Message 327638 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	RemiCardona
Recipients	RemiCardona, asvetlov, yselivanov
Date	2018-10-13.08:47:40
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1539420460.92.0.788709270274.issue34971@psf.upfronthosting.co.za>
In-reply-to

Content
cpython has had TLS session support since 3.6, using the SSLContext.wrap_* methods. Unfortunately, this support is not available when using asyncio's create_connection. While I've managed to monkeypatch asyncio.sslproto._SSLPipe from my own code (it's a filthy hack but it's short and it gets the job done) running on 3.6.6, I feel this should be properly supported out of the box. A patch is ready (tests work), a github PR will be created shortly. Notes in no particular order: - argument and attribute naming is all over the place, but I could not decide between "sslsession" (matching "sslcontext") and "ssl_session" (matching "ssl_handshake_timeout") so I just picked one - tested on jessie (with openssl 1.0.2 from jessie-backports) and on gentoo - the new asyncio tests added in the patch are adapted from test_ssl.py's test_session, with the server-side stats left out. I felt they were not useful if one assumes that the hard work is done by SSLContext.wrap_*. - I did not reuse test_asyncio.utils.run_test_server which AIUI creates a new server-side context for each incoming connection, thus breaking sessions completely TIA for considering this bug and patch

cpython has had TLS session support since 3.6, using the SSLContext.wrap_* methods. Unfortunately, this support is not available when using asyncio's create_connection.

While I've managed to monkeypatch asyncio.sslproto._SSLPipe from my own code (it's a filthy hack but it's short and it gets the job done) running on 3.6.6, I feel this should be properly supported out of the box.

A patch is ready (tests work), a github PR will be created shortly.

Notes in no particular order:
- argument and attribute naming is all over the place, but I could not decide between "sslsession" (matching "sslcontext") and "ssl_session" (matching "ssl_handshake_timeout") so I just picked one
- tested on jessie (with openssl 1.0.2 from jessie-backports) and on gentoo
- the new asyncio tests added in the patch are adapted from test_ssl.py's test_session, with the server-side stats left out. I felt they were not useful if one assumes that the hard work is done by SSLContext.wrap_*.
- I did not reuse test_asyncio.utils.run_test_server which AIUI creates a new server-side context for each incoming connection, thus breaking sessions completely

TIA for considering this bug and patch

History
Date	User	Action	Args
2018-10-13 08:47:40	RemiCardona	set	recipients: + RemiCardona, asvetlov, yselivanov
2018-10-13 08:47:40	RemiCardona	set	messageid: <1539420460.92.0.788709270274.issue34971@psf.upfronthosting.co.za>
2018-10-13 08:47:40	RemiCardona	link	issue34971 messages
2018-10-13 08:47:40	RemiCardona	create