Antoine Pitrou <pit...@free.fr> added the comment:
Interestingly (from rfc5929):
This definition of 'tls-unique' means that a channel's bindings
data may change over time, which in turn creates a synchronization
problem should the channel's bindings data change between the time
that the client initiates authentication with channel binding and
the time that the server begins to process the client's first
authentication message. If that happens, the authentication
attempt will fail spuriously.
> and is (they say), available via OpenSSL API
Do you happen to know which API? I see no reference to tls-unique or channel
binding, in either the OpenSSL website or the latest OpenSSL snapshot.
According to some mailing-list message, we could use SSL_get_finished() and
SSL_get_peer_finished(), but that still leaves us to figure out what to do with
the info returned by these functions. It would be nice if there was some
ready-to-use code (I'm not a crypto expert).
----------
nosy: +pitrou
stage: -> needs patch
versions: -Python 2.7, Python 3.2, Python 3.4
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue12551>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
