Skip to content

Implement more SSL methods #6210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
youknowone merged 22 commits into from
Oct 26, 2025
Merged

Implement more SSL methods #6210

Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
6af5fa8
openssl-sys version
youknowone Oct 23, 2025
b6a1272
selected_alpn_protocol
youknowone Oct 23, 2025
02d49fa
get_ciphers
youknowone Oct 23, 2025
1878e3d
get_channel_binding
youknowone Oct 23, 2025
0f68a42
Add Tls1_1 and Tls1_2
youknowone Oct 23, 2025
b64fdd7
consts
youknowone Oct 23, 2025
666381a
fix ssl truncate bug
youknowone Oct 23, 2025
efddfce
verify_flags
youknowone Oct 23, 2025
a262e85
shared ciphers
youknowone Oct 23, 2025
97f11dc
verify_client_post_handshake
youknowone Oct 23, 2025
5b2b64c
shutdown
youknowone Oct 23, 2025
6abf7f1
get_verified_chain
youknowone Oct 23, 2025
c3dad1d
fix lints
youknowone Oct 25, 2025
68f8655
fix _wrap_socket
youknowone Oct 24, 2025
9ddd43c
Fix convert_openssl_error
youknowone Oct 24, 2025
fa54752
clean up ssl
youknowone Oct 24, 2025
04f2b0a
X509_check_ca
youknowone Oct 25, 2025
e568f49
set default verify flag
youknowone Oct 25, 2025
9fa10eb
Fix version
youknowone Oct 25, 2025
b030e1a
fix import
youknowone Oct 25, 2025
422ea8c
consts
youknowone Oct 25, 2025
91df67c
fix httplib
youknowone Oct 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
get_channel_binding
  • Loading branch information
@youknowone
youknowone committed Oct 25, 2025
commit 1878e3dd2c421707f80d7ea9ac13a1e2b3f0445d
45 changes: 44 additions & 1 deletion stdlib/src/ssl.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ mod _ssl {
socket::{self, PySocket},
vm::{
Py, PyObjectRef, PyPayload, PyRef, PyResult, VirtualMachine,
builtins::{PyBaseExceptionRef, PyListRef, PyStrRef, PyType, PyTypeRef, PyWeak},
builtins::{PyBaseExceptionRef, PyBytesRef, PyListRef, PyStrRef, PyType, PyTypeRef, PyWeak},
class_or_notimplemented,
convert::{ToPyException, ToPyObject},
exceptions,
Expand Down Expand Up @@ -1139,6 +1139,49 @@ mod _ssl {
}
}

#[pymethod]
fn get_channel_binding(
&self,
cb_type: OptionalArg<PyStrRef>,
vm: &VirtualMachine,
) -> PyResult<Option<PyBytesRef>> {
const CB_MAXLEN: usize = 512;

let cb_type_str = cb_type.as_ref().map_or("tls-unique", |s| s.as_str());

if cb_type_str != "tls-unique" {
return Err(vm.new_value_error(format!(
"Unsupported channel binding type '{}'",
cb_type_str
)));
}

let stream = self.stream.read();
let ssl_ptr = stream.ssl().as_ptr();

unsafe {
let session_reused = sys::SSL_session_reused(ssl_ptr) != 0;
let is_client = matches!(self.socket_type, SslServerOrClient::Client);

// Use XOR logic from CPython
let use_finished = session_reused ^ is_client;

let mut buf = vec![0u8; CB_MAXLEN];
let len = if use_finished {
sys::SSL_get_finished(ssl_ptr, buf.as_mut_ptr() as *mut _, CB_MAXLEN)
} else {
sys::SSL_get_peer_finished(ssl_ptr, buf.as_mut_ptr() as *mut _, CB_MAXLEN)
};

if len == 0 {
Ok(None)
} else {
buf.truncate(len);
Ok(Some(vm.ctx.new_bytes(buf)))
}
}
}

#[cfg(osslconf = "OPENSSL_NO_COMP")]
#[pymethod]
fn compression(&self) -> Option<&'static str> {
Expand Down