QSslSocketclass provides an SSL encrypted socket for both clients and servers. 更多 …
def
abort
()
def
addCaCertificate
(certificate)
def
addCaCertificates
(certificates)
def
addCaCertificates
(path[, format=QSsl.Pem[, syntax=QRegExp.FixedString]])
def
caCertificates
()
def
ciphers
()
def
connectToHostEncrypted
(hostName, port, sslPeerName[, mode=QIODevice.ReadWrite[, protocol=AnyIPProtocol]])
def
connectToHostEncrypted
(hostName, port[, mode=QIODevice.ReadWrite[, protocol=AnyIPProtocol]])
def
encryptedBytesAvailable
()
def
encryptedBytesToWrite
()
def
flush
()
def
ignoreSslErrors
(errors)
def
isEncrypted
()
def
localCertificate
()
def
localCertificateChain
()
def
mode
()
def
ocspResponses
()
def
peerCertificate
()
def
peerCertificateChain
()
def
peerVerifyDepth
()
def
peerVerifyMode
()
def
peerVerifyName
()
def
privateKey
()
def
protocol
()
def
sessionCipher
()
def
sessionProtocol
()
def
setCaCertificates
(certificates)
def
setCiphers
(ciphers)
def
setCiphers
(ciphers)
def
setLocalCertificate
(certificate)
def
setLocalCertificate
(fileName[, format=QSsl.Pem])
def
setLocalCertificateChain
(localChain)
def
setPeerVerifyDepth
(depth)
def
setPeerVerifyMode
(mode)
def
setPeerVerifyName
(hostName)
def
setPrivateKey
(fileName[, algorithm=QSsl.Rsa[, format=QSsl.Pem[, passPhrase=QByteArray()]]])
def
setPrivateKey
(key)
def
setProtocol
(protocol)
def
setSslConfiguration
(config)
def
sslConfiguration
()
def
sslErrors
()
def
sslHandshakeErrors
()
def
waitForEncrypted
([msecs=30000])
def
ignoreSslErrors
()
def
startClientEncryption
()
def
startServerEncryption
()
def
encrypted
()
def
encryptedBytesWritten
(totalBytes)
def
modeChanged
(newMode)
def
newSessionTicketReceived
()
def
peerVerifyError
(error)
def
preSharedKeyAuthenticationRequired
(authenticator)
def
sslErrors
(errors)
def
addDefaultCaCertificate
(certificate)
def
addDefaultCaCertificates
(certificates)
def
addDefaultCaCertificates
(path[, format=QSsl.Pem[, syntax=QRegExp.FixedString]])
def
defaultCaCertificates
()
def
defaultCiphers
()
def
setDefaultCaCertificates
(certificates)
def
setDefaultCiphers
(ciphers)
def
sslLibraryBuildVersionNumber
()
def
sslLibraryBuildVersionString
()
def
sslLibraryVersionNumber
()
def
sslLibraryVersionString
()
def
supportedCiphers
()
def
supportsSsl
()
def
systemCaCertificates
()
QSslSocketestablishes a secure, encrypted TCP connection you can use for transmitting encrypted data. It can operate in both client and server mode, and it supports modern SSL protocols, including SSL 3 and TLS 1.2. By default,QSslSocketuses only SSL protocols which are considered to be secure (SecureProtocols),但您可以更改 SSL 协议通过调用setProtocol()as long as you do it before the handshake has started.SSL 加密运转在现有 TCP 流之上,但套接字要先进入
ConnectedState. There are two simple ways to establish a secure connection usingQSslSocket: With an immediate SSL handshake, or with a delayed SSL handshake occurring after the connection has been established in unencrypted mode.The most common way to use
QSslSocketis to construct an object and start a secure connection by callingconnectToHostEncrypted(). This method starts an immediate SSL handshake once the connection has been established.socket = QSslSocket(self) QObject.connect(socket, SIGNAL("encrypted()"), self, SLOT("ready()")) socket.connectToHostEncrypted("imap.example.com", 993)就像纯
QTcpSocket,QSslSocketenters theHostLookupState,ConnectingState,及最终ConnectedState,若连接成功。然后握手自动开始,且若它成功,encrypted()signal is emitted to indicate the socket has entered the encrypted state and is ready for use.注意:之后可以立即把数据写入套接字,当返回自
connectToHostEncrypted()(i.e., before theencrypted()signal is emitted). The data is queued inQSslSocketuntil after theencrypted()信号被发射。An example of using the delayed SSL handshake to secure an existing connection is the case where an SSL server secures an incoming connection. Suppose you create an SSL server class as a subclass of
QTcpServer. You would overrideincomingConnection()with something like the example below, which first constructs an instance ofQSslSocketand then callssetSocketDescriptor()to set the new socket’s descriptor to the existing one passed in. It then initiates the SSL handshake by callingstartServerEncryption().def incomingConnection(socketDescriptor): serverSocket = QSslSocket() if serverSocket.setSocketDescriptor(socketDescriptor): QObject.connect(serverSocket, SIGNAL("encrypted()"), self, SLOT("ready()")) serverSocket.startServerEncryption()若发生错误,
