Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / 923df6f22a4a9ca0e2d5f15b29ec747ce00cd606^! / . / Lib
commit923df6f22a4a9ca0e2d5f15b29ec747ce00cd606[log] [tgz]
authorAntoine Pitrou <solipsis@pitrou.net>Mon Dec 19 17:16:51 2011 +0100
committerAntoine Pitrou <solipsis@pitrou.net>Mon Dec 19 17:16:51 2011 +0100
treef6d96b4d24957014b3a410df4f70fa8ddee6ab5a
parentd1301953fe355bc6637f33a4985c950bcfc73adf [diff]
Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.

diff --git a/Lib/ssl.py b/Lib/ssl.py
index 0cf2fae..d244104 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py

@@ -68,7 +68,7 @@
 from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
 from _ssl import (
     OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
-    OP_CIPHER_SERVER_PREFERENCE,
+    OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_ECDH_USE,
     )
 from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
 from _ssl import (

diff --git a/Lib/test/ssl_servers.py b/Lib/test/ssl_servers.py
index 77be381..86bc950 100644
--- a/Lib/test/ssl_servers.py
+++ b/Lib/test/ssl_servers.py

@@ -176,6 +176,9 @@
                         action='store_false', help='be less verbose')
     parser.add_argument('-s', '--stats', dest='use_stats_handler', default=False,
                         action='store_true', help='always return stats page')
+    parser.add_argument('--curve-name', dest='curve_name', type=str,
+                        action='store',
+                        help='curve name for EC-based Diffie-Hellman')
     args = parser.parse_args()
 
     support.verbose = args.verbose
@@ -186,6 +189,8 @@
         handler_class.root = os.getcwd()
     context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
     context.load_cert_chain(CERTFILE)
+    if args.curve_name:
+        context.set_ecdh_curve(args.curve_name)
 
     server = HTTPSServer(("", args.port), handler_class, context)
     if args.verbose:

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 288b714..505550f 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py

@@ -99,6 +99,7 @@
         ssl.CERT_OPTIONAL
         ssl.CERT_REQUIRED
         ssl.OP_CIPHER_SERVER_PREFERENCE
+        ssl.OP_SINGLE_ECDH_USE
         self.assertIn(ssl.HAS_SNI, {True, False})
 
     def test_random(self):
@@ -558,6 +559,15 @@
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
         ctx.set_default_verify_paths()
 
+    def test_set_ecdh_curve(self):
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        ctx.set_ecdh_curve("prime256v1")
+        ctx.set_ecdh_curve(b"prime256v1")
+        self.assertRaises(TypeError, ctx.set_ecdh_curve)
+        self.assertRaises(TypeError, ctx.set_ecdh_curve, None)
+        self.assertRaises(ValueError, ctx.set_ecdh_curve, "foo")
+        self.assertRaises(ValueError, ctx.set_ecdh_curve, b"foo")
+
 
 class NetworkedTests(unittest.TestCase):