5.5.20.2. ServerCertificateVerifier methods

Method __init__(self, trust_level, intermediate_revocation_check_type, leaf_revocation_check_type, trusted_certs_directory, verify_depth, verify_ca_directory, verify_crl_directory, check_subject)

This constructor defines a ServerCertificateVerifier with the specified parameters.

Arguments of __init__
check_subject (boolean)
Default: TRUE
If the check_subject parameter is TRUE, the Subject of the server-side certificate is compared with application-layer information (for example, it checks whether the Subject matches the hostname in the URL). For details, see Section 3.2.5, Certificate verification options.

intermediate_revocation_check_type (enum)
Default: TLS_INTERMEDIATE_REVOCATION_SOFT_FAIL
Specify how intermediate certificates revocation status check should work.

leaf_revocation_check_type (enum)
Default: TLS_LEAF_REVOCATION_SOFT_FAIL
Specify how leaf certificate revocation status check should work.

trust_level (enum)
Default: TLS_TRUST_LEVEL_FULL
Specify which certificate should be accepted as trusted.

trusted_certs_directory (string)
Default: ""
A directory where trusted IP address - certificate assignments are stored. When a peer from a specific IP address shows the certificate stored in this directory, it is accepted regardless of its expiration or issuer CA. Each file in the directory should contain a certificate in PEM format. The filename must bethe IP address.

verify_ca_directory (string)
Default: ""
Directory where the trusted CA certificates are stored. CA certificates are loaded on-demand from this directory when the certificate of the peer is verified.

verify_crl_directory (string)
Default: ""
Directory where the CRLs (Certificate Revocation Lists) associated with trusted CAs are stored. CRLs are loaded on-demand from this directory when the certificate of the peer is verified.

verify_depth (integer)
Default: 4
The length of the longest accepted CA verification chain. Longer CA chains are automatically rejected.