QSslSocket发射sslErrors()signal. In this case, if no action is taken to ignore the error(s), the connection is dropped. To continue, despite the occurrence of an error, you can callignoreSslErrors(), either from within this slot after the error occurs, or any time after construction of theQSslSocketand before the connection is attempted. This will allowQSslSocketto ignore the errors it encounters when establishing the identity of the peer. Ignoring errors during an SSL handshake should be used with caution, since a fundamental characteristic of secure connections is that they should be established with a successful handshake.Once encrypted, you use
QSslSocketas a regularQTcpSocket。当readyRead()is emitted, you can callread(),canReadLine()andreadLine(),或getChar()to read decrypted data fromQSslSocket‘s internal buffer, and you can callwrite()orputChar()to write data back to the peer.QSslSocketwill automatically encrypt the written data for you, and emitencryptedBytesWritten()once the data has been written to the peer.As a convenience,
QSslSocketsupportsQTcpSocket‘s blocking functionswaitForConnected(),waitForReadyRead(),waitForBytesWritten(),和waitForDisconnected(). It also provideswaitForEncrypted(), which will block the calling thread until an encrypted connection has been established.socket = QSslSocket() socket.connectToHostEncrypted("http.example.com", 443) if not socket.waitForEncrypted(): print socket.errorString() return false socket.write("GET / HTTP/1.0\r\n\r\n") while socket.waitForReadyRead(): print socket.readAll().data()
QSslSocketprovides an extensive, easy-to-use API for handling cryptographic ciphers, private keys, and local, peer, and Certification Authority (CA) certificates. It also provides an API for handling errors that occur during the handshake phase.The following features can also be customized:
The socket’s cryptographic cipher suite can be customized before the handshake phase with
setCiphers()and QSslConfiguration::setDefaultCiphers().The socket’s local certificate and private key can be customized before the handshake phase with
setLocalCertificate()andsetPrivateKey().The CA certificate database can be extended and customized with
addCaCertificate(),addCaCertificates().To extend the list of default CA certificates used by the SSL sockets during the SSL handshake you must update the default configuration, as in the snippet below:
QList<QSslCertificate> certificates = getCertificates(); QSslConfiguration configuration = QSslConfiguration::defaultConfiguration(); configuration.addCaCertificates(certificates); QSslConfiguration::setDefaultConfiguration(configuration);注意
If available, root certificates on Unix (excluding macOS) will be loaded on demand from the standard certificate directories. If you do not want to load root certificates on demand, you need to call either
defaultConfiguration().setCaCertificates()before the first SSL handshake is made in your application (for example, via passingsystemCaCertificates()to it), or calldefaultConfiguration()::setCaCertificates() on yourQSslSocketinstance prior to the SSL handshake.For more information about ciphers and certificates, refer to
QSslCipherandQSslCertificate.This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( http://www.openssl.org/ ).
注意
Be aware of the difference between the
bytesWritten()signal and theencryptedBytesWritten()signal. For aQTcpSocket,bytesWritten()will get emitted as soon as data has been written to the TCP socket. For aQSslSocket,bytesWritten()will get emitted when the data is being encrypted andencryptedBytesWritten()will get emitted as soon as data has been written to the TCP socket.
QSslSocket
(
[
parent=None
]
)
¶
- param parent
QObject
构造
QSslSocket
对象。
parent
会被传递给
QObject
‘s constructor. The new socket’s
cipher
suite is set to the one returned by the static method
defaultCiphers()
.
PySide2.QtNetwork.QSslSocket.
SslMode
¶
描述可用连接模式为
QSslSocket
.
|
常量 |
描述 |
|---|---|
|
QSslSocket.UnencryptedMode |
The socket is unencrypted. Its behavior is identical to
|
|
QSslSocket.SslClientMode |
The socket is a client-side SSL socket. It is either alreayd encrypted, or it is in the SSL handshake phase (see
|
|
QSslSocket.SslServerMode |
The socket is a server-side SSL socket. It is either already encrypted, or it is in the SSL handshake phase (see
|
PySide2.QtNetwork.QSslSocket.
