[issue32257] Support Disabling Renegotiation for SSLContext
Christian Heimes
report at bugs.python.org
Sat Dec 9 06:57:28 EST 2017
Christian Heimes <lists at cheimes.de> added the comment:
Thanks for your patch, a few comments
We generally don't have special functions to set flags. SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS is an OpenSSL < 1.1.0 option. OpenSSL 1.1.0 still defines the flag but no longer uses it. With your patch, the Python function would fail with a NameError.
I don't think that self.options is the right way to set that flag. The option attribute manipulates SSL_CTX->options, which affects SSL->options. The flag has to be set on SSL->s3->flags.
Your patch is missing documentation update and tests.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32257>
_______________________________________
More information about the Python-bugs-list
mailing list