Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3505

Enhance Python TSSLSocket

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.10.0
    • None
    • None

    Description

      Current TSSLSocket limits capacity of standard library ssl module by hiding functionality.
      I revised initialization code rather radically but with backward compatible deprecation (and added tests).

      Use SSLContext for Python 2.7.9 or later.

      TLS 1.1 and 1.2 are now enabled by default when supported.

      By exposing SSLContext, advanced users can now do mostly anything that can be done by Python ssl module.

      Add all the relevent ssl.wrap_context options to constructor

      Users on Python < 2.7.9 still can do mostly anything that standard library provides
      e.g.: Client certificate validation (see test case)

      As a bonus TSSLSocket and TSSLServerSocket arguments are now consistent and cleaner.
      Also it no longer breaks Python 2.6.
      Old signature is deprecated but still fully supported out of the box.

      The patch also contains regenerated client test certs because it seems to be expired and was needed for tests.

      Attachments

        Issue Links

          Activity

            People

              nsuke Nobuaki Sukegawa
              nsuke Nobuaki Sukegawa
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: