Christian Heimes added the comment:
Here is my take on the SSLSession feature. The patch provides a SSLSession
type, SSLSocket.session getter/setter and SSLSocket.session_reused getter. The
setter makes sure that the session can only set for client sockets from the
same SSLContext and before
Alex Warhawk added the comment:
Even after enabling client cache one still has to call SSL_set_session. See
documentation of SSL_CTX_set_session_cache_mode point SSL_SESS_CACHE_CLIENT.
I started thinking about not exposing a SSL_SESSION object to the user but
rather extending wrap_socket to
Alex Warhawk added the comment:
I have re-targeted the patch for 3.6. It is not a 1 to 1 port of the prior one,
but quite similar.
--
Added file:
http://bugs.python.org/file40716/implement_ssl_session_reuse_3.6.patch
___
Python tracker
Christian Heimes added the comment:
Thanks for your patch. There might be a simpler way. By default a SSLContext
only caches server sessions. You can enable client session caching with:
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT)
This may be sufficient for FTP over TLS since
Alex Warhawk added the comment:
Thanks for the heads up Christian I'll try enabling client session caching. If
this does not work I'll try to adapt the patch to only allow session reusing
within the same context.
--
___
Python tracker
Giampaolo Rodola' added the comment:
This is supposed to be a new feature hence the patch should be targeted against
Python 3.6, definitively not 2.7.
--
versions: +Python 3.6 -Python 2.7, Python 3.4, Python 3.5
___
Python tracker
Alex Warhawk added the comment:
Based on the proof-of-concept patch I submitted a few days ago I have built a
more sophisticated patch. Please review it and let me know about necessary
changes.
--
Added file: http://bugs.python.org/file40708/implement_ssl_session_reuse.patch
Alex Warhawk added the comment:
I encountered this problem recently and could not find a fix, so i tried fixing
it myself.
Note that the patch attached is my first contribution to cpython as well as the
first time I used the C extension mechanism. Therefore I do not consider the
patch
Changes by Antoine Pitrou pit...@free.fr:
--
versions: +Python 3.4
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19500
___
___
Python-bugs-list
Mark Ribau added the comment:
Adding Python v2.7 as also exhibiting this behavior.
Some people over on Stack Overflow have done some things to work around the
issue via subclassing, but I'm not sure their solutions are correct, so much
as have useful side effects. (For example, when only the
Giampaolo Rodola' added the comment:
Interesting, I wasn't aware of this FTP(S) feature.
Unfortunately RFC-4217 really doesn't say much about how this should be done
but it definitively looks like something worth having.
AFAIU this looks like something which should be implemented by servers
Antoine Pitrou added the comment:
Yuck. Is there a public FTP server available somewhere with this feature?
--
nosy: +pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19500
___
Antoine Pitrou added the comment:
The RFC is unhelpfully lousy. It's not enough to process a 522 error, since
that can be triggered for different reasons. You also somehow have to interpret
the error text to detect that session reuse is indeed mandated by the server.
Regardless, to progress
New submission from Ye Wang:
According to RFC4217 (Securing FTP with TLS, aka the FTPS spec),
http://tools.ietf.org/html/rfc4217.html#section-10.2
It is reasonable for the server to insist that the data connection
uses a TLS cached session. This might be a cache of a previous data
14 matches
Mail list logo
