[issue8106] SSL session management
Antoine Pitrou
report at bugs.python.org
Thu Apr 17 13:09:25 CEST 2014
Antoine Pitrou added the comment:
Ok, I propose the following plan:
- add a new opaque type allowing to wrap a SSL_SESSION
- add a get_session() method to SSLSocket, returning the current session
- add an optional "session=..." parameter to SSLContext.wrap_socket, allowing to specify a session which we hope to reuse during the handshake
There is however, one complication (from OpenSSL man pages):
"""SSL_SESSION objects keep internal link information about the session cache list, when being inserted into one SSL_CTX object's session cache. One SSL_SESSION object, regardless of its reference count, must therefore only be used with one SSL_CTX object (and the SSL objects created from this SSL_CTX object)."""
So we would somehow also need to keep a pointer to the SSL context in our session object wrapper, and check that the session isn't reused with another context... (yuck)
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue8106>
_______________________________________
More information about the Python-bugs-list
mailing list