add support for ALPN (closes #20188)

author: Benjamin Peterson <benjamin@python.org> 2015-01-23 21:35:37 (GMT)
committer: Benjamin Peterson <benjamin@python.org> 2015-01-23 21:35:37 (GMT)
commit: cca2732a8216bac0d6ca182fc5a55769af2c5160 (patch)
tree: fa98ed3d5c492db2748cc7afda34351795e4783f /Lib/ssl.py
parent: 06140f2e04eb23f88e2b9d13bd5388fe29addbaa (diff)
download: cpython-cca2732a8216bac0d6ca182fc5a55769af2c5160.zip
cpython-cca2732a8216bac0d6ca182fc5a55769af2c5160.tar.gz
cpython-cca2732a8216bac0d6ca182fc5a55769af2c5160.tar.bz2
1 files changed, 26 insertions, 1 deletions
diff --git a/Lib/ssl.py b/Lib/ssl.py
index 39019f9..807e9f2 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -122,7 +122,7 @@ _import_symbols('OP_')
 _import_symbols('ALERT_DESCRIPTION_')
 _import_symbols('SSL_ERROR_')
 
-from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN
 
 from _ssl import _OPENSSL_API_VERSION
 
@@ -374,6 +374,17 @@ class SSLContext(_SSLContext):
 
         self._set_npn_protocols(protos)
 
+    def set_alpn_protocols(self, alpn_protocols):
+        protos = bytearray()
+        for protocol in alpn_protocols:
+            b = bytes(protocol, 'ascii')
+            if len(b) == 0 or len(b) > 255:
+                raise SSLError('ALPN protocols must be 1 to 255 in length')
+            protos.append(len(b))
+            protos.extend(b)
+
+        self._set_alpn_protocols(protos)
+
     def _load_windows_store_certs(self, storename, purpose):
         certs = bytearray()
         for cert, encoding, trust in enum_certificates(storename):
@@ -567,6 +578,13 @@ class SSLObject:
         if _ssl.HAS_NPN:
             return self._sslobj.selected_npn_protocol()
 
+    def selected_alpn_protocol(self):
+        """Return the currently selected ALPN protocol as a string, or ``None``
+        if a next protocol was not negotiated or if ALPN is not supported by one
+        of the peers."""
+        if _ssl.HAS_ALPN:
+            return self._sslobj.selected_alpn_protocol()
+
     def cipher(self):
         """Return the currently selected cipher as a 3-tuple ``(name,
         ssl_version, secret_bits)``."""
@@ -783,6 +801,13 @@ class SSLSocket(socket):
         else:
             return self._sslobj.selected_npn_protocol()
 
+    def selected_alpn_protocol(self):
+        self._checkClosed()
+        if not self._sslobj or not _ssl.HAS_ALPN:
+            return None
+        else:
+            return self._sslobj.selected_alpn_protocol()
+
     def cipher(self):
         self._checkClosed()
         if not self._sslobj:
author	Benjamin Peterson <benjamin@python.org>	2015-01-23 21:35:37 (GMT)
committer	Benjamin Peterson <benjamin@python.org>	2015-01-23 21:35:37 (GMT)
commit	cca2732a8216bac0d6ca182fc5a55769af2c5160 (patch)
tree	fa98ed3d5c492db2748cc7afda34351795e4783f /Lib/ssl.py
parent	06140f2e04eb23f88e2b9d13bd5388fe29addbaa (diff)
download	cpython-cca2732a8216bac0d6ca182fc5a55769af2c5160.zip cpython-cca2732a8216bac0d6ca182fc5a55769af2c5160.tar.gz cpython-cca2732a8216bac0d6ca182fc5a55769af2c5160.tar.bz2