Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
cpython
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
cpython
Commits
d1d398e4
Commit
d1d398e4
authored
Jan 23, 2015
by
Benjamin Peterson
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
prefer server alpn ordering over the client's
parent
ea324584
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
24 additions
and
16 deletions
+24
-16
Doc/library/ssl.rst
Doc/library/ssl.rst
+2
-1
Lib/test/test_ssl.py
Lib/test/test_ssl.py
+2
-2
Modules/_ssl.c
Modules/_ssl.c
+20
-13
No files found.
Doc/library/ssl.rst
View file @
d1d398e4
...
@@ -875,7 +875,8 @@ SSL sockets also have the following additional methods and attributes:
...
@@ -875,7 +875,8 @@ SSL sockets also have the following additional methods and attributes:
Return the protocol that was selected during the TLS handshake. If
Return the protocol that was selected during the TLS handshake. If
:meth:`SSLContext.set_alpn_protocols` was not called, if the other party does
:meth:`SSLContext.set_alpn_protocols` was not called, if the other party does
not support ALPN, or if the handshake has not happened yet, ``None`` is
not support ALPN, if this socket does not support any of the client's
proposed protocols, or if the handshake has not happened yet, ``None`` is
returned.
returned.
.. versionadded:: 2.7.10
.. versionadded:: 2.7.10
...
...
Lib/test/test_ssl.py
View file @
d1d398e4
...
@@ -2819,9 +2819,9 @@ else:
...
@@ -2819,9 +2819,9 @@ else:
server_protocols
=
[
'foo'
,
'bar'
,
'milkshake'
]
server_protocols
=
[
'foo'
,
'bar'
,
'milkshake'
]
protocol_tests
=
[
protocol_tests
=
[
([
'foo'
,
'bar'
],
'foo'
),
([
'foo'
,
'bar'
],
'foo'
),
([
'bar'
,
'foo'
],
'
bar
'
),
([
'bar'
,
'foo'
],
'
foo
'
),
([
'milkshake'
],
'milkshake'
),
([
'milkshake'
],
'milkshake'
),
([
'http/3.0'
,
'http/4.0'
],
'foo'
)
([
'http/3.0'
,
'http/4.0'
],
None
)
]
]
for
client_protocols
,
expected
in
protocol_tests
:
for
client_protocols
,
expected
in
protocol_tests
:
server_context
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_TLSv1
)
server_context
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_TLSv1
)
...
...
Modules/_ssl.c
View file @
d1d398e4
...
@@ -2149,18 +2149,25 @@ set_ciphers(PySSLContext *self, PyObject *args)
...
@@ -2149,18 +2149,25 @@ set_ciphers(PySSLContext *self, PyObject *args)
}
}
static
int
static
int
do_protocol_selection
(
unsigned
char
**
out
,
unsigned
char
*
outlen
,
do_protocol_selection
(
int
alpn
,
unsigned
char
**
out
,
unsigned
char
*
outlen
,
const
unsigned
char
*
remote_protocols
,
unsigned
int
remote
_protocols_len
,
const
unsigned
char
*
server_protocols
,
unsigned
int
server
_protocols_len
,
unsigned
char
*
our_protocols
,
unsigned
int
our
_protocols_len
)
const
unsigned
char
*
client_protocols
,
unsigned
int
client
_protocols_len
)
{
{
if
(
our_protocols
==
NULL
)
{
int
ret
;
our_protocols
=
(
unsigned
char
*
)
""
;
if
(
client_protocols
==
NULL
)
{
our_protocols_len
=
0
;
client_protocols
=
(
unsigned
char
*
)
""
;
client_protocols_len
=
0
;
}
if
(
server_protocols
==
NULL
)
{
server_protocols
=
(
unsigned
char
*
)
""
;
server_protocols_len
=
0
;
}
}
SSL_select_next_proto
(
out
,
outlen
,
ret
=
SSL_select_next_proto
(
out
,
outlen
,
remote_protocols
,
remote_protocols_len
,
server_protocols
,
server_protocols_len
,
our_protocols
,
our_protocols_len
);
client_protocols
,
client_protocols_len
);
if
(
alpn
&&
ret
!=
OPENSSL_NPN_NEGOTIATED
)
return
SSL_TLSEXT_ERR_NOACK
;
return
SSL_TLSEXT_ERR_OK
;
return
SSL_TLSEXT_ERR_OK
;
}
}
...
@@ -2192,7 +2199,7 @@ _selectNPN_cb(SSL *s,
...
@@ -2192,7 +2199,7 @@ _selectNPN_cb(SSL *s,
void
*
args
)
void
*
args
)
{
{
PySSLContext
*
ctx
=
(
PySSLContext
*
)
args
;
PySSLContext
*
ctx
=
(
PySSLContext
*
)
args
;
return
do_protocol_selection
(
out
,
outlen
,
server
,
server_len
,
return
do_protocol_selection
(
0
,
out
,
outlen
,
server
,
server_len
,
ctx
->
npn_protocols
,
ctx
->
npn_protocols_len
);
ctx
->
npn_protocols
,
ctx
->
npn_protocols_len
);
}
}
#endif
#endif
...
@@ -2244,9 +2251,9 @@ _selectALPN_cb(SSL *s,
...
@@ -2244,9 +2251,9 @@ _selectALPN_cb(SSL *s,
void
*
args
)
void
*
args
)
{
{
PySSLContext
*
ctx
=
(
PySSLContext
*
)
args
;
PySSLContext
*
ctx
=
(
PySSLContext
*
)
args
;
return
do_protocol_selection
((
unsigned
char
**
)
out
,
outlen
,
return
do_protocol_selection
(
1
,
(
unsigned
char
**
)
out
,
outlen
,
c
lient_protocols
,
client
_protocols_len
,
c
tx
->
alpn_protocols
,
ctx
->
alpn
_protocols_len
,
c
tx
->
alpn_protocols
,
ctx
->
alpn
_protocols_len
);
c
lient_protocols
,
client
_protocols_len
);
}
}
#endif
#endif
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment