Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Connection.get_certificate method #733

Merged
merged 2 commits into from May 16, 2018
Merged

Conversation

@jlaine
Copy link
Contributor

@jlaine jlaine commented Feb 6, 2018

This makes it possible to retrieve the local certificate (if any)
for a Connection.

An example where this is useful is when negotiating a DTLS-SRTP
connection, the fingerprint of the local certificate needs to be
communicated to the remote party out-of-band via SDP.

This depends on:
pyca/cryptography#4100

"""
cert = _lib.SSL_get_certificate(self._ssl)
if cert != _ffi.NULL:
_lib.X509_up_ref(cert)
Copy link
Contributor Author

@jlaine jlaine Feb 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unlike SSL.get_peer_certificate, we don't own the X509 pointer. We need to increase the reference count to avoid the X509 freeing the pointer on GC.

Loading

@jlaine jlaine force-pushed the get-certificate branch from f3ea222 to ebf80ce Feb 6, 2018
@codecov
Copy link

@codecov codecov bot commented Feb 6, 2018

Codecov Report

Merging #733 into master will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #733      +/-   ##
==========================================
+ Coverage   97.05%   97.06%   +<.01%     
==========================================
  Files          18       18              
  Lines        5705     5723      +18     
  Branches      395      396       +1     
==========================================
+ Hits         5537     5555      +18     
  Misses        112      112              
  Partials       56       56
Impacted Files Coverage Δ
tests/test_ssl.py 99.13% <100%> (ø) ⬆️
src/OpenSSL/SSL.py 94.94% <100%> (+0.02%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7cc15e8...97a5599. Read the comment docs.

Loading

@jlaine jlaine force-pushed the get-certificate branch 2 times, most recently from 4bb9909 to 3d72783 Feb 10, 2018
@jlaine
Copy link
Contributor Author

@jlaine jlaine commented Feb 10, 2018

As far as I can tell, this pull request is complete : tests, docstring and an entry in api/ssl.rst. All that's needed is for cryptography 2.2 to be released.

Loading

@reaperhulk
Copy link
Member

@reaperhulk reaperhulk commented Feb 13, 2018

I will be circling around to figure out a rough release date for 2.2 next week.

Loading

@jlaine jlaine force-pushed the get-certificate branch 2 times, most recently from 8b7bc04 to ee0d412 Feb 19, 2018
@reaperhulk
Copy link
Member

@reaperhulk reaperhulk commented Mar 19, 2018

Okay, this can be updated to set cryptography 2.2 as minimum version

Loading

@jlaine
Copy link
Contributor Author

@jlaine jlaine commented Mar 19, 2018

OK, so this requires #742

Loading

This makes it possible to retrieve the local certificate (if any)
for a Connection.

An example where this is useful is when negotiating a DTLS-SRTP
connection, the fingerprint of the local certificate needs to be
communicated to the remote party out-of-band via SDP.
@jlaine jlaine force-pushed the get-certificate branch from ee0d412 to 9a9c423 Mar 21, 2018
@reaperhulk reaperhulk added this to the 18.0.0 milestone May 16, 2018
@reaperhulk reaperhulk merged commit 460a19d into pyca:master May 16, 2018
3 checks passed
Loading
bors-fusion bot added a commit to fusionapp/fusion-index that referenced this issue May 21, 2018
197: Scheduled weekly dependency update for week 20 r=mithrandi a=pyup-bot






### Update [hypothesis](https://pypi.org/project/hypothesis) from **3.56.5** to **3.57.0**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/hypothesis
  - Repo: https://github.com/HypothesisWorks/hypothesis/issues
</details>





### Update [pbr](https://pypi.org/project/pbr) from **4.0.2** to **4.0.3**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pbr
  - Homepage: https://docs.openstack.org/pbr/latest/
</details>





### Update [pyopenssl](https://pypi.org/project/pyopenssl) from **17.5.0** to **18.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0.0
   ```
   -------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
  `733 &lt;https://github.com/pyca/pyopenssl/pull/733&gt;`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
  `753 &lt;https://github.com/pyca/pyopenssl/pull/753&gt;`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
  `734 &lt;https://github.com/pyca/pyopenssl/pull/734&gt;`_


----
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyopenssl
  - Changelog: https://pyup.io/changelogs/pyopenssl/
  - Homepage: https://pyopenssl.org/
  - Docs: https://pythonhosted.org/pyOpenSSL/
</details>
bors-fusion bot added a commit to fusionapp/documint that referenced this issue May 21, 2018
134: Scheduled weekly dependency update for week 20 r=mithrandi a=pyup-bot






### Update [pyopenssl](https://pypi.org/project/pyopenssl) from **17.5.0** to **18.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0.0
   ```
   -------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
  `733 &lt;https://github.com/pyca/pyopenssl/pull/733&gt;`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
  `753 &lt;https://github.com/pyca/pyopenssl/pull/753&gt;`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
  `734 &lt;https://github.com/pyca/pyopenssl/pull/734&gt;`_


----
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyopenssl
  - Changelog: https://pyup.io/changelogs/pyopenssl/
  - Homepage: https://pyopenssl.org/
  - Docs: https://pythonhosted.org/pyOpenSSL/
</details>
bors-fusion bot added a commit to fusionapp/entropy that referenced this issue May 28, 2018
188: Scheduled weekly dependency update for week 21 r=mithrandi a=pyup-bot






### Update [pyasn1](https://pypi.org/project/pyasn1) from **0.4.2** to **0.4.3**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyasn1
  - Changelog: https://pyup.io/changelogs/pyasn1/
  - Repo: https://github.com/etingof/pyasn1
</details>





### Update [pyopenssl](https://pypi.org/project/pyopenssl) from **17.5.0** to **18.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0.0
   ```
   -------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
  `733 &lt;https://github.com/pyca/pyopenssl/pull/733&gt;`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
  `753 &lt;https://github.com/pyca/pyopenssl/pull/753&gt;`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
  `734 &lt;https://github.com/pyca/pyopenssl/pull/734&gt;`_


----
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyopenssl
  - Changelog: https://pyup.io/changelogs/pyopenssl/
  - Homepage: https://pyopenssl.org/
  - Docs: https://pythonhosted.org/pyOpenSSL/
</details>





### Update [python-dateutil](https://pypi.org/project/python-dateutil) from **2.7.2** to **2.7.3**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/python-dateutil
  - Changelog: https://pyup.io/changelogs/python-dateutil/
  - Docs: https://dateutil.readthedocs.io
</details>



Co-authored-by: pyup-bot <github-bot@pyup.io>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants