()¶

Starts a delayed SSL handshake for a server connection. This function can be called when the socket is in the ConnectedState but still in UnencryptedMode . If it is not connected or it is already encrypted, the function has no effect.

For server sockets, calling this function is the only way to initiate the SSL handshake. Most servers will call this function immediately upon receiving a connection, or as a result of having received a protocol-specific command to enter SSL mode (e.g, the server may respond to receiving the string “STARTTLSrn” by calling this function).

The most common way to implement an SSL server is to create a subclass of PySide.QtNetwork.QTcpServer and reimplement QTcpServer.incomingConnection() . The returned socket descriptor is then passed to QSslSocket.setSocketDescriptor() .

static PySide.QtNetwork.QSslSocket.supportedCiphers()¶

Return type:

Returns the list of cryptographic ciphers supported by this system. This list is set by the system’s SSL libraries and may vary from system to system.

static PySide.QtNetwork.QSslSocket.supportsSsl()¶

Return type:	`PySide.QtCore.bool`

Returns true if this platform supports SSL; otherwise, returns false. If the platform doesn’t support SSL, the socket will fail in the connection phase.

static PySide.QtNetwork.QSslSocket.systemCaCertificates()¶

Return type:

This function provides the CA certificate database provided by the operating system. The CA certificate database returned by this function is used to initialize the database returned by PySide.QtNetwork.QSslSocket.defaultCaCertificates() . You can replace that database with your own with PySide.QtNetwork.QSslSocket.setDefaultCaCertificates() .

PySide.QtNetwork.QSslSocket.waitForEncrypted([msecs=30000])¶

Parameters:	msecs – `PySide.QtCore.int`
Return type:	`PySide.QtCore.bool`

Waits until the socket has completed the SSL handshake and has emitted PySide.QtNetwork.QSslSocket.encrypted() , or msecs milliseconds, whichever comes first. If PySide.QtNetwork.QSslSocket.encrypted() has been emitted, this function returns true; otherwise (e.g., the socket is disconnected, or the SSL handshake fails), false is returned.

The following example waits up to one second for the socket to be encrypted:

socket.connectToHostEncrypted("imap", 993)
if socket.waitForEncrypted(1000):
    print "Encrypted!"

If msecs is -1, this function will not time out.

Table Of Contents

Previous topic

Next topic

QSslSocket¶

Synopsis¶

Functions¶

Slots¶

Signals¶

Static functions¶

Detailed Description¶

Symbian Platform Security Requirements¶

Table Of Contents

Previous topic

Next topic

Quick search

QSslSocket¶

Synopsis¶

Functions¶

Slots¶

Signals¶

Static functions¶

Detailed Description¶

Symbian Platform Security Requirements¶