Aki Sukegawa created THRIFT-3505:
------------------------------------
Summary: Enhance Python TSSLSocket
Key: THRIFT-3505
URL: https://issues.apache.org/jira/browse/THRIFT-3505
Project: Thrift
Issue Type: Improvement
Reporter: Aki Sukegawa
Assignee: Aki Sukegawa
Current TSSLSocket limits capacity of standard library ssl module by hiding
functionality.
I revised initialization code rather radically but with backward compatible
deprecation (and added tests).
h4. Use SSLContext for Python 2.7.9 or later.
TLS 1.1 and 1.2 are now enabled by default when supported.
By exposing SSLContext, advanced users can now do mostly anything that can be
done by Python ssl module.
h4. Add all the relevent ssl.wrap_context options to constructor
Users on Python < 2.7.9 still can do mostly anything that standard library
provides
e.g.: Client certificate validation (see test case)
As a bonus TSSLSocket and TSSLServerSocket arguments are now consistent and
cleaner.
Also it no longer breaks Python 2.6.
Old signature is deprecated but still fully supported out of the box.
The patch also contains regenerated client test certs because it seems to be
expired and was needed for tests.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