PeerVerifyMode
¶
描述对等验证模式为
QSslSocket
. The default mode is , which selects an appropriate mode depending on the socket’s QSocket::SslMode.
|
常量 |
描述 |
|---|---|
|
QSslSocket.VerifyNone |
|
|
QSslSocket.QueryPeer |
|
|
QSslSocket.VerifyPeer |
|
|
QSslSocket.AutoVerifyPeer |
|
另请参阅
PySide2.QtNetwork.QSslSocket.
abort
(
)
¶
中止当前连接并重置套接字。不像
disconnectFromHost()
, this function immediately closes the socket, clearing any pending data in the write buffer.
另请参阅
disconnectFromHost()
close()
PySide2.QtNetwork.QSslSocket.
addCaCertificate
(
certificate
)
¶
certificate
–
QSslCertificate
注意
此函数被弃用。
使用
addCaCertificate()
代替。
添加
certificate
to this socket’s CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer’s certificate.
To add multiple certificates, use
addCaCertificates()
.
PySide2.QtNetwork.QSslSocket.
addCaCertificates
(
certificates
)
¶
certificates –
注意
此函数被弃用。
使用
addCaCertificates()
代替。
添加
certificates
to this socket’s CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer’s certificate.
For more precise control, use
addCaCertificate()
.
PySide2.QtNetwork.QSslSocket.
addCaCertificates
(
path
[
,
format=QSsl.Pem
[
,
syntax=QRegExp.FixedString
]
]
)
¶
path – unicode
format
–
EncodingFormat
syntax
–
PatternSyntax
bool
注意
此函数被弃用。
使用
addCaCertificates()
代替。
Searches all files in the
path
for certificates encoded in the specified
format
and adds them to this socket’s CA certificate database.
path
must be a file or a pattern matching one or more files, as specified by
syntax
。返回
true
if one or more certificates are added to the socket’s CA certificate database; otherwise returns
false
.
The CA certificate database is used by the socket during the handshake phase to validate the peer’s certificate.
For more precise control, use
addCaCertificate()
.
PySide2.QtNetwork.QSslSocket.
addDefaultCaCertificate
(
certificate
)
¶
certificate
–
QSslCertificate
注意
此函数被弃用。
使用
addCaCertificate()
on the default
QSslConfiguration
代替。
添加
certificate
to the default CA certificate database. Each SSL socket’s CA certificate database is initialized to the default CA certificate database.
另请参阅
PySide2.QtNetwork.QSslSocket.
addDefaultCaCertificates
(
certificates
)
¶
certificates –
注意
此函数被弃用。
使用
addCaCertificates()
on the default
QSslConfiguration
代替。
添加
certificates
to the default CA certificate database. Each SSL socket’s CA certificate database is initialized to the default CA certificate database.
PySide2.QtNetwork.QSslSocket.
addDefaultCaCertificates
(
path
[
,
format=QSsl.Pem
[
,
syntax=QRegExp.FixedString
]
]
)
¶
path – unicode
format
–
EncodingFormat
syntax
–
PatternSyntax
bool
注意
此函数被弃用。
使用
addCaCertificates()
on the default
QSslConfiguration
代替。
Searches all files in the
path
for certificates with the specified
encoding
and adds them to the default CA certificate database.
path
can be an explicit file, or it can contain wildcards in the format specified by
syntax
。返回
true
if any CA certificates are added to the default database.
Each SSL socket’s CA certificate database is initialized to the default CA certificate database.
PySide2.QtNetwork.QSslSocket.
caCertificates
(
)
¶
注意
此函数被弃用。
使用
caCertificates()
代替。
Returns this socket’s CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer’s certificate. It can be moodified prior to the handshake with
addCaCertificate()
,
addCaCertificates()
,和
setCaCertificates()
.
注意
On Unix, this method may return an empty list if the root certificates are loaded on demand.
PySide2.QtNetwork.QSslSocket.
ciphers
(
)
¶
注意
此函数被弃用。
使用
ciphers()
代替。
Returns this socket’s current cryptographic cipher suite. This list is used during the socket’s handshake phase for choosing a session cipher. The returned list of ciphers is ordered by descending preference. (i.e., the first cipher in the list is the most preferred cipher). The session cipher will be the first one in the list that is also supported by the peer.
By default, the handshake phase can choose any of the ciphers supported by this system’s SSL libraries, which may vary from system to system. The list of ciphers supported by this system’s SSL libraries is returned by
supportedCiphers()
. You can restrict the list of ciphers used for choosing the session cipher for this socket by calling
setCiphers()
with a subset of the supported ciphers. You can revert to using the entire set by calling
setCiphers()
with the list returned by
supportedCiphers()
.
You can restrict the list of ciphers used for choosing the session cipher for
all
sockets by calling
setDefaultCiphers()
with a subset of the supported ciphers. You can revert to using the entire set by calling
setCiphers()
with the list returned by
supportedCiphers()
.
PySide2.QtNetwork.QSslSocket.
connectToHostEncrypted
(
hostName
,
port
[
,
mode=QIODevice.ReadWrite
[
,
protocol=AnyIPProtocol
]
]
)
¶
hostName – unicode
port
–
quint16
mode
–
OpenMode
protocol
–
NetworkLayerProtocol
Starts an encrypted connection to the device
hostName
on
port
,使用
mode
作为
OpenMode
. This is equivalent to calling
connectToHost()
to establish the connection, followed by a call to
startClientEncryption()
。
protocol
parameter can be used to specify which network protocol to use (eg. IPv4 or IPv6).
QSslSocket
first enters the
HostLookupState
. Then, after entering either the event loop or one of the waitFor…() functions, it enters the
ConnectingState
, emits
connected()
, and then initiates the SSL client handshake. At each state change,
QSslSocket
emits signal
stateChanged()
.
After initiating the SSL client handshake, if the identity of the peer can’t be established, signal
sslErrors()
is emitted. If you want to ignore the errors and continue connecting, you must call
ignoreSslErrors()
, either from inside a slot function connected to the
sslErrors()
signal, or prior to entering encrypted mode. If
ignoreSslErrors()
is not called, the connection is dropped, signal
disconnected()
is emitted, and
QSslSocket
returns to the
UnconnectedState
.
If the SSL handshake is successful,
QSslSocket
发射
encrypted()
.
socket = QSslSocket()
QObject.connect(socket, SIGNAL("encrypted()"), receiver, SLOT("socketEncrypted()"))
socket.connectToHostEncrypted("imap", 993)
socket.write("1 CAPABILITY\r\n")
注意
The example above shows that text can be written to the socket immediately after requesting the encrypted connection, before the
encrypted()
signal has been emitted. In such cases, the text is queued in the object and written to the socket
after
the connection is established and the
encrypted()
信号已被发射。
默认为
mode
is
ReadWrite
.
If you want to create a
QSslSocket
on the server side of a connection, you should instead call
startServerEncryption()
upon receiving the incoming connection through
QTcpServer
.
另请参阅
connectToHost()
startClientEncryption()
waitForConnected()
waitForEncrypted()
PySide2.QtNetwork.QSslSocket.
connectToHostEncrypted
(
hostName
,
port
,
sslPeerName
[
,
mode=QIODevice.ReadWrite
[
,
protocol=AnyIPProtocol
]
]
)
¶
hostName – unicode
port
–
quint16
sslPeerName – unicode
mode
–
OpenMode
protocol
–
NetworkLayerProtocol
这是重载函数。
In addition to the original behaviour of
connectToHostEncrypted
, this overloaded method enables the usage of a different hostname (
sslPeerName
) for the certificate validation instead of the one used for the TCP connection (
hostName
).
PySide2.QtNetwork.QSslSocket.
defaultCaCertificates
(
)
¶
注意
此函数被弃用。
使用
caCertificates()
on the default
QSslConfiguration
代替。
Returns the current default CA certificate database. This database is originally set to your system’s default CA certificate database. If no system default database is found, an empty database will be returned. You can override the default CA certificate database with your own CA certificate database using
setDefaultCaCertificates()
.
Each SSL socket’s CA certificate database is initialized to the default CA certificate database.
注意
On Unix, this method may return an empty list if the root certificates are loaded on demand.
PySide2.QtNetwork.QSslSocket.
defaultCiphers
(
)
¶
注意
此函数被弃用。
使用
ciphers()
on the default
QSslConfiguration
代替。
Returns the default cryptographic cipher suite for all sockets in this application. This list is used during the socket’s handshake phase when negotiating with the peer to choose a session cipher. The list is ordered by preference (i.e., the first cipher in the list is the most preferred cipher).
By default, the handshake phase can choose any of the ciphers supported by this system’s SSL libraries, which may vary from system to system. The list of ciphers supported by this system’s SSL libraries is returned by
supportedCiphers()
.
