[issue14204] Support for the NPN extension to TLS/SSL
New submission from Colin Marc : Recent versions of OpenSSL (1.0.1 and greater) support a new extension to SSL/TLS called Next Protocol Negotiation, defined here: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02. The extension allows servers and clients to advertise which protocols they support (for example, both HTTP and SPDY) and then agree on one during the handshake according to a simple algorithm. This patch to 2.7 adds support for the NPN extension via another parameter to ssl.wrap_socket, called 'npn_protocols', and by using the OpenSSL API. It should fail gracefully if the linked version of OpenSSL has no support for NPN, using a macro guard. Once the handshake is completed, SSLSocket.selected_protocol() returns whatever was agreed upon. Although I included client/server tests with the patch, testing this functionality in real-life situations proved difficult. Google chrome has SPDY and NPN functionality baked in, so I wrote a simple socket server that advertises SPDY/2 in addition to HTTP/1.1. Chrome, pointed at this server, correctly completed the handshake and started merrily sending SPDY control frames. -- files: npn_patch.diff keywords: patch messages: 154973 nosy: colinmarc priority: normal severity: normal status: open title: Support for the NPN extension to TLS/SSL type: enhancement versions: Python 2.7 Added file: http://bugs.python.org/file24739/npn_patch.diff ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc added the comment: If I ported it to 3.3 or 3.4, would it then be backported to 2.7? Or is there zero chance of that either? If so, why? I apologize, I'm new to the process. -- ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc added the comment: Re the IETF draft: I'm not sure. However, I didn't actually have to implement the specification at all - that was all handled by OpenSSL. My patch just calls the appropriate SSL_CTX_* methods. Thanks for the tip. I'm still interested in this getting included, so I'll work on porting it over. -- ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc added the comment: Here's an updated patch against 3.3. -- Added file: http://bugs.python.org/file24775/npn_patch_py3.diff ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc added the comment: Oops, I had my vim configured wrong and left a few tab characters in there. Here's another updated patch =) -- Added file: http://bugs.python.org/file24777/npn_patch_py3.diff ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc added the comment: Here's the OpenSSL code I referenced for my implementation. It's an excerpt of ssl/lib_ssl.c, starting at line 1514. -- Added file: http://bugs.python.org/file24778/npn_openssl_ref.c ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc added the comment: Updated patch. -- Added file: http://bugs.python.org/file24786/npn_patch_py3.diff ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc added the comment: More updates to the patch. -- Added file: http://bugs.python.org/file24797/npn_patch_py3.diff ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13344] closed sockets don't raise EBADF anymore
Changes by Colin Marc : -- nosy: +colinmarc ___ Python tracker <http://bugs.python.org/issue13344> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc added the comment: Just noticed this is missing from "What's new in Python 3.3": http://docs.python.org/dev/whatsnew/3.3.html. Should I submit a patch for that? -- ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14204] Support for the NPN extension to TLS/SSL
Colin Marc added the comment: Ah ok, just curious. Thanks! -- ___ Python tracker <http://bugs.python.org/issue14204> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
