Jacek Konieczny added the comment:
This patch is functionally equivalent, but advertises 'tls-unique' support in a
bit different way.
HAS_TLS_UNIQUE is not exposed in the python 'ssl' module, instead a list
'CHANNEL_BINDING_TYPES' is provided (empty when
Jacek Konieczny added the comment:
This is patch updated according to your suggestions, including raising
NotImplementedError when 'tls-unique' is not available and with the
ssl.HAS_TLS_UNIQUE constant added.
It also includes an important fix to the data retrieval logic (one cond
Jacek Konieczny added the comment:
Thanks for the quick review. Most of the problems are my oversights.
I am not sure about that:
> And I think get_channel_binding() should raise NotImplementedError in that
> case.
As the method is supposed to be extensible and 'tls-unique'
Jacek Konieczny added the comment:
Here is a patch, ready for review. Seems to work, though I still need to check
it with some other implementation.
I have chosen not to expose another three OpenSSL functions (SSL_get_finished,
SSL_get_peer_finished, SSL_session_reused), but provide API just
Jacek Konieczny added the comment:
I skim-read the TLS specification, looked at the OpenSSL API and it seems it
should be easy to implement. I am getting to work right now…
--
___
Python tracker
<http://bugs.python.org/issue12
Jacek Konieczny added the comment:
> Do you happen to know which API?
Not yet.
> I see no reference to tls-unique or channel binding, in either the OpenSSL
> website or the latest OpenSSL snapshot.
Yes, I know it is not directly documented.
> It would be nice if there was s
New submission from Jacek Konieczny :
Recently IETF encourages using of the SCRAM-SHA-1-PLUS SASL authentication
mechanism (5802) in new protocols. That is a requirement e.g. of the current
XMPP specification (RFC6120). Any compliant implementation needs to support the
'SCRAM-SHA-1