This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients Jajcus, pitrou
Date 2011-07-13.11:52:08
SpamBayes Score 0.00039632941
Marked as misclassified No
Message-id <1310557929.91.0.761644729946.issue12551@psf.upfronthosting.co.za>
In-reply-to
Content
Interestingly (from rfc5929):

      This definition of 'tls-unique' means that a channel's bindings
      data may change over time, which in turn creates a synchronization
      problem should the channel's bindings data change between the time
      that the client initiates authentication with channel binding and
      the time that the server begins to process the client's first
      authentication message.  If that happens, the authentication
      attempt will fail spuriously.

> and is (they say), available via OpenSSL API

Do you happen to know which API? I see no reference to tls-unique or channel binding, in either the OpenSSL website or the latest OpenSSL snapshot.

According to some mailing-list message, we could use SSL_get_finished() and SSL_get_peer_finished(), but that still leaves us to figure out what to do with the info returned by these functions. It would be nice if there was some ready-to-use code (I'm not a crypto expert).
History
Date User Action Args
2011-07-13 11:52:10pitrousetrecipients: + pitrou, Jajcus
2011-07-13 11:52:09pitrousetmessageid: <1310557929.91.0.761644729946.issue12551@psf.upfronthosting.co.za>
2011-07-13 11:52:09pitroulinkissue12551 messages
2011-07-13 11:52:08pitroucreate