Skip to content

#32858: Add OpenSSL ECDH functionality#5700

Closed
sruester wants to merge 1 commit into
python:masterfrom
sruester:fix-issue-32858
Closed

#32858: Add OpenSSL ECDH functionality#5700
sruester wants to merge 1 commit into
python:masterfrom
sruester:fix-issue-32858

Conversation

@sruester

@sruester sruester commented Feb 16, 2018

Copy link
Copy Markdown

Added support for selecting "X25519" in SSLContext.set_ecdh_curve(). Added method SSLSocket.kxinfo() to provide information about key exchange. Changed set_ecdh_curve() to use SSL_CTX_set1_curves_list which is available since OpenSSL 1.0.2.

@the-knights-who-say-ni

the-knights-who-say-ni commented Feb 16, 2018

Copy link
Copy Markdown

Hello, and thanks for your contribution!

I'm a bot set up to make sure that the project can legally accept your contribution by verifying you have signed the PSF contributor agreement (CLA).

Unfortunately we couldn't find an account corresponding to your GitHub username on bugs.python.org (b.p.o) to verify you have signed the CLA (this might be simply due to a missing "GitHub Name" entry in your b.p.o account settings). This is necessary for legal reasons before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue.

Thanks again to your contribution and we look forward to looking at it!

@sruester sruester changed the title issue#32858: Add OpenSSL ECDH functionality #32858: Add OpenSSL ECDH functionality Feb 16, 2018
tiran
tiran requested changes Feb 16, 2018
View reviewed changes

@tiran tiran left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution.

You are working on two separate things here. Please create a separate issue for the kxinfo method. Before you start on a patch, let's first discuss if the feature should be added at all and how a good API should look like.

The same is true for set_ecdh_curve(). New or improved featured must be added to PEP 543 and implemented in a way, that works with other TLS implementations. I suggest that the function accepts 1..n group names from an enum of groups based on https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 .

I need to discuss this with @Lukasa first.

@bedevere-bot

bedevere-bot commented Feb 16, 2018

Copy link
Copy Markdown

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

@sruester

sruester commented Feb 16, 2018

Copy link
Copy Markdown
Author

I will submit separate pull requests as suggested.

@sruester sruester closed this Feb 16, 2018
@sruester sruester deleted the fix-issue-32858 branch February 20, 2018 10:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tiran tiran tiran requested changes

Assignees

No one assigned

Labels

awaiting changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sruester @the-knights-who-say-ni @bedevere-bot @tiran @sterue