Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3505

Enhance Python TSSLSocket

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.10.0
    • Component/s: None
    • Labels:
      None

      Description

      Current TSSLSocket limits capacity of standard library ssl module by hiding functionality.
      I revised initialization code rather radically but with backward compatible deprecation (and added tests).

      Use SSLContext for Python 2.7.9 or later.

      TLS 1.1 and 1.2 are now enabled by default when supported.

      By exposing SSLContext, advanced users can now do mostly anything that can be done by Python ssl module.

      Add all the relevent ssl.wrap_context options to constructor

      Users on Python < 2.7.9 still can do mostly anything that standard library provides
      e.g.: Client certificate validation (see test case)

      As a bonus TSSLSocket and TSSLServerSocket arguments are now consistent and cleaner.
      Also it no longer breaks Python 2.6.
      Old signature is deprecated but still fully supported out of the box.

      The patch also contains regenerated client test certs because it seems to be expired and was needed for tests.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                nsuke Nobuaki Sukegawa
                Reporter:
                nsuke Nobuaki Sukegawa
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: