Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

expose SSL socket protocol version #64620

Closed
pitrou opened this issue Jan 28, 2014 · 14 comments
Closed

expose SSL socket protocol version #64620

pitrou opened this issue Jan 28, 2014 · 14 comments
Labels
stdlib Python modules in the Lib dir type-feature A feature request or enhancement

Comments

@pitrou
Copy link
Member

pitrou commented Jan 28, 2014

BPO 20421
Nosy @pitrou, @giampaolo, @tiran, @benjaminp, @alex, @ethanfurman, @dstufft
Files
  • ssl_version.patch
  • ssl_version2.patch
  • backport-version.diff
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2014-09-04.19:02:06.638>
created_at = <Date 2014-01-28.16:36:54.341>
labels = ['type-feature', 'library']
title = 'expose SSL socket protocol version'
updated_at = <Date 2014-09-04.20:33:36.215>
user = 'https://github.com/pitrou'

    bugs.python.org fields:

    activity = <Date 2014-09-04.20:33:36.215>
actor = 'python-dev'
assignee = 'none'
closed = True
closed_date = <Date 2014-09-04.19:02:06.638>
closer = 'pitrou'
components = ['Library (Lib)']
creation = <Date 2014-01-28.16:36:54.341>
creator = 'pitrou'
dependencies = []
files = ['36440', '36509', '36536']
hgrepos = []
issue_num = 20421
keywords = ['patch']
message_count = 14.0
messages = ['209564', '214621', '214864', '216543', '216792', '216793', '225726', '226146', '226370', '226371', '226375', '226376', '226377', '226379']
nosy_count = 10.0
nosy_names = ['geertj', 'janssen', 'pitrou', 'giampaolo.rodola', 'christian.heimes', 'benjamin.peterson', 'alex', 'ethan.furman', 'python-dev', 'dstufft']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue20421'
versions = ['Python 3.5']
    @pitrou
    Copy link
    Member Author

    pitrou commented Jan 28, 2014

    SSL sockets should provide a way to query the current protocol version (e.g. "TLSv1.2"). OpenSSL makes it easy through SSL_get_version().

    Open question is whether we return the string returned by SSL_get_version(), or we convert it to one of the constants ssl.PROTOCOL_XXX.

    @pitrou pitrou added stdlib Python modules in the Lib dir type-feature A feature request or enhancement labels Jan 28, 2014
    @pitrou
    Copy link
    Member Author

    pitrou commented Mar 23, 2014

    (slightly related: should ssl.PROTOCOL_xxx constants become enum members?)

    @pitrou
    Copy link
    Member Author

    pitrou commented Mar 25, 2014

    We could actually use the undocumented "int SSL_version(const SSL *s)" and convert the return value to one of our favourite protocol constants.

    @ethanfurman
    Copy link
    Member

    Sounds good to me.

    @pitrou
    Copy link
    Member Author

    pitrou commented Apr 18, 2014

    Ok, it came to me that converting to one of the PROTOCOL* constants can fail in the following case: Python is linked with an OpenSSL that supports a more recent protocol version than the ssl module is aware of. SSL_get_version() can then return a protocol (e.g. "TLSv1.3") that we don't know about, and have no way of converting to an existing constant.

    So perhaps we should really simply return the same string as OpenSSL?

    @giampaolo
    Copy link
    Contributor

    Debatable. Maybe I'm +0.1 for returning the plain string. IMO when it comes to stdlib modules, enums are only really useful for converting integer constants.

    @pitrou
    Copy link
    Member Author

    pitrou commented Aug 23, 2014

    Here is a patch. Doc updates still missing.

    @pitrou
    Copy link
    Member Author

    pitrou commented Aug 30, 2014

    Updated patch with doc.

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Sep 4, 2014

    New changeset 648685f8d5e9 by Antoine Pitrou in branch 'default':
    Issue bpo-20421: Add a .version() method to SSL sockets exposing the actual protocol version in use.
    http://hg.python.org/cpython/rev/648685f8d5e9

    @pitrou
    Copy link
    Member Author

    pitrou commented Sep 4, 2014

    Pushed to default.

    @pitrou pitrou closed this as completed Sep 4, 2014
    @alex
    Copy link
    Member

    alex commented Sep 4, 2014

    Should this be backported to 2.7.9?

    @pitrou
    Copy link
    Member Author

    pitrou commented Sep 4, 2014

    It's as you want, now. I don't think this is really important, though.

    @alex
    Copy link
    Member

    alex commented Sep 4, 2014

    Attached patch backports it (only change is the use of closing() and resolving the conflict in Misc/NEWS). I'll leave it up to benjamin whether he wants to commit (input from others welcome). My view is to prefer backporting stuff since it helps keep the diff small.

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Sep 4, 2014

    New changeset 16c86a6bdbe2 by Alex Gaynor in branch '2.7':
    Issue bpo-20421: Add a .version() method to SSL sockets exposing the actual protocol version in use.
    http://hg.python.org/cpython/rev/16c86a6bdbe2

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    stdlib Python modules in the Lib dir type-feature A feature request or enhancement
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    4 participants
    @alex @giampaolo @pitrou @ethanfurman