Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL_session_reused bindings not available #9969

Closed
adiroiban opened this issue Dec 7, 2023 · 1 comment · Fixed by #9978
Closed

SSL_session_reused bindings not available #9969

adiroiban opened this issue Dec 7, 2023 · 1 comment · Fixed by #9978

Comments

@adiroiban
Copy link
Contributor

adiroiban commented Dec 7, 2023
edited
Loading

Hi,

I might be missing something here.

I see that SSL_session_reused is defined here, but I can't acess it via the bindings

cryptography/src/_cffi_src/openssl/ssl.py

Lines 410 to 412 in f69f27b

long SSL_session_reused(SSL *);

I am using Ubuntu 23.10 , with default py3 and latest cryptography installed in a virtualenv

$ virtualenv venv
$ . venv/bin/activate
$ pip install cryptography
$ python
Python 3.11.6 (main, Oct  8 2023, 05:06:43) [GCC 13.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.hazmat.bindings.openssl.binding import Binding
>>> binding = Binding()
>>> binding.init_static_locks()

>>> binding.lib.SSL_session_reused
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: module 'lib' has no attribute 'SSL_session_reused'

>>> binding.lib.SSL_select_next_proto
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: module 'lib' has no attribute 'SSL_select_next_proto'

>>> binding.lib.SSL_CTX_set_alpn_protos
<built-in method SSL_CTX_set_alpn_protos of _cffi_backend.Lib object at 0x7fe38561bab0>
>>> 

$ python -m pip freeze
cffi==1.16.0
cryptography==41.0.7
pycparser==2.21

I don't know why SSL_CTX_set_alpn_protos is available but SSL_session_reused and other functions are not available.

This was working in cryptography==39.0.2

I guess that this might be part of 40.0.0

Removed many unused CFFI OpenSSL bindings. This will not impact you unless you are using cryptography to directly invoke OpenSSL's C API. Note that these have never been considered a stable, supported, public API by cryptography, this note is included as a courtesy.

I think that SSL_session_reused is very important as it is critical for implemeting FTPS server-side session reusal validation.

The SSL_set_session that is already avaiable, is used for the FTPS client-side part.

Thanks
@adiroiban adiroiban mentioned this issue Dec 7, 2023
Open
@adiroiban
Copy link
Contributor Author

I will follow up with a PR for this.
It took a bit longer to get the dev env up and running.

But I got the patch and also an automated test.

@adiroiban adiroiban mentioned this issue Dec 9, 2023
Merged
@alex alex closed this as completed in #9978 Dec 9, 2023
alex added a commit that referenced this issue Dec 9, 2023
@adiroiban @alex
#9969 Expose SSL_session_reused. (#9978)
14c16eb 
* Expose SSL_session_reused.

* Fix test name.

* Don't name the parameters :)

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

* Remove test as requested by Alex.

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
@adiroiban adiroiban mentioned this issue Dec 9, 2023
Draft
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#9969 Expose SSL_session_reused. chevah/cryptography
1 participant
@adiroiban