◐ Shell
clean mode source ↗

Update ssl from v3.14.3 and add _ssl.HAS_PHA by youknowone · Pull Request #7283 · RustPython/RustPython

CPython Developers

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 919a146 and 3e3165b.

⛔ Files ignored due to path filters (23)
  • Lib/ssl.py is excluded by !Lib/**
  • Lib/test/certdata/allsans.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/capath/b1930218.0 is excluded by !Lib/**
  • Lib/test/certdata/capath/ceff1710.0 is excluded by !Lib/**
  • Lib/test/certdata/cert3.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/idnsans.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/keycert.passwd.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/keycert.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/keycert.pem.reference is excluded by !Lib/**
  • Lib/test/certdata/keycert2.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/keycert3.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/keycert4.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/keycertecc.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/make_ssl_certs.py is excluded by !Lib/**
  • Lib/test/certdata/nosan.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/pycacert.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/pycakey.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/revocation.crl is excluded by !Lib/**
  • Lib/test/certdata/ssl_cert.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/ssl_key.passwd.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/certdata/ssl_key.pem is excluded by !**/*.pem, !Lib/**
  • Lib/test/ssl_servers.py is excluded by !Lib/**
  • Lib/test/test_ssl.py is excluded by !Lib/**
📒 Files selected for processing (2)
  • crates/stdlib/src/openssl.rs
  • crates/stdlib/src/ssl.rs
📝 Walkthrough

Walkthrough

The changes add a new HAS_PHA (Post-Handshake Auth) constant to the _ssl module and refactor the PySslContext.set_options method to accept a signed integer with validation ensuring non-negative values, replacing the previous unsigned long parameter.

Changes

Cohort / File(s) Summary
HAS_PHA constant additions
crates/stdlib/src/openssl.rs, crates/stdlib/src/ssl.rs		 Added new public HAS_PHA boolean attribute to _ssl module. In openssl.rs, conditionally set to cfg!(ossl111) for OpenSSL 1.1.1+ support; in ssl.rs, set to false by default.
set_options method refactoring
crates/stdlib/src/openssl.rs, crates/stdlib/src/ssl.rs		 Updated PySslContext.set_options signature from (&self, libc::c_ulong) to (&self, i64, &VirtualMachine) -> PyResult<()> with added validation rejecting negative option values.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

  • Implement more SSL methods #6210: Adds OpenSSL 1.1.1–related feature flags and extends PySslContext functionality alongside HAS_PHA and set_options modifications in the same _ssl module surface.

Suggested reviewers

  • coolreader18
  • ShaharNaveh

Poem

🐰 A hop and a skip through SSL updates bright,
With HAS_PHA flags shining in the light,
Options now validated, no negatives allowed,
OpenSSL 1.1.1 support—we're quite proud! ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main changes: updating ssl library from CPython v3.14.3 and adding the _ssl.HAS_PHA constant, matching the PR objectives.
Linked Issues check ✅ Passed The PR addresses issue #7219 requirements: adds HAS_PHA constant, updates ssl to v3.14.3, and fixes set_options validation for negative values as intended.
Out of Scope Changes check ✅ Passed All changes relate directly to SSL module updates and HAS_PHA constant addition. No extraneous modifications detected outside the stated objectives.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.