Title: making the version of SSL configurable when creating sockets
Type: Stage:
Components: Extension Modules Versions: Python 2.4
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: adamg-work, facundobatista, janssen, loewis
Priority: normal Keywords: patch

Created on 2004-02-03 16:28 by adamg-work, last changed 2007-08-29 23:00 by janssen. This issue is now closed.

File name Uploaded Description Edit
889813.diff adamg-work, 2004-03-09 18:55 diff against 2.4 snapshot of 20040308
Messages (11)
msg45339 - (view) Author: adam goucher (adamg-work) Date: 2004-02-03 16:28
Currently, socket.ssl uses the SSLv23 method of 
negotiating an ssl socket. This method connects with 
SSLv2 HELO packets and will negotiate up to a higher 
level if possible. However, if SSLv2 is turned off 
completly at the other side of the socket, this 
negotiation will fail.

I have extended socket.ssl() to include another 
optional parameter -- the SSLmethod which can be any 
of the openssl methods (SSLv2, SSLv23, SSLv3, TLSv1). 
Existing functionality is maintained by providing 
SSLv23 as the default.

Affected files:
Lib/ - extension of the function
Modules/_ssl.c - guts of the changes
        socketmodule.h - theres a reference on how to 
make ssl sockets, so I added the change there

Has been tested on solaris my making an ssl 
connection to a server, as well has 
msg45340 - (view) Author: adam goucher (adamg-work) Date: 2004-02-03 16:29
Logged In: YES 

There's no uploaded file!  You have to check the
checkbox labeled "Check to Upload & Attach File"
when you upload a file. In addition, even if you
*did* check this checkbox, a bug in SourceForge
prevents attaching a file when *creating* an issue.

Please try again.

(This is a SourceForge annoyance that we can do
nothing about. :-( )
msg45341 - (view) Author: adam goucher (adamg-work) Date: 2004-02-03 16:30
Logged In: YES 

one last try to have all the files uploaded to the patch
msg45342 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2004-02-04 22:37
Logged In: YES 

Would be reasonable to change the default to TLS?
msg45343 - (view) Author: adam goucher (adamg-work) Date: 2004-02-06 16:00
Logged In: YES 

I think in 2.3.x I would leave it as SSLv23 in order to not 
break things going from .x to .y. I think it would be 
reasonable to make TLS the default in the 2.4 branch though 
as some breakage is moreaceptable to more people when 
going between bigger releases.
msg45344 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2004-02-07 08:06
Logged In: YES 

Ok. Your patch is inapplicable to 2.3, anyway, as it adds a
new feature. Are you willing to revise your patch
accordingly? Please also include patches to the documentation.
msg45345 - (view) Author: adam goucher (adamg-work) Date: 2004-03-09 18:55
Logged In: YES 

I have recreated the patch againt the 2.4 snapshot of 
20040308. I also included the doc change and made TLSv1 
the default.
msg45346 - (view) Author: adam goucher (adamg-work) Date: 2004-03-11 18:46
Logged In: YES 

modifying the version this applies to from 2.3 to 2.4 to reflect 
the new patch
msg45347 - (view) Author: Facundo Batista (facundobatista) * (Python committer) Date: 2007-03-31 01:22
Changes seems Ok, but I'd need an update to test suite to accept this patch.

Can you provide the patch to test cases?

msg55297 - (view) Author: Bill Janssen (janssen) * (Python committer) Date: 2007-08-26 02:57
I believe issue 1018 now fixes this.
msg55448 - (view) Author: Bill Janssen (janssen) * (Python committer) Date: 2007-08-29 23:00
Fixed with 2.6 SSL support.
Date User Action Args
2007-08-29 23:00:38janssensetstatus: open -> closed
resolution: fixed
messages: + msg55448
2007-08-26 02:57:23janssensetnosy: + janssen
messages: + msg55297
2004-02-03 16:28:24adamg-workcreate