[pyOpenSSL] Re: [PATCH] Missing API for client authentication renegotiation

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Emmanuel Raviart wrote:

> So, I would like to transpose the following C code into Python:
>  	SSL_set_verify(ssl,SSL_VERIFY_PEER |
> 		SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
> 
> 	/* Stop the client from just resuming the
> 	   un-authenticated session */
> 	SSL_set_session_id_context(ssl,
> 		(void *)&s_server_auth_session_id_context,
>         	sizeof(s_server_auth_session_id_context));
> 
> 	SSL_renegotiate(ssl);
> 	SSL_do_handshake(ssl);
> 	ssl->state=SSL_ST_ACCEPT;
> 	SSL_do_handshake(ssl);

I wrote a patch for this; it adds bindings for SSL_set_verify,
SSL_set_verify_depth, SSL_get_verify_mode, SSL_get_verify_depth
and SSL_set_session_id_context.  It also adds to new methods,
set_state and get_state to SSL objects and the SSL state constants
(SSL_ST_*).

It has *not* been extensively tested and I'm not sure at all wrt
the global_verify_callback function I copied/pasted from context.c

What are the odds for this to be included in pyOpenSSL ?

Regards,

        Frederic