classification
Title: imaplib should support SSL contexts
Type: enhancement Stage: committed/rejected
Components: Library (Lib) Versions: Python 3.3
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: giampaolo.rodola, janssen, jcea, pitrou, python-dev, sijinjoseph
Priority: normal Keywords: patch

Created on 2010-05-24 16:13 by pitrou, last changed 2011-05-06 16:52 by pitrou. This issue is now closed.

Files
File name Uploaded Description Edit
8808.patch sijinjoseph, 2011-04-27 20:47 Patch for issue 8808 review
8808.patch sijinjoseph, 2011-05-02 21:09 Updated patch for 8808 with fixes from previous review review
Messages (8)
msg106368 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-05-24 16:13
3.2 introduces SSL contexts, which allow bundling SSL configuration options, certificates and private keys into a single (potentially long-lived) structure.
http://docs.python.org/dev/py3k/library/ssl.html#ssl.SSLContext

The IMAP4_SSL constructor should allow passing an SSL context object instead of a key/cert pair.
msg134419 - (view) Author: Sijin Joseph (sijinjoseph) Date: 2011-04-25 21:46
Is anyone working on this?
msg134420 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-04-25 21:48
> Is anyone working on this?

I don't think so, you could try if you are interested.
msg134614 - (view) Author: Sijin Joseph (sijinjoseph) Date: 2011-04-27 20:47
I am attaching a patch for the default branch that adds a ssl_context parameter to IMAP4_SSL. Also added a couple of tests to test_imaplib to test the existing ctor with certfile and file and also the new one that accepts an SSLContext.

Currently if the ssl_context param is provided then the keyfile and certfile are ignored, I wasn't sure if the ssl_context should be loaded with the certfile if that is provided along with the ssl_context.

If this looks ok, I can add something similar for smtplib as well.
msg134944 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-05-01 23:20
Thanks for the patch. Comments:
- the keyfile / certfile pair and the context parameter should be mutually exclusive (see e.g. the POP3_SSL constructor in Lib/poplib.py)
- I don't think the remote test server used in test_imaplib supports client certificates, it probably just ignores them; that said, it's better than nothing
- you have a misindented line in test_logincapa
- since we're using a remote, third-party test server, it may be better not to do any spurious connects (in the current patch, a first connection is established in the setUp() and then ignored since another one is established in the test body)
- you need to update the documentation in Doc/library/imaplib.rst
msg135009 - (view) Author: Sijin Joseph (sijinjoseph) Date: 2011-05-02 21:09
Thanks Antoine. I've attached an updated patch. 

>> 
- the keyfile / certfile pair and the context parameter should be mutually exclusive (see e.g. the POP3_SSL constructor in Lib/poplib.py)
[Sijin] - Yes, Thanks, I don't know why I didn't check POP3 impl before.

- I don't think the remote test server used in test_imaplib supports client certificates, it probably just ignores them; that said, it's better than nothing
[Sijin] - Agreed, I don't think the server supports client certificates, but at least we are able to test that the connect still works. Maybe we should open a new task to have a remote server that supports client certificate connections? We could use that in test cases for other SSL related modules.

- you have a misindented line in test_logincapa
[Sijin] - Fixed.

- since we're using a remote, third-party test server, it may be better not to do any spurious connects (in the current patch, a first connection is established in the setUp() and then ignored since another one is established in the test body)
[Sijin] - Fixed.

- you need to update the documentation in Doc/library/imaplib.rst
[Sijin] - Done. Also added some corresponding info in the poplib and docs for poplib.
msg135322 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-06 16:49
New changeset aba7d1f2d2a9 by Antoine Pitrou in branch 'default':
Issue #8808: The IMAP4_SSL constructor now allows passing an SSLContext
http://hg.python.org/cpython/rev/aba7d1f2d2a9
msg135324 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-05-06 16:52
Thank you! I've tweaked the patch slightly (mostly cosmetics (*)) and committed it to 3.3. I've left out the poplib doc changes, they could be committed separately.

(*) 80-line character limit, calling logout() on the test server
History
Date User Action Args
2011-05-06 16:52:17pitrousetstatus: open -> closed
resolution: fixed
messages: + msg135324

stage: patch review -> committed/rejected
2011-05-06 16:49:58python-devsetnosy: + python-dev
messages: + msg135322
2011-05-02 21:09:01sijinjosephsetfiles: + 8808.patch

messages: + msg135009
2011-05-01 23:20:55pitrousetmessages: + msg134944
stage: needs patch -> patch review
2011-04-27 20:47:48sijinjosephsetfiles: + 8808.patch
keywords: + patch
messages: + msg134614
2011-04-25 21:48:42pitrousetmessages: + msg134420
2011-04-25 21:46:18sijinjosephsetnosy: + sijinjoseph
messages: + msg134419
2011-04-25 01:06:58jceasetnosy: + jcea
2011-01-07 18:14:26pitrousetstage: needs patch
versions: + Python 3.3, - Python 3.2
2010-11-01 17:32:53pitroulinkissue10274 dependencies
2010-05-24 18:16:50giampaolo.rodolasetnosy: + janssen
2010-05-24 16:14:26pitrousetnosy: + giampaolo.rodola
2010-05-24 16:13:55pitroucreate