[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc colinm...@gmail.com added the comment: Just noticed this is missing from What's new in Python 3.3: http://docs.python.org/dev/whatsnew/3.3.html. Should I submit a patch for that? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Antoine Pitrou pit...@free.fr added the comment: Just noticed this is missing from What's new in Python 3.3: http://docs.python.org/dev/whatsnew/3.3.html. Should I submit a patch for that? No need for that, the What's New document usually gets filled later in the release cycle. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc colinm...@gmail.com added the comment: Ah ok, just curious. Thanks! -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Changes by Marcelo Fernández marcelo.fidel.fernan...@gmail.com: -- nosy: +marcelo_fernandez ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset 2514a4e2b3ce by Antoine Pitrou in branch 'default': Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library. http://hg.python.org/cpython/rev/2514a4e2b3ce -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Antoine Pitrou pit...@free.fr added the comment: Closing since the buildbots don't seem to show any new failures after the commit. Thank you for your contribution! -- resolution: - fixed stage: - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Antoine Pitrou pit...@free.fr added the comment: Sorry for the delay. I've run the tests (with OpenSSL 1.0.1-beta3) in debug mode and got an error: == ERROR: test_npn_ext (test.test_ssl.ThreadedTests) -- Traceback (most recent call last): File /home/antoine/cpython/default/Lib/test/test_ssl.py, line 1882, in test_npn_ext chatty=True, connectionchatty=True) File /home/antoine/cpython/default/Lib/test/test_ssl.py, line 1210, in server_params_test s.connect((HOST, server.port)) File /home/antoine/cpython/default/Lib/ssl.py, line 543, in connect self._real_connect(addr, False) File /home/antoine/cpython/default/Lib/ssl.py, line 533, in _real_connect self.do_handshake() File /home/antoine/cpython/default/Lib/ssl.py, line 513, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [Errno 1] _ssl.c:434: error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext I've determined that this is because of the use of strlen() on a non-zero terminated string. I'll try to come up with an updated patch. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Antoine Pitrou pit...@free.fr added the comment: Here is a fixed patch. It also came to me that selected_protocol could be ambiguous, so I renamed it to selected_npn_protocol. -- Added file: http://bugs.python.org/file24916/npn.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Changes by Jesús Cea Avión j...@jcea.es: -- nosy: +jcea ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc colinm...@gmail.com added the comment: More updates to the patch. -- Added file: http://bugs.python.org/file24797/npn_patch_py3.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc colinm...@gmail.com added the comment: Updated patch. -- Added file: http://bugs.python.org/file24786/npn_patch_py3.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc colinm...@gmail.com added the comment: Here's an updated patch against 3.3. -- Added file: http://bugs.python.org/file24775/npn_patch_py3.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc colinm...@gmail.com added the comment: Oops, I had my vim configured wrong and left a few tab characters in there. Here's another updated patch =) -- Added file: http://bugs.python.org/file24777/npn_patch_py3.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Changes by Sidney San Martín s...@sidneysm.com: -- nosy: +ssm ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc colinm...@gmail.com added the comment: Here's the OpenSSL code I referenced for my implementation. It's an excerpt of ssl/lib_ssl.c, starting at line 1514. -- Added file: http://bugs.python.org/file24778/npn_openssl_ref.c ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
New submission from Colin Marc colinm...@gmail.com: Recent versions of OpenSSL (1.0.1 and greater) support a new extension to SSL/TLS called Next Protocol Negotiation, defined here: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02. The extension allows servers and clients to advertise which protocols they support (for example, both HTTP and SPDY) and then agree on one during the handshake according to a simple algorithm. This patch to 2.7 adds support for the NPN extension via another parameter to ssl.wrap_socket, called 'npn_protocols', and by using the OpenSSL API. It should fail gracefully if the linked version of OpenSSL has no support for NPN, using a macro guard. Once the handshake is completed, SSLSocket.selected_protocol() returns whatever was agreed upon. Although I included client/server tests with the patch, testing this functionality in real-life situations proved difficult. Google chrome has SPDY and NPN functionality baked in, so I wrote a simple socket server that advertises SPDY/2 in addition to HTTP/1.1. Chrome, pointed at this server, correctly completed the handshake and started merrily sending SPDY control frames. -- files: npn_patch.diff keywords: patch messages: 154973 nosy: colinmarc priority: normal severity: normal status: open title: Support for the NPN extension to TLS/SSL type: enhancement versions: Python 2.7 Added file: http://bugs.python.org/file24739/npn_patch.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Martin v. Löwis mar...@v.loewis.de added the comment: There is zero chance that this can go into 2.7. So if you want to see it included, please port it to Python 3, and it may become part of Python 3.3 or 3.4. -- nosy: +loewis versions: +Python 3.3 -Python 2.7 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc colinm...@gmail.com added the comment: If I ported it to 3.3 or 3.4, would it then be backported to 2.7? Or is there zero chance of that either? If so, why? I apologize, I'm new to the process. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Martin v. Löwis mar...@v.loewis.de added the comment: If I ported it to 3.3 or 3.4, would it then be backported to 2.7? Or is there zero chance of that either? If so, why? I apologize, I'm new to the process. It won't be backported. Python 2.7 is in bug-fix mode; no new features are allowed it it. In addition, there won't be another 2.x release (see PEP 404), so new features can only be added to Python 3. If this means that you'll lose interest in this issue - that's fine. Let us know whether you then would rather withdraw the patch, or leave it open in case someone is motivated to port it. In the latter case, please submit a contributor's form to the PSF. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Antoine Pitrou pit...@free.fr added the comment: Hello Marc, Recent versions of OpenSSL (1.0.1 and greater) support a new extension to SSL/TLS called Next Protocol Negotiation, defined here: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02. Apparently this is an IETF draft. Do you know if it is stabilized enough that it won't change significantly? Also, please notice that the ssl module (starting from Python 3.2) now exposes the notion of an SSL context. The setting of NPN parameters should probably be exposed as a context method and/or a parameter to SSLContext.wrap_socket(). (see http://docs.python.org/dev/library/ssl.html#ssl-contexts for docs) -- nosy: +pitrou ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc colinm...@gmail.com added the comment: Re the IETF draft: I'm not sure. However, I didn't actually have to implement the specification at all - that was all handled by OpenSSL. My patch just calls the appropriate SSL_CTX_* methods. Thanks for the tip. I'm still interested in this getting included, so I'll work on porting it over. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14204 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
