Package onep :: Package core :: Package util :: Module tlspinning
[frames] | no frames]

Module tlspinning

The module for the TLS certificate pinning mechanism.

Pinning is the process by which certain hosts can be whitelisted for TLS verification. If the presented certificate matches the known certificate for that host in the pinning file, that connection proceeds even if the certificate fails the customary TLS verification.

Classes
  TLSUnverifiedElementHandler
This class represents a handler for TLS connections in which the network element has not been verified.
Variables
  DecisionType = enum('REJECT', 'ACCEPT_AND_PIN', 'ACCEPT_ONCE')
Actions that can be taken for an unverified TLS connection.
Variables Details

DecisionType

Actions that can be taken for an unverified TLS connection.

REJECT - Reject the connection.
ACCEPT_AND_PIN - Accept the connection and pin the peer certificate so that
                 future connections to the host will automatically be
                 accepted given that the same peer certificate is presented.
ACCEPT_ONCE - Accept the connection but do not pin the peer certificate.

Value:
enum('REJECT', 'ACCEPT_AND_PIN', 'ACCEPT_ONCE')