Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Current TSSLSocket limits capacity of standard library ssl module by hiding functionality.
I revised initialization code rather radically but with backward compatible deprecation (and added tests).
Use SSLContext for Python 2.7.9 or later.
TLS 1.1 and 1.2 are now enabled by default when supported.
By exposing SSLContext, advanced users can now do mostly anything that can be done by Python ssl module.
Add all the relevent ssl.wrap_context options to constructor
Users on Python < 2.7.9 still can do mostly anything that standard library provides
e.g.: Client certificate validation (see test case)
As a bonus TSSLSocket and TSSLServerSocket arguments are now consistent and cleaner.
Also it no longer breaks Python 2.6.
Old signature is deprecated but still fully supported out of the box.
The patch also contains regenerated client test certs because it seems to be expired and was needed for tests.
Attachments
Issue Links
- contains
-
THRIFT-3418 Use of ciphers in ssl.wrap_socket() breaks python 2.6 compatibility
- Closed
-
THRIFT-1867 Python client/server should support client-side certificates.
- Closed