QSslSocket

Synopsis

Functions

Signals

Static functions

Detailed Description

The PySide.QtNetwork.QSslSocket class provides an SSL encrypted socket for both clients and servers.

PySide.QtNetwork.QSslSocket establishes a secure, encrypted TCP connection you can use for transmitting encrypted data. It can operate in both client and server mode, and it supports modern SSL protocols, including SSLv3 and TLSv1. By default, PySide.QtNetwork.QSslSocket uses TLSv1, but you can change the SSL protocol by calling PySide.QtNetwork.QSslSocket.setProtocol() as long as you do it before the handshake has started.

SSL encryption operates on top of the existing TCP stream after the socket enters the ConnectedState . There are two simple ways to establish a secure connection using PySide.QtNetwork.QSslSocket : With an immediate SSL handshake, or with a delayed SSL handshake occurring after the connection has been established in unencrypted mode.

The most common way to use PySide.QtNetwork.QSslSocket is to construct an object and start a secure connection by calling PySide.QtNetwork.QSslSocket.connectToHostEncrypted() . This method starts an immediate SSL handshake once the connection has been established.

socket = QSslSocket(self)
QObject.connect(socket, SIGNAL("encrypted()"), self, SLOT("ready()"))

socket.connectToHostEncrypted("imap.example.com", 993)

As with a plain PySide.QtNetwork.QTcpSocket , PySide.QtNetwork.QSslSocket enters the HostLookupState , ConnectingState , and finally the ConnectedState , if the connection is successful. The handshake then starts automatically, and if it succeeds, the PySide.QtNetwork.QSslSocket.encrypted() signal is emitted to indicate the socket has entered the encrypted state and is ready for use.

Note that data can be written to the socket immediately after the return from PySide.QtNetwork.QSslSocket.connectToHostEncrypted() (i.e., before the PySide.QtNetwork.QSslSocket.encrypted() signal is emitted). The data is queued in PySide.QtNetwork.QSslSocket until after the PySide.QtNetwork.QSslSocket.encrypted() signal is emitted.

An example of using the delayed SSL handshake to secure an existing connection is the case where an SSL server secures an incoming connection. Suppose you create an SSL server class as a subclass of PySide.QtNetwork.QTcpServer . You would override QTcpServer.incomingConnection() with something like the example below, which first constructs an instance of PySide.QtNetwork.QSslSocket and then calls PySide.QtNetwork.QSslSocket.setSocketDescriptor() to set the new socket’s descriptor to the existing one passed in. It then initiates the SSL handshake by calling PySide.QtNetwork.QSslSocket.startServerEncryption() .

def incomingConnection(socketDescriptor):
    serverSocket = QSslSocket()
    if serverSocket.setSocketDescriptor(socketDescriptor):
        QObject.connect(serverSocket, SIGNAL("encrypted()"), self, SLOT("ready()"))
        serverSocket.startServerEncryption()

If an error occurs, PySide.QtNetwork.QSslSocket emits the PySide.QtNetwork.QSslSocket.sslErrors() signal. In this case, if no action is taken to ignore the error(s), the connection is dropped. To continue, despite the occurrence of an error, you can call PySide.QtNetwork.QSslSocket.ignoreSslErrors() , either from within this slot after the error occurs, or any time after construction of the PySide.QtNetwork.QSslSocket and before the connection is attempted. This will allow PySide.QtNetwork.QSslSocket to ignore the errors it encounters when establishing the identity of the peer. Ignoring errors during an SSL handshake should be used with caution, since a fundamental characteristic of secure connections is that they should be established with a successful handshake.

Once encrypted, you use PySide.QtNetwork.QSslSocket as a regular PySide.QtNetwork.QTcpSocket . When PySide.QtCore.QIODevice.readyRead() is emitted, you can call PySide.QtCore.QIODevice.read() , PySide.QtNetwork.QSslSocket.canReadLine() and PySide.QtCore.QIODevice.readLine() , or PySide.QtCore.QIODevice.getChar() to read decrypted data from PySide.QtNetwork.QSslSocket ‘s internal buffer, and you can call PySide.QtCore.QIODevice.write() or PySide.QtCore.QIODevice.putChar() to write data back to the peer. PySide.QtNetwork.QSslSocket will automatically encrypt the written data for you, and emit PySide.QtNetwork.QSslSocket.encryptedBytesWritten() once the data has been written to the peer.

As a convenience, PySide.QtNetwork.QSslSocket supports PySide.QtNetwork.QTcpSocket ‘s blocking functions PySide.QtNetwork.QSslSocket.waitForConnected() , PySide.QtNetwork.QSslSocket.waitForReadyRead() , PySide.QtNetwork.QSslSocket.waitForBytesWritten() , and PySide.QtNetwork.QSslSocket.waitForDisconnected() . It also provides PySide.QtNetwork.QSslSocket.waitForEncrypted() , which will block the calling thread until an encrypted connection has been established.

socket = QSslSocket()
socket.connectToHostEncrypted("http.example.com", 443)
if not socket.waitForEncrypted():
    print socket.errorString()
    return false

socket.write("GET / HTTP/1.0\r\n\r\n")
while socket.waitForReadyRead():
    print socket.readAll().data()

PySide.QtNetwork.QSslSocket provides an extensive, easy-to-use API for handling cryptographic ciphers, private keys, and local, peer, and Certification Authority (CA) certificates. It also provides an API for handling errors that occur during the handshake phase.

The following features can also be customized:

Note

If available, root certificates on Unix (excluding Mac OS X) will be loaded on demand from the standard certificate directories. If you do not want to load root certificates on demand, you need to call either the static function PySide.QtNetwork.QSslSocket.setDefaultCaCertificates() before the first SSL handshake is made in your application, (e.g. via “QSslSocket::setDefaultCaCertificates( QSslSocket.systemCaCertificates() );”), or call PySide.QtNetwork.QSslSocket.setCaCertificates() on your PySide.QtNetwork.QSslSocket instance prior to the SSL handshake.

For more information about ciphers and certificates, refer to PySide.QtNetwork.QSslCipher and PySide.QtNetwork.QSslCertificate .

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

Note

Be aware of the difference between the PySide.QtCore.QIODevice.bytesWritten() signal and the PySide.QtNetwork.QSslSocket.encryptedBytesWritten() signal. For a PySide.QtNetwork.QTcpSocket , PySide.QtCore.QIODevice.bytesWritten() will get emitted as soon as data has been written to the TCP socket. For a PySide.QtNetwork.QSslSocket , PySide.QtCore.QIODevice.bytesWritten() will get emitted when the data is being encrypted and PySide.QtNetwork.QSslSocket.encryptedBytesWritten() will get emitted as soon as data has been written to the TCP socket.

Symbian Platform Security Requirements

On Symbian, processes which use this class must have the NetworkServices platform security capability. If the client process lacks this capability, operations will fail.

Platform security capabilities are added via the TARGET.CAPABILITY qmake variable.

class PySide.QtNetwork.QSslSocket([parent=None])
Parameters:parentPySide.QtCore.QObject

Constructs a PySide.QtNetwork.QSslSocket object. parent is passed to PySide.QtCore.QObject ‘s constructor. The new socket’s cipher suite is set to the one returned by the static method PySide.QtNetwork.QSslSocket.defaultCiphers() .

PySide.QtNetwork.QSslSocket.SslMode

Describes the connection modes available for PySide.QtNetwork.QSslSocket .

