Skip to content

Implement more SSL methods #6210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
youknowone merged 22 commits into from
Oct 26, 2025
Merged

Implement more SSL methods #6210

Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
6af5fa8
openssl-sys version
youknowone Oct 23, 2025
b6a1272
selected_alpn_protocol
youknowone Oct 23, 2025
02d49fa
get_ciphers
youknowone Oct 23, 2025
1878e3d
get_channel_binding
youknowone Oct 23, 2025
0f68a42
Add Tls1_1 and Tls1_2
youknowone Oct 23, 2025
b64fdd7
consts
youknowone Oct 23, 2025
666381a
fix ssl truncate bug
youknowone Oct 23, 2025
efddfce
verify_flags
youknowone Oct 23, 2025
a262e85
shared ciphers
youknowone Oct 23, 2025
97f11dc
verify_client_post_handshake
youknowone Oct 23, 2025
5b2b64c
shutdown
youknowone Oct 23, 2025
6abf7f1
get_verified_chain
youknowone Oct 23, 2025
c3dad1d
fix lints
youknowone Oct 25, 2025
68f8655
fix _wrap_socket
youknowone Oct 24, 2025
9ddd43c
Fix convert_openssl_error
youknowone Oct 24, 2025
fa54752
clean up ssl
youknowone Oct 24, 2025
04f2b0a
X509_check_ca
youknowone Oct 25, 2025
e568f49
set default verify flag
youknowone Oct 25, 2025
9fa10eb
Fix version
youknowone Oct 25, 2025
b030e1a
fix import
youknowone Oct 25, 2025
422ea8c
consts
youknowone Oct 25, 2025
91df67c
fix httplib
youknowone Oct 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
shared ciphers
  • Loading branch information
@youknowone
youknowone committed Oct 25, 2025
commit a262e856bb3b41f145242180717226af25959379
73 changes: 73 additions & 0 deletions stdlib/src/ssl.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1161,6 +1161,69 @@ mod _ssl {
.map(cipher_to_tuple)
}

#[pymethod]
fn shared_ciphers(&self, vm: &VirtualMachine) -> Option<PyListRef> {
#[cfg(ossl110)]
{
let stream = self.stream.read();
unsafe {
let server_ciphers = SSL_get_ciphers(stream.ssl().as_ptr());
if server_ciphers.is_null() {
return None;
}

let client_ciphers = SSL_get_client_ciphers(stream.ssl().as_ptr());
if client_ciphers.is_null() {
return None;
}

let mut result = Vec::new();
let num_server = sys::OPENSSL_sk_num(server_ciphers as *const _);
let num_client = sys::OPENSSL_sk_num(client_ciphers as *const _);

for i in 0..num_server {
let server_cipher_ptr = sys::OPENSSL_sk_value(server_ciphers as *const _, i)
as *const sys::SSL_CIPHER;

// Check if client supports this cipher by comparing pointers
let mut found = false;
for j in 0..num_client {
let client_cipher_ptr =
sys::OPENSSL_sk_value(client_ciphers as *const _, j)
as *const sys::SSL_CIPHER;

if server_cipher_ptr == client_cipher_ptr {
found = true;
break;
}
}

if found {
let cipher = ssl::SslCipherRef::from_ptr(server_cipher_ptr as *mut _);
let (name, version, bits) = cipher_to_tuple(cipher);
let tuple = vm.new_tuple((
vm.ctx.new_str(name),
vm.ctx.new_str(version),
vm.ctx.new_int(bits),
));
result.push(tuple.into());
}
}

if result.is_empty() {
None
} else {
Some(vm.ctx.new_list(result))
}
}
}
#[cfg(not(ossl110))]
{
let _ = vm;
None
}
}

#[pymethod]
fn selected_alpn_protocol(&self) -> Option<String> {
#[cfg(ossl102)]
Expand Down Expand Up @@ -1536,6 +1599,16 @@ mod _ssl {
unsafe impl Send for PySslMemoryBio {}
unsafe impl Sync for PySslMemoryBio {}

// OpenSSL functions not in openssl-sys
unsafe extern "C" {
fn SSL_get_ciphers(ssl: *const sys::SSL) -> *const sys::stack_st_SSL_CIPHER;
}

#[cfg(ossl110)]
unsafe extern "C" {
fn SSL_get_client_ciphers(ssl: *const sys::SSL) -> *const sys::stack_st_SSL_CIPHER;
}

// OpenSSL BIO helper functions
// These are typically macros in OpenSSL, implemented via BIO_ctrl
const BIO_CTRL_PENDING: libc::c_int = 10;
Expand Down