New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Context.set_tlsext_use_srtp #734

Merged
merged 2 commits into from May 16, 2018

Conversation

Projects
None yet
3 participants
@jlaine
Contributor

jlaine commented Feb 6, 2018

This allows negotiating SRTP keying material, which is useful when using
DTLS-SRTP, as WebRTC does for example.

This depends on:
pyca/cryptography#4099

@jlaine jlaine force-pushed the jlaine:tlsext-srtp branch 2 times, most recently from 66e59c6 to e8b810e Feb 6, 2018

@codecov

This comment has been minimized.

codecov bot commented Feb 6, 2018

Codecov Report

Merging #734 into master will increase coverage by 0.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #734      +/-   ##
==========================================
+ Coverage   97.05%   97.06%   +0.01%     
==========================================
  Files          18       18              
  Lines        5705     5726      +21     
  Branches      395      396       +1     
==========================================
+ Hits         5537     5558      +21     
  Misses        112      112              
  Partials       56       56
Impacted Files Coverage Δ
src/OpenSSL/SSL.py 94.97% <100%> (+0.05%) ⬆️
tests/test_ssl.py 99.13% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7cc15e8...fc2c661. Read the comment docs.

@jlaine

This comment has been minimized.

Contributor

jlaine commented Feb 10, 2018

I'm not sure what the best form would be for the "profiles" argument. Two possibilities:

  • A colon-delimited bytestring : this mimics the OpenSSL API exactly, and works the same as existing Context.set_cipher_list for example

  • A list of bytestrings : this feels somewhat more pythonic, but deviates from the OpenSSL API

Suggestions?

@reaperhulk

This comment has been minimized.

Member

reaperhulk commented Feb 13, 2018

I dislike the OpenSSL APIs for this, but pyOpenSSL generally doesn't abstract much away and since we already have an API that exposes colon delimited behavior it probably makes sense for this one to look like that as well.

One day we'll have a nice TLS API. pyOpenSSL won't be it...

@jlaine

This comment has been minimized.

Contributor

jlaine commented Feb 13, 2018

OK thanks for the feedback I'll write the corresponding API docs.

Quick question : any reason why we don't use sphinx.autodoc's automethod? It seems a shame to have to duplicate the docstrings everywhere.

@jlaine jlaine force-pushed the jlaine:tlsext-srtp branch from e8b810e to 152cbcd Feb 13, 2018

@hynek

This comment has been minimized.

Contributor

hynek commented Feb 13, 2018

We do for new code. Nobody wanted to spend their time to move everything to docstrings yet.

@jlaine

This comment has been minimized.

Contributor

jlaine commented Feb 13, 2018

Duly noted, I've updated my pull request to use automethod

@jlaine jlaine force-pushed the jlaine:tlsext-srtp branch 2 times, most recently from 77350e9 to bcd6ce9 Feb 19, 2018

@jlaine

This comment has been minimized.

Contributor

jlaine commented Mar 19, 2018

This requires #742

Add Context.set_tlsext_use_srtp
This allows negotiating SRTP keying material, which is useful when using
DTLS-SRTP, as WebRTC does for example.

@jlaine jlaine force-pushed the jlaine:tlsext-srtp branch from bcd6ce9 to 81c9ebd Mar 21, 2018

@jlaine

This comment has been minimized.

Contributor

jlaine commented Mar 27, 2018

@reaperhulk anything you'd like me to change with this PR?

@reaperhulk

This comment has been minimized.

Member

reaperhulk commented May 16, 2018

@jlaine could you rebase this?

@reaperhulk

This comment has been minimized.

Member

reaperhulk commented May 16, 2018

Actually I can resolve, nevermind :)

@reaperhulk reaperhulk added this to the 18.0.0 milestone May 16, 2018

@reaperhulk reaperhulk merged commit 02261ad into pyca:master May 16, 2018

3 checks passed

codecov/patch 100% of diff hit (target 97.05%)
Details
codecov/project 97.06% (+<.01%) compared to 7cc15e8
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

bors-fusion bot added a commit to fusionapp/fusion-index that referenced this pull request May 21, 2018

Merge #197
197: Scheduled weekly dependency update for week 20 r=mithrandi a=pyup-bot






### Update [hypothesis](https://pypi.org/project/hypothesis) from **3.56.5** to **3.57.0**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/hypothesis
  - Repo: https://github.com/HypothesisWorks/hypothesis/issues
</details>





### Update [pbr](https://pypi.org/project/pbr) from **4.0.2** to **4.0.3**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pbr
  - Homepage: https://docs.openstack.org/pbr/latest/
</details>





### Update [pyopenssl](https://pypi.org/project/pyopenssl) from **17.5.0** to **18.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0.0
   ```
   -------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
  `733 &lt;https://github.com/pyca/pyopenssl/pull/733&gt;`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
  `753 &lt;https://github.com/pyca/pyopenssl/pull/753&gt;`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
  `734 &lt;https://github.com/pyca/pyopenssl/pull/734&gt;`_


----
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyopenssl
  - Changelog: https://pyup.io/changelogs/pyopenssl/
  - Homepage: https://pyopenssl.org/
  - Docs: https://pythonhosted.org/pyOpenSSL/
</details>

bors-fusion bot added a commit to fusionapp/documint that referenced this pull request May 21, 2018

Merge #134
134: Scheduled weekly dependency update for week 20 r=mithrandi a=pyup-bot






### Update [pyopenssl](https://pypi.org/project/pyopenssl) from **17.5.0** to **18.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0.0
   ```
   -------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
  `733 &lt;https://github.com/pyca/pyopenssl/pull/733&gt;`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
  `753 &lt;https://github.com/pyca/pyopenssl/pull/753&gt;`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
  `734 &lt;https://github.com/pyca/pyopenssl/pull/734&gt;`_


----
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyopenssl
  - Changelog: https://pyup.io/changelogs/pyopenssl/
  - Homepage: https://pyopenssl.org/
  - Docs: https://pythonhosted.org/pyOpenSSL/
</details>

bors-fusion bot added a commit to fusionapp/entropy that referenced this pull request May 28, 2018

Merge #188
188: Scheduled weekly dependency update for week 21 r=mithrandi a=pyup-bot






### Update [pyasn1](https://pypi.org/project/pyasn1) from **0.4.2** to **0.4.3**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyasn1
  - Changelog: https://pyup.io/changelogs/pyasn1/
  - Repo: https://github.com/etingof/pyasn1
</details>





### Update [pyopenssl](https://pypi.org/project/pyopenssl) from **17.5.0** to **18.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0.0
   ```
   -------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
  `733 &lt;https://github.com/pyca/pyopenssl/pull/733&gt;`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
  `753 &lt;https://github.com/pyca/pyopenssl/pull/753&gt;`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
  `734 &lt;https://github.com/pyca/pyopenssl/pull/734&gt;`_


----
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyopenssl
  - Changelog: https://pyup.io/changelogs/pyopenssl/
  - Homepage: https://pyopenssl.org/
  - Docs: https://pythonhosted.org/pyOpenSSL/
</details>





### Update [python-dateutil](https://pypi.org/project/python-dateutil) from **2.7.2** to **2.7.3**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/python-dateutil
  - Changelog: https://pyup.io/changelogs/python-dateutil/
  - Docs: https://dateutil.readthedocs.io
</details>



Co-authored-by: pyup-bot <github-bot@pyup.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment