Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add timeout parameter for get_server_certificate in ssl.py #76051

Closed
nixawk mannequin opened this issue Oct 26, 2017 · 4 comments
Closed

add timeout parameter for get_server_certificate in ssl.py #76051

nixawk mannequin opened this issue Oct 26, 2017 · 4 comments
Assignees
Labels
3.10 expert-SSL type-feature

Comments

@nixawk
Copy link
Mannequin

@nixawk nixawk mannequin commented Oct 26, 2017

BPO 31870
Nosy @tiran, @alex, @dstufft, @nixawk, @ZackerySpytz, @miss-islington
PRs
  • #4126
  • #22270
  • #25570
  • Files
  • ssl.py: Added timeout support for func get_server_certificate in ssl module.
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
    closed_at = <Date 2021-04-24.04:57:49.322>
    created_at = <Date 2017-10-26.04:11:25.449>
    labels = ['expert-SSL', 'type-feature', '3.10']
    title = 'add timeout parameter for get_server_certificate in ssl.py'
    updated_at = <Date 2021-04-24.05:54:11.227>
    user = 'https://github.com/Nixawk'

    bugs.python.org fields:

    activity = <Date 2021-04-24.05:54:11.227>
    actor = 'christian.heimes'
    assignee = 'christian.heimes'
    closed = True
    closed_date = <Date 2021-04-24.04:57:49.322>
    closer = 'christian.heimes'
    components = ['SSL']
    creation = <Date 2017-10-26.04:11:25.449>
    creator = 'Nixawk'
    dependencies = []
    files = ['47238']
    hgrepos = []
    issue_num = 31870
    keywords = ['patch']
    message_count = 4.0
    messages = ['305021', '312879', '391758', '391760']
    nosy_count = 7.0
    nosy_names = ['janssen', 'christian.heimes', 'alex', 'dstufft', 'Nixawk', 'ZackerySpytz', 'miss-islington']
    pr_nums = ['4126', '22270', '25570']
    priority = 'normal'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'enhancement'
    url = 'https://bugs.python.org/issue31870'
    versions = ['Python 3.10']

    @nixawk
    Copy link
    Mannequin Author

    @nixawk nixawk mannequin commented Oct 26, 2017

    The original get_server_certificate in ssl.py does not support socket timeout,

    def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None):
        """Retrieve the certificate from the server at the specified address,
        and return it as a PEM-encoded string.
        If 'ca_certs' is specified, validate the server cert against it.
        If 'ssl_version' is specified, use it in the connection attempt."""
    host, port = addr
    if ca_certs is not None:
        cert_reqs = CERT_REQUIRED
    else:
        cert_reqs = CERT_NONE
    context = _create_stdlib_context(ssl_version,
                                     cert_reqs=cert_reqs,
                                     cafile=ca_certs)
    with  create_connection(addr) as sock:
        with context.wrap_socket(sock) as sslsock:
            dercert = sslsock.getpeercert(True)
    return DER_cert_to_PEM_cert(dercert)
    

    If a timeout parameter, a sample demo can be here:

    >>> import ssl
    >>> ssl.get_server_certificate(("www.qq.com", 443), timeout=6)
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib/python2.7/ssl.py", line 1017, in get_server_certificate
        with closing(create_connection(addr, timeout)) as sock:
      File "/usr/lib/python2.7/socket.py", line 575, in create_connection
        raise err
    socket.error: [Errno 101] Network is unreachable

    @nixawk nixawk mannequin added stdlib type-feature labels Oct 26, 2017
    @tiran tiran added expert-SSL 3.7 and removed stdlib labels Nov 3, 2017
    @tiran tiran self-assigned this Nov 3, 2017
    @tiran
    Copy link
    Member

    @tiran tiran commented Feb 26, 2018

    It's too late to land a new feature in 3.7.

    @tiran tiran added 3.8 and removed 3.7 labels Feb 26, 2018
    @miss-islington
    Copy link
    Contributor

    @miss-islington miss-islington commented Apr 24, 2021

    New changeset b2fac1a by Zackery Spytz in branch 'master':
    bpo-31870: Add a timeout parameter to ssl.get_server_certificate() (GH-22270)
    b2fac1a

    @tiran tiran added 3.10 and removed 3.8 labels Apr 24, 2021
    @tiran tiran closed this as completed Apr 24, 2021
    @tiran
    Copy link
    Member

    @tiran tiran commented Apr 24, 2021

    New changeset f05c2ae by Christian Heimes in branch 'master':
    bpo-31870: Fix test_get_server_certificate_timeout on Windows (GH-25570)
    f05c2ae

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.10 expert-SSL type-feature
    Projects
    None yet
    Development

    No branches or pull requests

    2 participants