Replies: 1 comment 1 reply
-
I am afraid there is no way to reload the default configuration file in this use case. Or rather, there are ways to do that using C APIs such as CONF_modules_load_file() but I do not think Python provides them. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Advance warning: I'm aware this may be better asked to the Python community -- but I don't know of the best place to do that, so any pointers welcome (SO question here for reference).
As the issue is one of OpenSSL (integrated to Python) let me ask it regardless hoping some "pythonite" sees it:
Activating a (new) provider via "openssl.cnf" finally works in Python since/as openssl3 support has been enabled there.
However, it seems the file is used only once at startup and not consulted again when doing a new
urllib.request
. Is this known/intentional behaviour?Background: Python/urllib does not provide an API to set (TLS1.3) default groups, so I try to achieve this (changing the default groups per connection) by (changing an) environment variable in "openssl.cnf", e.g., as is documented here. This works fine outside of Python but not within.
So the question may be: How can one trigger re-evaluation of "openssl.cnf" (using the then-current environment variables) within a running Python program (to ultimately achieve the same as calling SSL_set1_groups)?
Beta Was this translation helpful? Give feedback.
All reactions