Constant Description
QSslSocket.UnencryptedMode The socket is unencrypted. Its behavior is identical to PySide.QtNetwork.QTcpSocket .
QSslSocket.SslClientMode The socket is a client-side SSL socket. It is either alreayd encrypted, or it is in the SSL handshake phase (see QSslSocket.isEncrypted() ).
QSslSocket.SslServerMode The socket is a server-side SSL socket. It is either already encrypted, or it is in the SSL handshake phase (see QSslSocket.isEncrypted() ).
PySide.QtNetwork.QSslSocket.PeerVerifyMode

Describes the peer verification modes for PySide.QtNetwork.QSslSocket . The default mode is AutoVerifyPeer , which selects an appropriate mode depending on the socket’s QSocket::SslMode.

Constant Description
QSslSocket.VerifyNone PySide.QtNetwork.QSslSocket will not request a certificate from the peer. You can set this mode if you are not interested in the identity of the other side of the connection. The connection will still be encrypted, and your socket will still send its local certificate to the peer if it’s requested.
QSslSocket.QueryPeer PySide.QtNetwork.QSslSocket will request a certificate from the peer, but does not require this certificate to be valid. This is useful when you want to display peer certificate details to the user without affecting the actual SSL handshake. This mode is the default for servers.
QSslSocket.VerifyPeer PySide.QtNetwork.QSslSocket will request a certificate from the peer during the SSL handshake phase, and requires that this certificate is valid. On failure, PySide.QtNetwork.QSslSocket will emit the QSslSocket.sslErrors() signal. This mode is the default for clients.
QSslSocket.AutoVerifyPeer PySide.QtNetwork.QSslSocket will automatically use QueryPeer for server sockets and VerifyPeer for client sockets.
PySide.QtNetwork.QSslSocket.addCaCertificate(certificate)
Parameters:certificatePySide.QtNetwork.QSslCertificate

Adds the certificate to this socket’s CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer’s certificate.

To add multiple certificates, use PySide.QtNetwork.QSslSocket.addCaCertificates() .

PySide.QtNetwork.QSslSocket.addCaCertificates(path[, format=QSsl.Pem[, syntax=QRegExp.FixedString]])
Parameters:
Return type:

PySide.QtCore.bool

PySide.QtNetwork.QSslSocket.addCaCertificates(certificates)
Parameters:certificates
static PySide.QtNetwork.QSslSocket.addDefaultCaCertificate(certificate)
Parameters:certificatePySide.QtNetwork.QSslCertificate

Adds certificate to the default CA certificate database. Each SSL socket’s CA certificate database is initialized to the default CA certificate database.

static PySide.QtNetwork.QSslSocket.addDefaultCaCertificates(path[, format=QSsl.Pem[, syntax=QRegExp.FixedString]])
Parameters:
Return type:

PySide.QtCore.bool

static PySide.QtNetwork.QSslSocket.addDefaultCaCertificates(certificates)
Parameters:certificates
PySide.QtNetwork.QSslSocket.caCertificates()
Return type:

Returns this socket’s CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer’s certificate. It can be moodified prior to the handshake with PySide.QtNetwork.QSslSocket.addCaCertificate() , PySide.QtNetwork.QSslSocket.addCaCertificates() , and PySide.QtNetwork.QSslSocket.setCaCertificates() .

Note

On Unix, this method may return an empty list if the root certificates are loaded on demand.

PySide.QtNetwork.QSslSocket.ciphers()
Return type:

Returns this socket’s current cryptographic cipher suite. This list is used during the socket’s handshake phase for choosing a session cipher. The returned list of ciphers is ordered by descending preference. (i.e., the first cipher in the list is the most preferred cipher). The session cipher will be the first one in the list that is also supported by the peer.

By default, the handshake phase can choose any of the ciphers supported by this system’s SSL libraries, which may vary from system to system. The list of ciphers supported by this system’s SSL libraries is returned by PySide.QtNetwork.QSslSocket.supportedCiphers() . You can restrict the list of ciphers used for choosing the session cipher for this socket by calling PySide.QtNetwork.QSslSocket.setCiphers() with a subset of the supported ciphers. You can revert to using the entire set by calling PySide.QtNetwork.QSslSocket.setCiphers() with the list returned by PySide.QtNetwork.QSslSocket.supportedCiphers() .

You can restrict the list of ciphers used for choosing the session cipher for all sockets by calling PySide.QtNetwork.QSslSocket.setDefaultCiphers() with a subset of the supported ciphers. You can revert to using the entire set by calling PySide.QtNetwork.QSslSocket.setCiphers() with the list returned by PySide.QtNetwork.QSslSocket.supportedCiphers() .

PySide.QtNetwork.QSslSocket.connectToHostEncrypted(hostName, port, sslPeerName[, mode=QIODevice.ReadWrite])
Parameters:
  • hostName – unicode
  • portPySide.QtCore.quint16
  • sslPeerName – unicode
  • modePySide.QtCore.QIODevice.OpenMode
PySide.QtNetwork.QSslSocket.connectToHostEncrypted(hostName, port[, mode=QIODevice.ReadWrite])
Parameters:
  • hostName – unicode
  • portPySide.QtCore.quint16
  • modePySide.QtCore.QIODevice.OpenMode
static PySide.QtNetwork.QSslSocket.defaultCaCertificates()
Return type:

Returns the current default CA certificate database. This database is originally set to your system’s default CA certificate database. If no system default database is found, an empty database will be returned. You can override the default CA certificate database with your own CA certificate database using PySide.QtNetwork.QSslSocket.setDefaultCaCertificates() .

Each SSL socket’s CA certificate database is initialized to the default CA certificate database.

Note

On Unix, this method may return an empty list if the root certificates are loaded on demand.

static PySide.QtNetwork.QSslSocket.defaultCiphers()
Return type:

Returns the default cryptographic cipher suite for all sockets in this application. This list is used during the socket’s handshake phase when negotiating with the peer to choose a session cipher. The list is ordered by preference (i.e., the first cipher in the list is the most preferred cipher).

By default, the handshake phase can choose any of the ciphers supported by this system’s SSL libraries, which may vary from system to system. The list of ciphers supported by this system’s SSL libraries is returned by PySide.QtNetwork.QSslSocket.supportedCiphers() .

PySide.QtNetwork.QSslSocket.encrypted()
PySide.QtNetwork.QSslSocket.encryptedBytesAvailable()
Return type:PySide.QtCore.qint64

Returns the number of encrypted bytes that are awaiting decryption. Normally, this function will return 0 because PySide.QtNetwork.QSslSocket decrypts its incoming data as soon as it can.

PySide.QtNetwork.QSslSocket.encryptedBytesToWrite()
Return type:PySide.QtCore.qint64

Returns the number of encrypted bytes that are waiting to be written to the network.

PySide.QtNetwork.QSslSocket.encryptedBytesWritten(totalBytes)
Parameters:totalBytesPySide.QtCore.qint64
PySide.QtNetwork.QSslSocket.ignoreSslErrors(errors)
Parameters:errors
PySide.QtNetwork.QSslSocket.ignoreSslErrors()

This slot tells PySide.QtNetwork.QSslSocket to ignore errors during PySide.QtNetwork.QSslSocket ‘s handshake phase and continue connecting. If you want to continue with the connection even if errors occur during the handshake phase, then you must call this slot, either from a slot connected to PySide.QtNetwork.QSslSocket.sslErrors() , or before the handshake phase. If you don’t call this slot, either in response to errors or before the handshake, the connection will be dropped after the PySide.QtNetwork.QSslSocket.sslErrors() signal has been emitted.

If there are no errors during the SSL handshake phase (i.e., the identity of the peer is established with no problems), PySide.QtNetwork.QSslSocket will not emit the PySide.QtNetwork.QSslSocket.sslErrors() signal, and it is unnecessary to call this function.

Warning

Be sure to always let the user inspect the errors reported by the PySide.QtNetwork.QSslSocket.sslErrors() signal, and only call this method upon confirmation from the user that proceeding is ok. If there are unexpected errors, the connection should be aborted. Calling this method without inspecting the actual errors will most likely pose a security risk for your application. Use it with great care!

PySide.QtNetwork.QSslSocket.isEncrypted()
Return type:PySide.QtCore.bool

Returns true if the socket is encrypted; otherwise, false is returned.

An encrypted socket encrypts all data that is written by calling PySide.QtCore.QIODevice.write() or PySide.QtCore.QIODevice.putChar() before the data is written to the network, and decrypts all incoming data as the data is received from the network, before you call PySide.QtCore.QIODevice.read() , PySide.QtCore.QIODevice.readLine() or PySide.QtCore.QIODevice.getChar() .

PySide.QtNetwork.QSslSocket emits PySide.QtNetwork.QSslSocket.encrypted() when it enters encrypted mode.

You can call PySide.QtNetwork.QSslSocket.sessionCipher() to find which cryptographic cipher is used to encrypt and decrypt your data.

PySide.QtNetwork.QSslSocket.localCertificate()
Return type:PySide.QtNetwork.QSslCertificate

Returns the socket’s local certificate , or an empty certificate if no local certificate has been assigned.

PySide.QtNetwork.QSslSocket.mode()
Return type:PySide.QtNetwork.QSslSocket.SslMode

Returns the current mode for the socket; either UnencryptedMode , where PySide.QtNetwork.QSslSocket behaves identially to PySide.QtNetwork.QTcpSocket , or one of SslClientMode or SslServerMode , where the client is either negotiating or in encrypted mode.

When the mode changes, PySide.QtNetwork.QSslSocket emits PySide.QtNetwork.QSslSocket.modeChanged()

See also

QSslSocket.SslMode

PySide.QtNetwork.QSslSocket.modeChanged(newMode)
Parameters:newModePySide.QtNetwork.QSslSocket.SslMode
PySide.QtNetwork.QSslSocket.peerCertificate()
Return type:PySide.QtNetwork.QSslCertificate

Returns the peer’s digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.

The peer certificate is checked automatically during the handshake phase, so this function is normally used to fetch the certificate for display or for connection diagnostic purposes. It contains information about the peer, including its host name, the certificate issuer, and the peer’s public key.

Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the PySide.QtNetwork.QSslSocket.sslErrors() signal or the PySide.QtNetwork.QSslSocket.encrypted() signal.

If a null certificate is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn’t have a certificate, or it can mean there is no connection.

If you want to check the peer’s complete chain of certificates, use PySide.QtNetwork.QSslSocket.peerCertificateChain() to get them all at once.

PySide.QtNetwork.QSslSocket.peerCertificateChain()
Return type:

Returns the peer’s chain of digital certificates, or an empty list of certificates.

Peer certificates are checked automatically during the handshake phase. This function is normally used to fetch certificates for display, or for performing connection diagnostics. Certificates contain information about the peer and the certificate issuers, including host name, issuer names, and issuer public keys.

The peer certificates are set in PySide.QtNetwork.QSslSocket during the handshake phase, so it is safe to call this function from a slot connected to the PySide.QtNetwork.QSslSocket.sslErrors() signal or the PySide.QtNetwork.QSslSocket.encrypted() signal.

If an empty list is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn’t have a certificate, or it can mean there is no connection.

If you want to get only the peer’s immediate certificate, use PySide.QtNetwork.QSslSocket.peerCertificate() .

PySide.QtNetwork.QSslSocket.peerVerifyDepth()
Return type:PySide.QtCore.int

Returns the maximum number of certificates in the peer’s certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer’s own certificate, then its issuer’s certificate, and so on.

PySide.QtNetwork.QSslSocket.peerVerifyError(error)
Parameters:errorPySide.QtNetwork.QSslError
PySide.QtNetwork.QSslSocket.peerVerifyMode()
Return type:PySide.QtNetwork.QSslSocket.PeerVerifyMode

Returns the socket’s verify mode. This mode mode decides whether PySide.QtNetwork.QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer , which tells PySide.QtNetwork.QSslSocket to use VerifyPeer for clients and QueryPeer for servers.

PySide.QtNetwork.QSslSocket.peerVerifyName()
Return type:unicode

Returns the different hostname for the certificate validation, as set by setPeerVerifyName or by connectToHostEncrypted.

PySide.QtNetwork.QSslSocket.privateKey()
Return type:PySide.QtNetwork.QSslKey

Returns this socket’s private key.

PySide.QtNetwork.QSslSocket.protocol()
Return type:PySide.QtNetwork.QSsl.SslProtocol

Returns the socket’s SSL protocol. By default, QSsl.SecureProtocols is used.

PySide.QtNetwork.QSslSocket.sessionCipher()
Return type:PySide.QtNetwork.QSslCipher

Returns the socket’s cryptographic cipher , or a null cipher if the connection isn’t encrypted. The socket’s cipher for the session is set during the handshake phase. The cipher is used to encrypt and decrypt data transmitted through the socket.

PySide.QtNetwork.QSslSocket also provides functions for setting the ordered list of ciphers from which the handshake phase will eventually select the session cipher. This ordered list must be in place before the handshake phase begins.

PySide.QtNetwork.QSslSocket.setCaCertificates(certificates)
Parameters:certificates
PySide.QtNetwork.QSslSocket.setCiphers(ciphers)
Parameters:ciphers
PySide.QtNetwork.QSslSocket.setCiphers(ciphers)
Parameters:ciphers – unicode

Sets the cryptographic cipher suite for this socket to ciphers , which is a colon-separated list of cipher suite names. The ciphers are listed in order of preference, starting with the most preferred cipher. For example:

socket = QSslSocket()
socket.setCiphers("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA")

Each cipher name in ciphers must be the name of a cipher in the list returned by PySide.QtNetwork.QSslSocket.supportedCiphers() . Restricting the cipher suite must be done before the handshake phase, where the session cipher is chosen.

static PySide.QtNetwork.QSslSocket.setDefaultCaCertificates(certificates)
Parameters:certificates
static PySide.QtNetwork.QSslSocket.setDefaultCiphers(ciphers)
Parameters:ciphers
PySide.QtNetwork.QSslSocket.setLocalCertificate(certificate)
Parameters:certificatePySide.QtNetwork.QSslCertificate

Sets the socket’s local certificate to certificate . The local certificate is necessary if you need to confirm your identity to the peer. It is used together with the private key; if you set the local certificate, you must also set the private key.

The local certificate and private key are always necessary for server sockets, but are also rarely used by client sockets if the server requires the client to authenticate.

PySide.QtNetwork.QSslSocket.setLocalCertificate(fileName[, format=QSsl.Pem])
Parameters:
PySide.QtNetwork.QSslSocket.setPeerVerifyDepth(depth)
Parameters:depthPySide.QtCore.int

Sets the maximum number of certificates in the peer’s certificate chain to be checked during the SSL handshake phase, to depth . Setting a depth of 0 means that no maximum depth is set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer’s own certificate, then its issuer’s certificate, and so on.

PySide.QtNetwork.QSslSocket.setPeerVerifyMode(mode)
Parameters:modePySide.QtNetwork.QSslSocket.PeerVerifyMode
PySide.QtNetwork.QSslSocket.setPeerVerifyName(hostName)
Parameters:hostName – unicode

Sets a different host name, given by hostName , for the certificate validation instead of the one used for the TCP connection.

PySide.QtNetwork.QSslSocket.setPrivateKey(fileName[, algorithm=QSsl.Rsa[, format=QSsl.Pem[, passPhrase=QByteArray()]]])
Parameters:
PySide.QtNetwork.QSslSocket.setPrivateKey(key)
Parameters:keyPySide.QtNetwork.QSslKey

Sets the socket’s private key to key . The private key and the local certificate are used by clients and servers that must prove their identity to SSL peers.

Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.

