New submission from Christian Heimes <li...@cheimes.de>:
Python's ssl module exposes a limited and opinionated set of knobs to tune
OpenSSL's behavior. Each new setter, getter, or function must be carefully
design, tested, and documented. For each feature OpenSSL's C API must be
converted into a Pythonic, self-explanatory interface.
I would like to give experts and power users an interface to set advanced
options. libffi-based solutions like ctypes and cffi are obvious choices. For
libffi to work, users need to be able to get the address of ssl.SSLContext()'s
SSL_CTX pointer and the SSL* pointer of the internal _SSLSocket object.
While it's possible to use pointer arithmetic with id(ctx) + offset, I would
like to add a more convenient way. Pointer arithmetic with ctypes is
non-trivial. Users would have to rely on internal, private layout of
PySSLContext and PySSLSocket struct. I'm considering two new methods
ctx._ssl_ctx_addr and ssl._ssl_addr (names are tentative).
>>> import ssl, ctypes
>>> ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
>>> libssl = ctypes.CDLL("libssl.so.1.1") # ssl._ssl.__file__ works, too
>>> libssl.SSL_CTX_set_ciphersuites(ctx._ssl_ctx_addr(),
>>> b"TLS_CHACHA20_POLY1305_SHA256")
1
Steve, Nathaniel, how do you like the idea in general? Do you have better ideas
for function names?
----------
assignee: christian.heimes
components: SSL
messages: 391498
nosy: christian.heimes, njs, steve.dower
priority: normal
severity: normal
stage: patch review
status: open
title: ssl module: add getter for SSL_CTX* and SSL*
type: enhancement
versions: Python 3.10, Python 3.11
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue43902>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
