Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / d5d17eb653196c8bbddde07a024d35a4b152a498^! / . / Doc / library / ssl.rst
commitd5d17eb653196c8bbddde07a024d35a4b152a498[log] [tgz]
authorAntoine Pitrou <solipsis@pitrou.net>Thu Mar 22 00:23:03 2012 +0100
committerAntoine Pitrou <solipsis@pitrou.net>Thu Mar 22 00:23:03 2012 +0100
tree756cc4df474dc1d5046d1712422fe8aa3fd8d7ac
parenta966c6fddb070cdc392b38486191699815f90478 [diff] [blame]
Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
Patch by Colin Marc.

diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 7691996..8092581 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst

@@ -470,6 +470,16 @@
 
    .. versionadded:: 3.2
 
+.. data:: HAS_NPN
+
+   Whether the OpenSSL library has built-in support for *Next Protocol
+   Negotiation* as described in the `NPN draft specification
+   <http://tools.ietf.org/html/draft-agl-tls-nextprotoneg>`_. When true,
+   you can use the :meth:`SSLContext.set_npn_protocols` method to advertise
+   which protocols you want to support.
+
+   .. versionadded:: 3.3
+
 .. data:: CHANNEL_BINDING_TYPES
 
    List of supported TLS channel binding types.  Strings in this list
@@ -609,6 +619,15 @@
 
    .. versionadded:: 3.3
 
+.. method:: SSLSocket.selected_npn_protocol()
+
+   Returns the protocol that was selected during the TLS/SSL handshake. If
+   :meth:`SSLContext.set_npn_protocols` was not called, or if the other party
+   does not support NPN, or if the handshake has not yet happened, this will
+   return ``None``.
+
+   .. versionadded:: 3.3
+
 .. method:: SSLSocket.unwrap()
 
    Performs the SSL shutdown handshake, which removes the TLS layer from the
@@ -617,7 +636,6 @@
    returned socket should always be used for further communication with the
    other side of the connection, rather than the original socket.
 
-
 .. attribute:: SSLSocket.context
 
    The :class:`SSLContext` object this SSL socket is tied to.  If the SSL
@@ -715,6 +733,21 @@
       when connected, the :meth:`SSLSocket.cipher` method of SSL sockets will
       give the currently selected cipher.
 
+.. method:: SSLContext.set_npn_protocols(protocols)
+
+   Specify which protocols the socket should avertise during the SSL/TLS
+   handshake. It should be a list of strings, like ``['http/1.1', 'spdy/2']``,
+   ordered by preference. The selection of a protocol will happen during the
+   handshake, and will play out according to the `NPN draft specification
+   <http://tools.ietf.org/html/draft-agl-tls-nextprotoneg>`_. After a
+   successful handshake, the :meth:`SSLSocket.selected_npn_protocol` method will
+   return the agreed-upon protocol.
+
+   This method will raise :exc:`NotImplementedError` if :data:`HAS_NPN` is
+   False.
+
+   .. versionadded:: 3.3
+
 .. method:: SSLContext.load_dh_params(dhfile)
 
    Load the key generation parameters for Diffie-Helman (DH) key exchange.