◐ Shell clean mode source ↗

Issue 25214: asyncio ssl transport regression

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/69401

classification

Title:	asyncio ssl transport regression
Type:	behavior	Stage:	resolved
Components:	asyncio	Versions:	Python 3.6, Python 3.5

process

Status:	closed	Resolution:	duplicate
Dependencies:		Superseder:	asyncio: add ssl_object extra info View: 25114
Assigned To:		Nosy List:	asvetlov, gvanrossum, vstinner, yselivanov
Priority:	normal	Keywords:	3.5regression

Created on 2015-09-22 14:16 by asvetlov, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (6)
msg251323 - (view)	Author: Andrew Svetlov (asvetlov) *	Date: 2015-09-22 14:16
Before using SSL BIO (which is great itself BTW) I has a way to access peers certificate by `ssl_transp.get_extra_info('socket').getpeercert()` call. Now socket is a regular socket without `.getpeercert()` method. I use hack like `ssl_transp._ssl_protocol._sslpipe.ssl_object.getpeercert()` as workaround but really interesting in the proper way to do this using public API only. I suggest adding 'ssl_object' key to `ssl_proto` for BIO-based SSL. Thoughts? P.S. See aiohttp commit for workaround bugfix: https://github.com/KeepSafe/aiohttp/commit/e286d4f9fb1993de2438bdca40712cf1660faf9e
msg251338 - (view)	Author: STINNER Victor (vstinner) *	Date: 2015-09-22 18:31
The specific case of getpeercert(), there is an extra info. For other info, did you notice that I just added ssl_object to extra info? :-) http://bugs.python.org/issue25114
msg251424 - (view)	Author: Andrew Svetlov (asvetlov) *	Date: 2015-09-23 12:00
I've missed your patch, sorry. Everything is fixed by http://bugs.python.org/issue25114
msg251425 - (view)	Author: STINNER Victor (vstinner) *	Date: 2015-09-23 12:03
> I've missed your patch, sorry. There is no need to be sorry :-) > Everything is fixed by http://bugs.python.org/issue25114 Wow, great :-) Thanks again Mathieu Pasquet who reported the issue #22768.
msg251426 - (view)	Author: Andrew Svetlov (asvetlov) *	Date: 2015-09-23 12:30
BTW for fingerprint check for self-signed certs I need binary form of certificate `ssl_obj.getpeercert(binary_form=True)` but `transp.get_extra_info('peercert')` returns a dict-based form.
msg251427 - (view)	Author: STINNER Victor (vstinner) *	Date: 2015-09-23 12:42
>> Thanks again Mathieu Pasquet who reported the issue #22768. > BTW for fingerprint check for self-signed certs I need binary form of certificate `ssl_obj.getpeercert(binary_form=True)` but `transp.get_extra_info('peercert')` returns a dict-based form. Yes, it's exactly the use case described in #22768 ;-) But ssl_object extra info is more generic, it gives access to all SSL methods.

History
Date	User	Action	Args
2022-04-11 14:58:21	admin	set	github: 69401
2015-09-23 12:42:13	vstinner	set	messages: + msg251427
2015-09-23 12:30:45	asvetlov	set	messages: + msg251426
2015-09-23 12:03:14	vstinner	set	status: open -> closed superseder: asyncio: add ssl_object extra info messages: + msg251425
2015-09-23 12:00:42	asvetlov	set	resolution: duplicate messages: + msg251424 stage: resolved
2015-09-22 18:31:16	vstinner	set	messages: + msg251338
2015-09-22 14:16:37	asvetlov	create