[jira] [Commented] (THRIFT-3505) Enhance Python TSSLSocket

Wed, 23 Dec 2015 09:19:39 -0800 

    [ 
https://issues.apache.org/jira/browse/THRIFT-3505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15069896#comment-15069896
 ] 

ASF GitHub Bot commented on THRIFT-3505:
----------------------------------------

GitHub user nsuke opened a pull request:

    https://github.com/apache/thrift/pull/760

    THRIFT-3505 Enhance Python TSSLSocket

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/nsuke/thrift THRIFT-3505

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/thrift/pull/760.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #760
    
----
commit 15ccdfd9d9e1d1c5779885b5fbc6907f382bf983
Author: Nobuaki Sukegawa <[email protected]>
Date:   2015-12-23T14:32:09Z

    THRIFT-3505 Enhance Python TSSLSocket

commit 0a3b3aa641162d1eb637cc9ee8437dca6712211c
Author: Nobuaki Sukegawa <[email protected]>
Date:   2015-12-23T15:51:28Z

    Add C#-py3 SSL failures
    
    Force using TLSv1 might fix the failures but I leave it as is since
    it is better visible than worked around and hidden away.

----


> Enhance Python TSSLSocket
> -------------------------
>
>                 Key: THRIFT-3505
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3505
>             Project: Thrift
>          Issue Type: Improvement
>            Reporter: Aki Sukegawa
>            Assignee: Aki Sukegawa
>
> Current TSSLSocket limits capacity of standard library ssl module by hiding 
> functionality.
> I revised initialization code rather radically but with backward compatible 
> deprecation (and added tests).
> h4. Use SSLContext for Python 2.7.9 or later.
> TLS 1.1 and 1.2 are now enabled by default when supported.
> By exposing SSLContext, advanced users can now do mostly anything that can be 
> done by Python ssl module.
> h4. Add all the relevent ssl.wrap_context options to constructor
> Users on Python < 2.7.9 still can do mostly anything that standard library 
> provides
>   e.g.: Client certificate validation (see test case)
> As a bonus TSSLSocket and TSSLServerSocket arguments are now consistent and 
> cleaner.
> Also it no longer breaks Python 2.6.
> Old signature is deprecated but still fully supported out of the box.
> The patch also contains regenerated client test certs because it seems to be 
> expired and was needed for tests.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to