PySide.QtNetwork.QSslSocket.setProtocol(protocol)
Parameters:protocolPySide.QtNetwork.QSsl.SslProtocol
PySide.QtNetwork.QSslSocket.setSslConfiguration(config)
Parameters:configPySide.QtNetwork.QSslConfiguration

Sets the socket’s SSL configuration to be the contents of configuration . This function sets the local certificate, the ciphers, the private key and the CA certificates to those stored in configuration .

It is not possible to set the SSL-state related fields.

PySide.QtNetwork.QSslSocket.sslConfiguration()
Return type:PySide.QtNetwork.QSslConfiguration

Returns the socket’s SSL configuration state. The default SSL configuration of a socket is to use the default ciphers, default CA certificates, no local private key or certificate.

The SSL configuration also contains fields that can change with time without notice.

PySide.QtNetwork.QSslSocket.sslErrors()
Return type:

Returns a list of the last SSL errors that occurred. This is the same list as PySide.QtNetwork.QSslSocket passes via the PySide.QtNetwork.QSslSocket.sslErrors() signal. If the connection has been encrypted with no errors, this function will return an empty list.

PySide.QtNetwork.QSslSocket.sslErrors(errors)
Parameters:errors
PySide.QtNetwork.QSslSocket.startClientEncryption()

Starts a delayed SSL handshake for a client connection. This function can be called when the socket is in the ConnectedState but still in the UnencryptedMode . If it is not yet connected, or if it is already encrypted, this function has no effect.

Clients that implement STARTTLS functionality often make use of delayed SSL handshakes. Most other clients can avoid calling this function directly by using PySide.QtNetwork.QSslSocket.connectToHostEncrypted() instead, which automatically performs the handshake.

PySide.QtNetwork.QSslSocket.startServerEncryption()

Starts a delayed SSL handshake for a server connection. This function can be called when the socket is in the ConnectedState but still in UnencryptedMode . If it is not connected or it is already encrypted, the function has no effect.

For server sockets, calling this function is the only way to initiate the SSL handshake. Most servers will call this function immediately upon receiving a connection, or as a result of having received a protocol-specific command to enter SSL mode (e.g, the server may respond to receiving the string “STARTTLSrn” by calling this function).

The most common way to implement an SSL server is to create a subclass of PySide.QtNetwork.QTcpServer and reimplement QTcpServer.incomingConnection() . The returned socket descriptor is then passed to QSslSocket.setSocketDescriptor() .

static PySide.QtNetwork.QSslSocket.supportedCiphers()
Return type:

Returns the list of cryptographic ciphers supported by this system. This list is set by the system’s SSL libraries and may vary from system to system.

static PySide.QtNetwork.QSslSocket.supportsSsl()
Return type:PySide.QtCore.bool

Returns true if this platform supports SSL; otherwise, returns false. If the platform doesn’t support SSL, the socket will fail in the connection phase.

static PySide.QtNetwork.QSslSocket.systemCaCertificates()
Return type:

This function provides the CA certificate database provided by the operating system. The CA certificate database returned by this function is used to initialize the database returned by PySide.QtNetwork.QSslSocket.defaultCaCertificates() . You can replace that database with your own with PySide.QtNetwork.QSslSocket.setDefaultCaCertificates() .

PySide.QtNetwork.QSslSocket.waitForEncrypted([msecs=30000])
Parameters:msecsPySide.QtCore.int
Return type:PySide.QtCore.bool

Waits until the socket has completed the SSL handshake and has emitted PySide.QtNetwork.QSslSocket.encrypted() , or msecs milliseconds, whichever comes first. If PySide.QtNetwork.QSslSocket.encrypted() has been emitted, this function returns true; otherwise (e.g., the socket is disconnected, or the SSL handshake fails), false is returned.

The following example waits up to one second for the socket to be encrypted:

socket.connectToHostEncrypted("imap", 993)
if socket.waitForEncrypted(1000):
    print "Encrypted!"

If msecs is -1, this function will not time out.