git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Ron Frederick <ronf@timeheart.net>
	Mon, 8 Sep 2025 08:36:12 +0000 (01:36 -0700)
committer	GitHub <noreply@github.com>
	Mon, 8 Sep 2025 08:36:12 +0000 (08:36 +0000)
commit	6401823db3fb9549352da8c1d487725828dbdeff
tree	3ebef9686abb364d7a765ee893514d6dde130b01	tree \| snapshot
parent	919c7e806e348dcb0dc7fdda44b840c06b93fed5	commit \| diff

gh-138252: Add support in SSL module for getting and setting TLS signature algorithms (#138269)

The signature algorithms allowed for certificate-based client authentication or
for the server to complete the TLS handshake can be defined on a SSL context via
`ctx.set_client_sigalgs()` and `ctx.set_server_sigalgs()`.

With OpenSSL 3.4 or later, the list of available TLS algorithms can be retrieved
by `ssl.get_sigalgs()`.

With OpenSSL 3.5 or later, the selected signature algorithms can be retrieved from
SSL sockets via `socket.client_sigalg()` and `socket.server_sigalg()`.

This commit also partially amends 377b78761814e7d848361e642d376881739d5a29
by using `PyUnicode_DecodeFSDefault` instead of `PyUnicode_DecodeASCII` in
`_ssl._SSLContext.get_groups`, so that functions consistently decode strings
obtained from OpenSSL.

---------

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>

Doc/library/ssl.rst		diff \| blob \| blame \| history
Doc/whatsnew/3.15.rst		diff \| blob \| blame \| history
Lib/ssl.py		diff \| blob \| blame \| history
Lib/test/test_ssl.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2025-08-30-17-58-04.gh-issue-138252.CDiEby.rst	[new file with mode: 0644]	blob
Modules/_ssl.c		diff \| blob \| blame \| history
Modules/clinic/_ssl.c.h		diff \| blob \| blame \| history