Overview:
- The artifacts and policies required for successfully establishing a TLS (also still called as SSL) connection with a peer can be all put together in one place, generally as an object of the class SSLContext.
- For example, a client using TLS to connect to a server can assign the value ssl.CERT_REQUIRED to the verify_mode attribute of an SSLContext object. This mandates the certificate of the server to be sent to the client and be validated.
- In the similar way, SSLContext.check_hostname mandates the hostname mentioned in the certificate of the peer matches its hostname.
- In addition to the security policies of a TLS client or a TLS server program the artifacts required to enforce such policies like the CA certificates, certificates of the hosts and private keys can also be stored in an SSLContext object.
- An SSLContext aids in another important task – in creating an SSLSocket using a socket object.