PySide2.QtNetwork.QSslSocket.
encrypted
(
)
¶
PySide2.QtNetwork.QSslSocket.
encryptedBytesAvailable
(
)
¶
qint64
Returns the number of encrypted bytes that are awaiting decryption. Normally, this function will return 0 because
QSslSocket
decrypts its incoming data as soon as it can.
PySide2.QtNetwork.QSslSocket.
encryptedBytesToWrite
(
)
¶
qint64
Returns the number of encrypted bytes that are waiting to be written to the network.
PySide2.QtNetwork.QSslSocket.
encryptedBytesWritten
(
totalBytes
)
¶
totalBytes
–
qint64
PySide2.QtNetwork.QSslSocket.
flush
(
)
¶
bool
This function writes as much as possible from the internal write buffer to the underlying network socket, without blocking. If any data was written, this function returns
true
;否则 false 被返回。
调用此函数若需要
QSslSocket
立即开始发送缓冲数据。成功写入的字节数从属操作系统。在大多数情况下,不需调用此函数,因为
QAbstractSocket
将开始自动发送数据,一旦控制回到事件循环。若缺乏事件循环,调用
waitForBytesWritten()
代替。
另请参阅
write()
waitForBytesWritten()
PySide2.QtNetwork.QSslSocket.
ignoreSslErrors
(
)
¶
此槽告诉
QSslSocket
去忽略错误在
QSslSocket
‘s handshake phase and continue connecting. If you want to continue with the connection even if errors occur during the handshake phase, then you must call this slot, either from a slot connected to
sslErrors()
, or before the handshake phase. If you don’t call this slot, either in response to errors or before the handshake, the connection will be dropped after the
sslErrors()
信号已被发射。
If there are no errors during the SSL handshake phase (i.e., the identity of the peer is established with no problems),
QSslSocket
will not emit the
sslErrors()
signal, and it is unnecessary to call this function.
警告
确保始终让用户审查报告的错误通过
sslErrors()
signal, and only call this method upon confirmation from the user that proceeding is ok. If there are unexpected errors, the connection should be aborted. Calling this method without inspecting the actual errors will most likely pose a security risk for your application. Use it with great care!
另请参阅
PySide2.QtNetwork.QSslSocket.
ignoreSslErrors
(
errors
)
¶
errors –
这是重载函数。
此方法告诉
QSslSocket
to ignore only the errors given in
errors
.
注意
Because most SSL errors are associated with a certificate, for most of them you must set the expected certificate this SSL error is related to. If, for instance, you want to connect to a server that uses a self-signed certificate, consider the following snippet:
QList<QSslCertificate> cert = QSslCertificate::fromPath(QLatin1String("server-certificate.pem"));
QSslError error(QSslError::SelfSignedCertificate, cert.at(0));
QList<QSslError> expectedSslErrors;
expectedSslErrors.append(error);
QSslSocket socket;
socket.ignoreSslErrors(expectedSslErrors);
socket.connectToHostEncrypted("server.tld", 443);
多次调用此函数将替换先前调用传入错误列表。可以清零想要忽略的错误列表通过采用空列表调用此函数。
PySide2.QtNetwork.QSslSocket.
isEncrypted
(
)
¶
bool
返回
true
若套接字被加密;否则,false 被返回。
An encrypted socket encrypts all data that is written by calling
write()
or
putChar()
before the data is written to the network, and decrypts all incoming data as the data is received from the network, before you call
read()
,
readLine()
or
getChar()
.
QSslSocket
发射
encrypted()
when it enters encrypted mode.
可以调用
sessionCipher()
to find which cryptographic cipher is used to encrypt and decrypt your data.
另请参阅
PySide2.QtNetwork.QSslSocket.
localCertificate
(
)
¶
Returns the socket’s local
certificate
, or an empty certificate if no local certificate has been assigned.
PySide2.QtNetwork.QSslSocket.
localCertificateChain
(
)
¶
Returns the socket’s local
certificate
chain, or an empty list if no local certificates have been assigned.
PySide2.QtNetwork.QSslSocket.
mode
(
)
¶
Returns the current mode for the socket; either
UnencryptedMode
,其中
QSslSocket
behaves identially to
QTcpSocket
, or one of
SslClientMode
or
SslServerMode
, where the client is either negotiating or in encrypted mode.
当模式改变时,
QSslSocket
发射
modeChanged()
另请参阅
SslMode
PySide2.QtNetwork.QSslSocket.
newSessionTicketReceived
(
)
¶
PySide2.QtNetwork.QSslSocket.
ocspResponses
(
)
¶
This function returns Online Certificate Status Protocol responses that a server may send during a TLS handshake using OCSP stapling. The vector is empty if no definitive response or no response at all was received.
