.. versionadded:: 3.7
+.. data:: HAS_PSK
+
+ Whether the OpenSSL library has built-in support for TLS-PSK.
+
+ .. versionadded:: 3.13
+
.. data:: CHANNEL_BINDING_TYPES
List of supported TLS channel binding types. Strings in this list
return 'ClientId_1', psk_table.get(hint, b'')
context.set_psk_client_callback(callback)
+ This method will raise :exc:`NotImplementedError` if :data:`HAS_PSK` is
+ ``False``.
+
.. versionadded:: 3.13
.. method:: SSLContext.set_psk_server_callback(callback, identity_hint=None)
return psk_table.get(identity, b'')
context.set_psk_server_callback(callback, 'ServerId_1')
+ This method will raise :exc:`NotImplementedError` if :data:`HAS_PSK` is
+ ``False``.
+
.. versionadded:: 3.13
.. index:: single: certificates
from _ssl import (
HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN, HAS_SSLv2, HAS_SSLv3, HAS_TLSv1,
- HAS_TLSv1_1, HAS_TLSv1_2, HAS_TLSv1_3
+ HAS_TLSv1_1, HAS_TLSv1_2, HAS_TLSv1_3, HAS_PSK
)
from _ssl import _DEFAULT_CIPHERS, _OPENSSL_API_VERSION
'Session refers to a different SSLContext.')
@requires_tls_version('TLSv1_2')
+ @unittest.skipUnless(ssl.HAS_PSK, 'TLS-PSK disabled on this OpenSSL build')
def test_psk(self):
psk = bytes.fromhex('deadbeef')
s.connect((HOST, server.port))
@requires_tls_version('TLSv1_3')
+ @unittest.skipUnless(ssl.HAS_PSK, 'TLS-PSK disabled on this OpenSSL build')
def test_psk_tls1_3(self):
psk = bytes.fromhex('deadbeef')
identity_hint = 'identity-hint'
BIO *keylog_bio;
/* Cached module state, also used in SSLSocket and SSLSession code. */
_sslmodulestate *state;
+#ifndef OPENSSL_NO_PSK
PyObject *psk_client_callback;
PyObject *psk_server_callback;
+#endif
} PySSLContext;
typedef struct {
self->alpn_protocols = NULL;
self->set_sni_cb = NULL;
self->state = get_ssl_state(module);
+#ifndef OPENSSL_NO_PSK
self->psk_client_callback = NULL;
self->psk_server_callback = NULL;
+#endif
/* Don't check host name by default */
if (proto_version == PY_SSL_VERSION_TLS_CLIENT) {
Py_CLEAR(self->set_sni_cb);
Py_CLEAR(self->msg_cb);
Py_CLEAR(self->keylog_filename);
+#ifndef OPENSSL_NO_PSK
Py_CLEAR(self->psk_client_callback);
Py_CLEAR(self->psk_server_callback);
+#endif
if (self->keylog_bio != NULL) {
PySSL_BEGIN_ALLOW_THREADS
BIO_free_all(self->keylog_bio);
return NULL;
}
+#ifndef OPENSSL_NO_PSK
static unsigned int psk_client_callback(SSL *s,
const char *hint,
char *identity,
PyGILState_Release(gstate);
return 0;
}
+#endif
/*[clinic input]
_ssl._SSLContext.set_psk_client_callback
PyObject *callback)
/*[clinic end generated code: output=0aba86f6ed75119e input=7627bae0e5ee7635]*/
{
+#ifndef OPENSSL_NO_PSK
if (self->protocol == PY_SSL_VERSION_TLS_SERVER) {
_setSSLError(get_state_ctx(self),
"Cannot add PSK client callback to a "
SSL_CTX_set_psk_client_callback(self->ctx, ssl_callback);
Py_RETURN_NONE;
+#else
+ PyErr_SetString(PyExc_NotImplementedError,
+ "TLS-PSK is not supported by your OpenSSL version.");
+ return NULL;
+#endif
}
+#ifndef OPENSSL_NO_PSK
static unsigned int psk_server_callback(SSL *s,
const char *identity,
unsigned char *psk,
PyGILState_Release(gstate);
return 0;
}
+#endif
/*[clinic input]
_ssl._SSLContext.set_psk_server_callback
const char *identity_hint)
/*[clinic end generated code: output=1f4d6a4e09a92b03 input=65d4b6022aa85ea3]*/
{
+#ifndef OPENSSL_NO_PSK
if (self->protocol == PY_SSL_VERSION_TLS_CLIENT) {
_setSSLError(get_state_ctx(self),
"Cannot add PSK server callback to a "
SSL_CTX_set_psk_server_callback(self->ctx, ssl_callback);
Py_RETURN_NONE;
+#else
+ PyErr_SetString(PyExc_NotImplementedError,
+ "TLS-PSK is not supported by your OpenSSL version.");
+ return NULL;
+#endif
}
addbool(m, "HAS_TLSv1_3", 0);
#endif
+#ifdef OPENSSL_NO_PSK
+ addbool(m, "HAS_PSK", 0);
+#else
+ addbool(m, "HAS_PSK", 1);
+#endif
+
#undef addbool
#undef ADD_INT_CONST
projects / thirdparty / Python / cpython.git / commitdiff
