Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Context.set_tlsext_use_srtp #734

Merged
merged 2 commits into from May 16, 2018
Merged

Add Context.set_tlsext_use_srtp #734

merged 2 commits into from May 16, 2018

Conversation

@jlaine
Copy link
Contributor

@jlaine jlaine commented Feb 6, 2018

This allows negotiating SRTP keying material, which is useful when using
DTLS-SRTP, as WebRTC does for example.

This depends on:
pyca/cryptography#4099

@jlaine jlaine force-pushed the jlaine:tlsext-srtp branch 2 times, most recently from 66e59c6 to e8b810e Feb 6, 2018
@codecov
Copy link

@codecov codecov bot commented Feb 6, 2018

Codecov Report

Merging #734 into master will increase coverage by 0.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #734      +/-   ##
==========================================
+ Coverage   97.05%   97.06%   +0.01%     
==========================================
  Files          18       18              
  Lines        5705     5726      +21     
  Branches      395      396       +1     
==========================================
+ Hits         5537     5558      +21     
  Misses        112      112              
  Partials       56       56
Impacted Files Coverage Δ
src/OpenSSL/SSL.py 94.97% <100%> (+0.05%) ⬆️
tests/test_ssl.py 99.13% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7cc15e8...fc2c661. Read the comment docs.

@jlaine
Copy link
Contributor Author

@jlaine jlaine commented Feb 10, 2018

I'm not sure what the best form would be for the "profiles" argument. Two possibilities:

  • A colon-delimited bytestring : this mimics the OpenSSL API exactly, and works the same as existing Context.set_cipher_list for example

  • A list of bytestrings : this feels somewhat more pythonic, but deviates from the OpenSSL API

Suggestions?

@reaperhulk
Copy link
Member

@reaperhulk reaperhulk commented Feb 13, 2018

I dislike the OpenSSL APIs for this, but pyOpenSSL generally doesn't abstract much away and since we already have an API that exposes colon delimited behavior it probably makes sense for this one to look like that as well.

One day we'll have a nice TLS API. pyOpenSSL won't be it...

@jlaine
Copy link
Contributor Author

@jlaine jlaine commented Feb 13, 2018

OK thanks for the feedback I'll write the corresponding API docs.

Quick question : any reason why we don't use sphinx.autodoc's automethod? It seems a shame to have to duplicate the docstrings everywhere.

@jlaine jlaine force-pushed the jlaine:tlsext-srtp branch from e8b810e to 152cbcd Feb 13, 2018
@hynek
Copy link
Contributor

@hynek hynek commented Feb 13, 2018

We do for new code. Nobody wanted to spend their time to move everything to docstrings yet.

@jlaine
Copy link
Contributor Author

@jlaine jlaine commented Feb 13, 2018

Duly noted, I've updated my pull request to use automethod

@jlaine jlaine force-pushed the jlaine:tlsext-srtp branch 2 times, most recently from 77350e9 to bcd6ce9 Feb 19, 2018
@jlaine
Copy link
Contributor Author

@jlaine jlaine commented Mar 19, 2018

This requires #742

This allows negotiating SRTP keying material, which is useful when using
DTLS-SRTP, as WebRTC does for example.
@jlaine jlaine force-pushed the jlaine:tlsext-srtp branch from bcd6ce9 to 81c9ebd Mar 21, 2018
@jlaine
Copy link
Contributor Author

@jlaine jlaine commented Mar 27, 2018

@reaperhulk anything you'd like me to change with this PR?

@reaperhulk
Copy link
Member

@reaperhulk reaperhulk commented May 16, 2018

@jlaine could you rebase this?

@reaperhulk
Copy link
Member

@reaperhulk reaperhulk commented May 16, 2018

Actually I can resolve, nevermind :)

@reaperhulk reaperhulk added this to the 18.0.0 milestone May 16, 2018
@reaperhulk reaperhulk merged commit 02261ad into pyca:master May 16, 2018
3 checks passed
3 checks passed
codecov/patch 100% of diff hit (target 97.05%)
Details
codecov/project 97.06% (+<.01%) compared to 7cc15e8
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
bors-fusion bot added a commit to fusionapp/fusion-index that referenced this pull request May 21, 2018
Merge #197
197: Scheduled weekly dependency update for week 20 r=mithrandi a=pyup-bot






### Update [hypothesis](https://pypi.org/project/hypothesis) from **3.56.5** to **3.57.0**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/hypothesis
  - Repo: https://github.com/HypothesisWorks/hypothesis/issues
</details>





### Update [pbr](https://pypi.org/project/pbr) from **4.0.2** to **4.0.3**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pbr
  - Homepage: https://docs.openstack.org/pbr/latest/
</details>





### Update [pyopenssl](https://pypi.org/project/pyopenssl) from **17.5.0** to **18.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0.0
   ```
   -------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
  `733 &lt;https://github.com/pyca/pyopenssl/pull/733&gt;`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
  `753 &lt;https://github.com/pyca/pyopenssl/pull/753&gt;`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
  `734 &lt;https://github.com/pyca/pyopenssl/pull/734&gt;`_


----
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyopenssl
  - Changelog: https://pyup.io/changelogs/pyopenssl/
  - Homepage: https://pyopenssl.org/
  - Docs: https://pythonhosted.org/pyOpenSSL/
</details>
bors-fusion bot added a commit to fusionapp/documint that referenced this pull request May 21, 2018
Merge #134
134: Scheduled weekly dependency update for week 20 r=mithrandi a=pyup-bot






### Update [pyopenssl](https://pypi.org/project/pyopenssl) from **17.5.0** to **18.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0.0
   ```
   -------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
  `733 &lt;https://github.com/pyca/pyopenssl/pull/733&gt;`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
  `753 &lt;https://github.com/pyca/pyopenssl/pull/753&gt;`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
  `734 &lt;https://github.com/pyca/pyopenssl/pull/734&gt;`_


----
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyopenssl
  - Changelog: https://pyup.io/changelogs/pyopenssl/
  - Homepage: https://pyopenssl.org/
  - Docs: https://pythonhosted.org/pyOpenSSL/
</details>
bors-fusion bot added a commit to fusionapp/entropy that referenced this pull request May 28, 2018
Merge #188
188: Scheduled weekly dependency update for week 21 r=mithrandi a=pyup-bot






### Update [pyasn1](https://pypi.org/project/pyasn1) from **0.4.2** to **0.4.3**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyasn1
  - Changelog: https://pyup.io/changelogs/pyasn1/
  - Repo: https://github.com/etingof/pyasn1
</details>





### Update [pyopenssl](https://pypi.org/project/pyopenssl) from **17.5.0** to **18.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0.0
   ```
   -------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
  `733 &lt;https://github.com/pyca/pyopenssl/pull/733&gt;`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
  `753 &lt;https://github.com/pyca/pyopenssl/pull/753&gt;`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
  `734 &lt;https://github.com/pyca/pyopenssl/pull/734&gt;`_


----
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyopenssl
  - Changelog: https://pyup.io/changelogs/pyopenssl/
  - Homepage: https://pyopenssl.org/
  - Docs: https://pythonhosted.org/pyOpenSSL/
</details>





### Update [python-dateutil](https://pypi.org/project/python-dateutil) from **2.7.2** to **2.7.3**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/python-dateutil
  - Changelog: https://pyup.io/changelogs/python-dateutil/
  - Docs: https://dateutil.readthedocs.io
</details>



Co-authored-by: pyup-bot <github-bot@pyup.io>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants