Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Context.set_tlsext_use_srtp #734

Merged
merged 2 commits into from
May 16, 2018
Merged

Add Context.set_tlsext_use_srtp #734

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
81c9ebd
Add Context.set_tlsext_use_srtp
jlaine Feb 6, 2018
fc2c661
Merge branch 'master' into tlsext-srtp
reaperhulk May 16, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ Changes:

- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
`#753 <https://github.com/pyca/pyopenssl/pull/753>`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
`#734 <https://github.com/pyca/pyopenssl/pull/734>`_


----
Expand Down
15 changes: 15 additions & 0 deletions src/OpenSSL/SSL.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1371,6 +1371,21 @@ def wrapper(ssl, alert, arg):
_lib.SSL_CTX_set_tlsext_servername_callback(
self._context, self._tlsext_servername_callback)

def set_tlsext_use_srtp(self, profiles):
"""
Enable support for negotiating SRTP keying material.

:param bytes profiles: A colon delimited list of protection profile
names, like ``b'SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32'``.
:return: None
"""
if not isinstance(profiles, bytes):
raise TypeError("profiles must be a byte string.")

_openssl_assert(
_lib.SSL_CTX_set_tlsext_use_srtp(self._context, profiles) == 0
)

@_requires_npn
def set_npn_advertise_callback(self, callback):
"""
Expand Down
29 changes: 29 additions & 0 deletions tests/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1593,6 +1593,35 @@ def test_get_cert_store(self):
store = context.get_cert_store()
assert isinstance(store, X509Store)

def test_set_tlsext_use_srtp_not_bytes(self):
"""
`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

It raises a TypeError if the list of profiles is not a byte string.
"""
context = Context(TLSv1_METHOD)
with pytest.raises(TypeError):
context.set_tlsext_use_srtp(text_type('SRTP_AES128_CM_SHA1_80'))

def test_set_tlsext_use_srtp_invalid_profile(self):
"""
`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

It raises an Error if the call to OpenSSL fails.
"""
context = Context(TLSv1_METHOD)
with pytest.raises(Error):
context.set_tlsext_use_srtp(b'SRTP_BOGUS')

def test_set_tlsext_use_srtp_valid(self):
"""
`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

It does not return anything.
"""
context = Context(TLSv1_METHOD)
assert context.set_tlsext_use_srtp(b'SRTP_AES128_CM_SHA1_80') is None


class TestServerNameCallback(object):
"""
Expand Down