5.6.2.2. X509KeyBridge methods

MethodDescription
_old_init(self, key_file, cache_directory, trusted_ca_files, untrusted_ca_files, key_passphrase, extension_whitelist)None

Table 5.65. Method summary

Method _old_init(self, key_file, cache_directory, trusted_ca_files, untrusted_ca_files, key_passphrase, extension_whitelist)

n/a

Arguments of _old_init
cache_directory (string)
Default: "/var/lib/zorp/keybridge-cache"
The directory where all automatically generated certificates are cached.

extension_whitelist (complex)
Default: None

The following certificate extensions are transfered to the client side: Key Usage, Subject Alternative Name, Extended Key Usage. Other extensions will be automatically deleted during keybridging. This is needed because some certificate extensions contain references to the Issuer CA, which references become invalid for keybridged certificates. To transfer other extensions, list them in the extension_whitelist parameter. Note that modifying this parameter replaces the default values, so to extend the list of transferred extensions, include the 'keyUsage', 'subjectAltName', 'extendedKeyUsage' list as well. For example:

self.extension_whitelist = ('keyUsage', 'subjectAltName', 'extendedKeyUsage', 'customExtension')

key_file (certificate)
Default: n/a
Name of the private key to be used for the newly generated certificates.

key_passphrase (string)
Default: ""
Passphrase required to access the private key stored in key_file.

trusted_ca_files (certificate)
Default: n/a
A tuple of cert_file, key_file, passphrase) for the CA used for keybridging trusted certificates.

untrusted_ca_files (certificate)
Default: None
A tuple of cert_file, key_file, passphrase) for the CA used for keybridging untrusted certificates.

Previous Up Next
 Home