Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 9fb051f032c36b9f6086b79086b4d6b7755a3d70^! / . / Lib / ssl.py
commit9fb051f032c36b9f6086b79086b4d6b7755a3d70[log] [tgz]
authorChristian Heimes <christian@python.org>Sun Sep 23 08:32:31 2018 +0200
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>Sat Sep 22 23:32:31 2018 -0700
tree8beefc83ddbba0c9ec0b76bf60b159eba9e48d65
parent4b860fd777e983f5d2a6bd1288e2b53099c6a803 [diff] [blame]
bpo-34670: Add TLS 1.3 post handshake auth (GH-9460)



Add SSLContext.post_handshake_auth and
SSLSocket.verify_client_post_handshake for TLS 1.3 post-handshake
authentication.

Signed-off-by: Christian Heimes <christian@python.org>q


https://bugs.python.org/issue34670
diff --git a/Lib/ssl.py b/Lib/ssl.py
index fa7c152..c7b4932 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py

@@ -777,6 +777,9 @@
         current SSL channel. """
         return self._sslobj.version()
 
+    def verify_client_post_handshake(self):
+        return self._sslobj.verify_client_post_handshake()
+
 
 class SSLSocket(socket):
     """This class implements a subtype of socket.socket that wraps
@@ -1094,6 +1097,12 @@
         else:
             raise ValueError("No SSL wrapper around " + str(self))
 
+    def verify_client_post_handshake(self):
+        if self._sslobj:
+            return self._sslobj.verify_client_post_handshake()
+        else:
+            raise ValueError("No SSL wrapper around " + str(self))
+
     def _real_close(self):
         self._sslobj = None
         super()._real_close()