PySide2.QtNetwork.QSslSocket.
peerCertificate
(
)
¶
Returns the peer’s digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.
The peer certificate is checked automatically during the handshake phase, so this function is normally used to fetch the certificate for display or for connection diagnostic purposes. It contains information about the peer, including its host name, the certificate issuer, and the peer’s public key.
Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the
sslErrors()
signal or the
encrypted()
信号。
If a null certificate is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn’t have a certificate, or it can mean there is no connection.
If you want to check the peer’s complete chain of certificates, use
peerCertificateChain()
to get them all at once.
PySide2.QtNetwork.QSslSocket.
peerCertificateChain
(
)
¶
Returns the peer’s chain of digital certificates, or an empty list of certificates.
Peer certificates are checked automatically during the handshake phase. This function is normally used to fetch certificates for display, or for performing connection diagnostics. Certificates contain information about the peer and the certificate issuers, including host name, issuer names, and issuer public keys.
The peer certificates are set in
QSslSocket
during the handshake phase, so it is safe to call this function from a slot connected to the
sslErrors()
signal or the
encrypted()
信号。
If an empty list is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn’t have a certificate, or it can mean there is no connection.
If you want to get only the peer’s immediate certificate, use
peerCertificate()
.
另请参阅
PySide2.QtNetwork.QSslSocket.
peerVerifyDepth
(
)
¶
int
Returns the maximum number of certificates in the peer’s certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked.
The certificates are checked in issuing order, starting with the peer’s own certificate, then its issuer’s certificate, and so on.
PySide2.QtNetwork.QSslSocket.
peerVerifyMode
(
)
¶
Returns the socket’s verify mode. This mode decides whether
QSslSocket
should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.
默认模式为
AutoVerifyPeer
, which tells
QSslSocket
到使用
VerifyPeer
for clients and
QueryPeer
for servers.
PySide2.QtNetwork.QSslSocket.
peerVerifyName
(
)
¶
unicode
Returns the different hostname for the certificate validation, as set by
setPeerVerifyName
或通过
connectToHostEncrypted
.
authenticator
–
QSslPreSharedKeyAuthenticator
PySide2.QtNetwork.QSslSocket.
protocol
(
)
¶
SslProtocol
Returns the socket’s SSL protocol. By default,
SecureProtocols
被使用。
另请参阅
PySide2.QtNetwork.QSslSocket.
sessionCipher
(
)
¶
Returns the socket’s cryptographic
cipher
, or a null cipher if the connection isn’t encrypted. The socket’s cipher for the session is set during the handshake phase. The cipher is used to encrypt and decrypt data transmitted through the socket.
QSslSocket
also provides functions for setting the ordered list of ciphers from which the handshake phase will eventually select the session cipher. This ordered list must be in place before the handshake phase begins.
PySide2.QtNetwork.QSslSocket.
sessionProtocol
(
)
¶
SslProtocol
Returns the socket’s SSL/TLS protocol or UnknownProtocol if the connection isn’t encrypted. The socket’s protocol for the session is set during the handshake phase.
另请参阅
PySide2.QtNetwork.QSslSocket.
setCaCertificates
(
certificates
)
¶
certificates –
注意
此函数被弃用。
使用
setCaCertificates()
代替。
Sets this socket’s CA certificate database to be
certificates
. The certificate database must be set prior to the SSL handshake. The CA certificate database is used by the socket during the handshake phase to validate the peer’s certificate.
The CA certificate database can be reset to the current default CA certificate database by calling this function with the list of CA certificates returned by
defaultCaCertificates()
.
PySide2.QtNetwork.QSslSocket.
setCiphers
(
ciphers
)
¶
ciphers –
注意
此函数被弃用。
PySide2.QtNetwork.QSslSocket.
setCiphers
(
ciphers
)
¶
ciphers – unicode
注意
此函数被弃用。
PySide2.QtNetwork.QSslSocket.
setDefaultCaCertificates
(
certificates
)
¶
certificates –
注意
此函数被弃用。
使用
setCaCertificates()
on the default
QSslConfiguration
代替。
Sets the default CA certificate database to
certificates
. The default CA certificate database is originally set to your system’s default CA certificate database. You can override the default CA certificate database with your own CA certificate database using this function.
Each SSL socket’s CA certificate database is initialized to the default CA certificate database.
