bpo-34670: Add TLS 1.3 post handshake auth (GH-9460)
Add SSLContext.post_handshake_auth and
SSLSocket.verify_client_post_handshake for TLS 1.3 post-handshake
authentication.
Signed-off-by: Christian Heimes <christian@python.org>q
https://bugs.python.org/issue34670
diff --git a/Lib/ssl.py b/Lib/ssl.py
index fa7c152..c7b4932 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -777,6 +777,9 @@
current SSL channel. """
return self._sslobj.version()
+ def verify_client_post_handshake(self):
+ return self._sslobj.verify_client_post_handshake()
+
class SSLSocket(socket):
"""This class implements a subtype of socket.socket that wraps
@@ -1094,6 +1097,12 @@
else:
raise ValueError("No SSL wrapper around " + str(self))
+ def verify_client_post_handshake(self):
+ if self._sslobj:
+ return self._sslobj.verify_client_post_handshake()
+ else:
+ raise ValueError("No SSL wrapper around " + str(self))
+
def _real_close(self):
self._sslobj = None
super()._real_close()