classification
Title: ftplib should support SSL contexts
Type: enhancement Stage:
Components: Library (Lib) Versions: Python 3.2
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: giampaolo.rodola Nosy List: giampaolo.rodola, janssen, pitrou
Priority: normal Keywords: patch

Created on 2010-05-24 16:07 by pitrou, last changed 2010-05-26 18:07 by giampaolo.rodola. This issue is now closed.

Files
File name Uploaded Description Edit
ftplib.patch giampaolo.rodola, 2010-05-24 20:23
Messages (8)
msg106366 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-05-24 16:07
3.2 introduces SSL contexts, which allow bundling SSL configuration options, certificates and private keys into a single (potentially long-lived) structure.
http://docs.python.org/dev/py3k/library/ssl.html#ssl.SSLContext

The FTP_TLS constructor should allow passing an SSL context object instead of a key/cert pair.
msg106379 - (view) Author: Giampaolo Rodola' (giampaolo.rodola) * (Python committer) Date: 2010-05-24 18:48
I'm assigning this one to me.
Btw, before writing anything I think it would be better to decide what to do first, possibly by adopting the same approach everywhere (smtplib, imaplib, poplib, urllib and http.client).

My proposal: 

- the user should still be able to use keyfile and certfile if desired, they're quicker to use and backward compatibility must be maintained.

- SSL context can be provided by passing a new "context" argument to the constructor.

- if context arg is passed FTP_TLS.ssl_version should be ignored and SSLContext.protocol used instead

- keyfile/certfile and context arguments should be mutually exclusive (ValueError)


Makes sense?
msg106380 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-05-24 18:56
> My proposal: 
> 
> - the user should still be able to use keyfile and certfile if desired, they're quicker to use and backward compatibility must be maintained.
> 
> - SSL context can be provided by passing a new "context" argument to the constructor.
> 
> - if context arg is passed FTP_TLS.ssl_version should be ignored and SSLContext.protocol used instead
> 
> - keyfile/certfile and context arguments should be mutually exclusive (ValueError)
> 
> 
> Makes sense?

Entirely sense to me :)
msg106384 - (view) Author: Giampaolo Rodola' (giampaolo.rodola) * (Python committer) Date: 2010-05-24 20:23
Patch in attachment.
msg106390 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-05-24 21:00
> Patch in attachment.

You could add checks for:

    self.assertIs(self.client.sock.context, ctx)
[...]
    self.assertIs(sock.context, ctx)

(I know, the "context" attribute isn't documented, I'm going to fix
this)
msg106541 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-05-26 16:44
> (I know, the "context" attribute isn't documented, I'm going to fix
> this)

Now documented at:
http://docs.python.org/dev/py3k/library/ssl.html#ssl.SSLSocket.context
msg106542 - (view) Author: Giampaolo Rodola' (giampaolo.rodola) * (Python committer) Date: 2010-05-26 16:50
If you're fine with the current patch I can go on and commit it (including the context attribute test).
msg106562 - (view) Author: Giampaolo Rodola' (giampaolo.rodola) * (Python committer) Date: 2010-05-26 18:07
Committed in r81548.
History
Date User Action Args
2010-05-26 18:07:22giampaolo.rodolasetstatus: open -> closed

messages: + msg106562
resolution: fixed
components: + Library (Lib)
2010-05-26 16:50:42giampaolo.rodolasetmessages: + msg106542
2010-05-26 16:44:18pitrousetmessages: + msg106541
2010-05-24 21:00:03pitrousetmessages: + msg106390
2010-05-24 20:23:03giampaolo.rodolasetfiles: + ftplib.patch
keywords: + patch
messages: + msg106384
2010-05-24 18:56:23pitrousetmessages: + msg106380
2010-05-24 18:48:24giampaolo.rodolasetassignee: giampaolo.rodola
messages: + msg106379
2010-05-24 18:17:14giampaolo.rodolasetnosy: + janssen
2010-05-24 16:07:41pitroucreate