PySide2.QtNetwork.QSslSocket.
setDefaultCiphers
(
ciphers
)
¶
ciphers –
注意
此函数被弃用。
使用
setCiphers()
on the default
QSslConfiguration
代替。
Sets the default cryptographic cipher suite for all sockets in this application to
ciphers
, which must contain a subset of the ciphers in the list returned by
supportedCiphers()
.
Restricting the default cipher suite only affects SSL sockets that perform their handshake phase after the default cipher suite has been changed.
PySide2.QtNetwork.QSslSocket.
setLocalCertificate
(
certificate
)
¶
certificate
–
QSslCertificate
Sets the socket’s local certificate to
certificate
. The local certificate is necessary if you need to confirm your identity to the peer. It is used together with the private key; if you set the local certificate, you must also set the private key.
The local certificate and private key are always necessary for server sockets, but are also rarely used by client sockets if the server requires the client to authenticate.
注意
Secure Transport SSL backend on macOS may update the default keychain (the default is probably your login keychain) by importing your local certificates and keys. This can also result in system dialogs showing up and asking for permission when your application is using these private keys. If such behavior is undesired, set the QT_SSL_USE_TEMPORARY_KEYCHAIN environment variable to a non-zero value; this will prompt
QSslSocket
to use its own temporary keychain.
PySide2.QtNetwork.QSslSocket.
setLocalCertificate
(
fileName
[
,
format=QSsl.Pem
]
)
¶
fileName – unicode
format
–
EncodingFormat
这是重载函数。
Sets the socket’s local
certificate
to the first one found in file
path
, which is parsed according to the specified
format
.
PySide2.QtNetwork.QSslSocket.
setLocalCertificateChain
(
localChain
)
¶
localChain –
Sets the certificate chain to be presented to the peer during the SSL handshake to be
localChain
.
PySide2.QtNetwork.QSslSocket.
setPeerVerifyDepth
(
depth
)
¶
depth
–
int
Sets the maximum number of certificates in the peer’s certificate chain to be checked during the SSL handshake phase, to
depth
. Setting a depth of 0 means that no maximum depth is set, indicating that the whole certificate chain should be checked.
The certificates are checked in issuing order, starting with the peer’s own certificate, then its issuer’s certificate, and so on.
PySide2.QtNetwork.QSslSocket.
setPeerVerifyMode
(
mode
)
¶
mode
–
PeerVerifyMode
Sets the socket’s verify mode to
mode
. This mode decides whether
QSslSocket
should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.
默认模式为
AutoVerifyPeer
, which tells
QSslSocket
到使用
VerifyPeer
for clients and
QueryPeer
for servers.
Setting this mode after encryption has started has no effect on the current connection.
PySide2.QtNetwork.QSslSocket.
setPeerVerifyName
(
hostName
)
¶
hostName – unicode
Sets a different host name, given by
hostName
, for the certificate validation instead of the one used for the TCP connection.
PySide2.QtNetwork.QSslSocket.
setPrivateKey
(
key
)
¶
key
–
QSslKey
Sets the socket’s private
key
to
key
. The private key and the local
certificate
are used by clients and servers that must prove their identity to SSL peers.
Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.
PySide2.QtNetwork.QSslSocket.
setPrivateKey
(
fileName
[
,
algorithm=QSsl.Rsa
[
,
format=QSsl.Pem
[
,
passPhrase=QByteArray()
]
]
]
)
¶
fileName – unicode
algorithm
–
KeyAlgorithm
format
–
EncodingFormat
passPhrase
–
QByteArray
这是重载函数。
Reads the string in file
fileName
and decodes it using a specified
algorithm
and encoding
format
to construct an
SSL
key
. If the encoded key is encrypted,
passPhrase
is used to decrypt it.
The socket’s private key is set to the constructed key. The private key and the local
certificate
are used by clients and servers that must prove their identity to SSL peers.
Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.
PySide2.QtNetwork.QSslSocket.
setProtocol
(
protocol
)
¶
protocol
–
SslProtocol
Sets the socket’s SSL protocol to
protocol
. This will affect the next initiated handshake; calling this function on an already-encrypted socket will not affect the socket’s protocol.
另请参阅
PySide2.QtNetwork.QSslSocket.
setSslConfiguration
(
config
)
¶
config
–
QSslConfiguration
Sets the socket’s SSL configuration to be the contents of
configuration
. This function sets the local certificate, the ciphers, the private key and the CA certificates to those stored in
configuration
.
It is not possible to set the SSL-state related fields.
PySide2.QtNetwork.QSslSocket.
sslConfiguration
(
)
¶
Returns the socket’s SSL configuration state. The default SSL configuration of a socket is to use the default ciphers, default CA certificates, no local private key or certificate.
