Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add timeout parameter for get_server_certificate in ssl.py #76051

Closed
nixawk mannequin opened this issue Oct 26, 2017 · 4 comments
Closed

add timeout parameter for get_server_certificate in ssl.py #76051

nixawk mannequin opened this issue Oct 26, 2017 · 4 comments
Assignees
@tiran
Labels
3.10 only security fixes topic-SSL type-feature A feature request or enhancement

Comments

@nixawk
Copy link
Mannequin

nixawk mannequin commented Oct 26, 2017

BPO 31870
Nosy @tiran, @alex, @dstufft, @nixawk, @ZackerySpytz, @miss-islington
PRs
  • bpo-31870: add timeout parameter for get_server_certificate in ssl.py #4126
  • bpo-31870: Add a timeout parameter to ssl.get_server_certificate() #22270
  • bpo-31870: Fix test_get_server_certificate_timeout on Windows (GH-25570) #25570
    		•
    Files
  • ssl.py: Added timeout support for func get_server_certificate in ssl module.
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
closed_at = <Date 2021-04-24.04:57:49.322>
created_at = <Date 2017-10-26.04:11:25.449>
labels = ['expert-SSL', 'type-feature', '3.10']
title = 'add timeout parameter for get_server_certificate in ssl.py'
updated_at = <Date 2021-04-24.05:54:11.227>
user = 'https://github.com/Nixawk'

    bugs.python.org fields:

    activity = <Date 2021-04-24.05:54:11.227>
actor = 'christian.heimes'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2021-04-24.04:57:49.322>
closer = 'christian.heimes'
components = ['SSL']
creation = <Date 2017-10-26.04:11:25.449>
creator = 'Nixawk'
dependencies = []
files = ['47238']
hgrepos = []
issue_num = 31870
keywords = ['patch']
message_count = 4.0
messages = ['305021', '312879', '391758', '391760']
nosy_count = 7.0
nosy_names = ['janssen', 'christian.heimes', 'alex', 'dstufft', 'Nixawk', 'ZackerySpytz', 'miss-islington']
pr_nums = ['4126', '22270', '25570']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue31870'
versions = ['Python 3.10']
    @nixawk
    Copy link
    Mannequin Author

    nixawk mannequin commented Oct 26, 2017

    The original get_server_certificate in ssl.py does not support socket timeout,

    def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None):
    """Retrieve the certificate from the server at the specified address,
    and return it as a PEM-encoded string.
    If 'ca_certs' is specified, validate the server cert against it.
    If 'ssl_version' is specified, use it in the connection attempt."""
    host, port = addr
if ca_certs is not None:
    cert_reqs = CERT_REQUIRED
else:
    cert_reqs = CERT_NONE
context = _create_stdlib_context(ssl_version,
                                 cert_reqs=cert_reqs,
                                 cafile=ca_certs)
with  create_connection(addr) as sock:
    with context.wrap_socket(sock) as sslsock:
        dercert = sslsock.getpeercert(True)
return DER_cert_to_PEM_cert(dercert)

    If a timeout parameter, a sample demo can be here:

    >>> import ssl
>>> ssl.get_server_certificate(("www.qq.com", 443), timeout=6)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/ssl.py", line 1017, in get_server_certificate
    with closing(create_connection(addr, timeout)) as sock:
  File "/usr/lib/python2.7/socket.py", line 575, in create_connection
    raise err
socket.error: [Errno 101] Network is unreachable

    @nixawk nixawk mannequin added stdlib Python modules in the Lib dir type-feature A feature request or enhancement labels Oct 26, 2017
    @tiran tiran added topic-SSL 3.7 (EOL) end of life and removed stdlib Python modules in the Lib dir labels Nov 3, 2017
    @tiran tiran self-assigned this Nov 3, 2017
    @tiran
    Copy link
    Member

    tiran commented Feb 26, 2018

    It's too late to land a new feature in 3.7.

    @tiran tiran added 3.8 only security fixes and removed 3.7 (EOL) end of life labels Feb 26, 2018
    @miss-islington
    Copy link
    Contributor

    New changeset b2fac1a by Zackery Spytz in branch 'master':
    bpo-31870: Add a timeout parameter to ssl.get_server_certificate() (GH-22270)
    b2fac1a

    @tiran tiran added 3.10 only security fixes and removed 3.8 only security fixes labels Apr 24, 2021
    @tiran tiran closed this as completed Apr 24, 2021
    @tiran
    Copy link
    Member

    tiran commented Apr 24, 2021

    New changeset f05c2ae by Christian Heimes in branch 'master':
    bpo-31870: Fix test_get_server_certificate_timeout on Windows (GH-25570)
    f05c2ae

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @tiran tiran

    Labels
    3.10 only security fixes topic-SSL type-feature A feature request or enhancement
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @tiran @miss-islington