Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

gh-105293: Do not call SSL_CTX_set_session_id_context on client side SSL context#105295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
gpshead merged 2 commits intopython:mainfromgrantramsay:fix-issue-105293
Jul 14, 2023

Conversation

@grantramsay
Copy link
Contributor

@grantramsaygrantramsay commentedJun 4, 2023
edited by bedevere-bot
Loading

@bedevere-bot
Copy link

Most changes to Pythonrequire a NEWS entry.

Please add it using theblurb_it web app or theblurb command-line tool.

@grantramsay
Copy link
ContributorAuthor

For back-compatibility, possiblySSL_CTX_set_session_id_context should also be called inssl.wrap_socket ifserver_side and using one of the deprecatedssl.PROTOCOL_* enums. I can make that changes if reviewers think it is necessary

@gpshead
Copy link
Member

For back-compatibility, possiblySSL_CTX_set_session_id_context should also be called inssl.wrap_socket ifserver_side and using one of the deprecatedssl.PROTOCOL_* enums. I can make that changes if reviewers think it is necessary

It sounds like that makes sense. go for it in this PR and we'll take a look.

add some form of news entry once you've done that as well.

grantramsay reacted with thumbs up emoji

@gpsheadgpshead self-assigned thisJun 5, 2023
@grantramsay
Copy link
ContributorAuthor

grantramsay commentedJun 5, 2023
edited
Loading

For back-compatibility, possiblySSL_CTX_set_session_id_context should also be called inssl.wrap_socket ifserver_side and using one of the deprecatedssl.PROTOCOL_* enums. I can make that changes if reviewers think it is necessary

It sounds like that makes sense. go for it in this PR and we'll take a look.

add some form of news entry once you've done that as well.

Maybe I should just remove the call toSSL_CTX_set_session_id_context and only callSSL_set_session_id_context on theSSL object? This would avoid doing the same thing in two places

Edit: although doing it at the context level will be slightly cleaner once the deprecated methods are removed...

… side SSL contextOpenssl states this is a "server side only" operation.Calling this on a client side socket can result in unexpected behavior
@gramsay0
Copy link

@gpshead I've updated this to only callSSL_set_session_id_context on the SSL object

@gpsheadgpshead added needs backport to 3.12only security fixes and removed needs backport to 3.12only security fixes labelsJul 14, 2023
@gpsheadgpshead merged commit21d98be intopython:mainJul 14, 2023
kgdiem pushed a commit to kgdiem/cpython that referenced this pull requestJul 14, 2023
… side SSL context (python#105295)*pythongh-105293: Do not call SSL_CTX_set_session_id_context on client side SSL contextOpenssl states this is a "server side only" operation.Calling this on a client side socket can result in unexpected behavior* Add news entry on SSL "set session id context" changes
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@gpsheadgpsheadgpshead approved these changes

Assignees

@gpsheadgpshead

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@grantramsay@bedevere-bot@gpshead@gramsay0
[8]ページ先頭
©2009-2025 Movatter.jp