The SSL configuration also contains fields that can change with time without notice.
PySide2.QtNetwork.QSslSocket.
sslErrors
(
)
¶
注意
此函数被弃用。
使用
sslHandshakeErrors()
代替。
Returns a list of the last SSL errors that occurred. This is the same list as
QSslSocket
passes via the signal. If the connection has been encrypted with no errors, this function will return an empty list.
PySide2.QtNetwork.QSslSocket.
sslErrors
(
errors
)
¶
errors –
PySide2.QtNetwork.QSslSocket.
sslHandshakeErrors
(
)
¶
Returns a list of the last SSL errors that occurred. This is the same list as
QSslSocket
passes via the
sslErrors()
signal. If the connection has been encrypted with no errors, this function will return an empty list.
PySide2.QtNetwork.QSslSocket.
sslLibraryBuildVersionNumber
(
)
¶
long
Returns the version number of the SSL library in use at compile time. If no SSL support is available then this will return an undefined value.
PySide2.QtNetwork.QSslSocket.
sslLibraryBuildVersionString
(
)
¶
unicode
Returns the version string of the SSL library in use at compile time. If no SSL support is available then this will return an empty value.
PySide2.QtNetwork.QSslSocket.
sslLibraryVersionNumber
(
)
¶
long
Returns the version number of the SSL library in use. Note that this is the version of the library in use at run-time not compile time. If no SSL support is available then this will return an undefined value.
PySide2.QtNetwork.QSslSocket.
sslLibraryVersionString
(
)
¶
unicode
Returns the version string of the SSL library in use. Note that this is the version of the library in use at run-time not compile time. If no SSL support is available then this will return an empty value.
PySide2.QtNetwork.QSslSocket.
startClientEncryption
(
)
¶
Starts a delayed SSL handshake for a client connection. This function can be called when the socket is in the
ConnectedState
but still in the
UnencryptedMode
. If it is not yet connected, or if it is already encrypted, this function has no effect.
Clients that implement STARTTLS functionality often make use of delayed SSL handshakes. Most other clients can avoid calling this function directly by using
connectToHostEncrypted()
instead, which automatically performs the handshake.
PySide2.QtNetwork.QSslSocket.
startServerEncryption
(
)
¶
Starts a delayed SSL handshake for a server connection. This function can be called when the socket is in the
ConnectedState
but still in
UnencryptedMode
. If it is not connected or it is already encrypted, the function has no effect.
For server sockets, calling this function is the only way to initiate the SSL handshake. Most servers will call this function immediately upon receiving a connection, or as a result of having received a protocol-specific command to enter SSL mode (e.g, the server may respond to receiving the string “STARTTLS\r\n” by calling this function).
The most common way to implement an SSL server is to create a subclass of
QTcpServer
and reimplement
incomingConnection()
. The returned socket descriptor is then passed to
setSocketDescriptor()
.
PySide2.QtNetwork.QSslSocket.
supportedCiphers
(
)
¶
注意
此函数被弃用。
使用
supportedCiphers()
代替。
Returns the list of cryptographic ciphers supported by this system. This list is set by the system’s SSL libraries and may vary from system to system.
PySide2.QtNetwork.QSslSocket.
supportsSsl
(
)
¶
bool
返回
true
if this platform supports SSL; otherwise, returns false. If the platform doesn’t support SSL, the socket will fail in the connection phase.
PySide2.QtNetwork.QSslSocket.
systemCaCertificates
(
)
¶
注意
此函数被弃用。
Use QSslConfiguration::systemDefaultCaCertificates instead.
This function provides the CA certificate database provided by the operating system. The CA certificate database returned by this function is used to initialize the database returned by
defaultCaCertificates()
. You can replace that database with your own with
setDefaultCaCertificates()
.
注意
: On OS X, only certificates that are either trusted for all purposes or trusted for the purpose of SSL in the keychain will be returned.
PySide2.QtNetwork.QSslSocket.
waitForEncrypted
(
[
msecs=30000
]
)
¶
msecs
–
int
bool
等待直到套接字完成 SSL 握手且有发射
encrypted()
,或
msecs
毫秒,以先到的为准。若
encrypted()
has been emitted, this function returns true; otherwise (e.g., the socket is disconnected, or the SSL handshake fails), false is returned.
以下范例为加密套接字最多等待 1 秒:
socket.connectToHostEncrypted("imap", 993)
if socket.waitForEncrypted(1000):
print "Encrypted!"
若 msecs 为 -1,此函数不会超时。