-
Notifications
You must be signed in to change notification settings - Fork 421
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Raise NotImplementedError for Unimplemented Functions #410
Conversation
This seems reasonable, but I'll let @hynek make that call. Otherwise the patch looks good, though you'll want to improve the test coverage to account for these exceptions. |
I'd personally rather like to see |
|
If code is currently calls these APIs and expects to get the security properties they advertise, it is a security flaw to pretend that it worked. Granted, none of these functions seem like an API which adds a restriction, but on general principle, I think they should be made to raise errors and do a release ASAP. It's compatibility-breaking, but in that sense it is a compatibility-breaking security update. |
I agree, alernatively we could fix them ASAP. On Mon, Jan 18, 2016 at 1:57 AM, Glyph [email protected] wrote:
"I disapprove of what you say, but I will defend to the death your right to |
I'd suggest fixing everything but renegotiate, but raising notimplemented on all of them is definitely an improvement over silently doing nothing. |
I updated the PR with tests for all four functions. |
So um it seems to break a lot of tests in Twisted: https://travis-ci.org/pyca/pyopenssl/jobs/103128063 you really cool with that @glyph ? :) |
First of all, thanks to whoever set up CI to track that sort of thing. It's very useful to have this information. Second, it appears that all of the errors are going through the same call to I'm not crazy about breaking all these tests, but I'm not entirely sure that the call to So, I don't know. It appears harmless, so maybe it's not worth breaking, but this code in Twisted probably does need to be rewritten. The question is, if |
*lightspot goes to @reaperhulk & @tiran * |
(and as for who set it up: remember pyOpenSSL 0.15.0? :|) I’d really like at least a smoke test for urllib3. |
It's unclear to me what The session id context doesn't need to be secure or unpredictable. Apache uses the vhost name. CPython simply sets it to "Python". |
By the way the settings are only relevant for server-side sessions. For client side an application has to set the session an application has to set an explicit session, e.g. with https://www.openssl.org/docs/manmaster/ssl/SSL_set_session.html
|
FYI, this is what “old” pyOpenSSL did: static char ssl_Context_set_session_id_doc[] = "\n\
Set the session identifier. This is needed if you want to do session\n\
resumption.\n\
\n\
:param buf: A Python object that can be safely converted to a string\n\
:returns: None\n\
";
static PyObject *
ssl_Context_set_session_id(ssl_ContextObj *self, PyObject *args)
{
unsigned char *buf;
unsigned int len;
if (!PyArg_ParseTuple(args, "s#:set_session_id", &buf, &len))
return NULL;
if (!SSL_CTX_set_session_id_context(self->ctx, buf, len))
{
exception_from_error_queue(ssl_Error);
return NULL;
}
else
{
Py_INCREF(Py_None);
return Py_None;
}
} If the name is wrong, we should implement and deprecate it at once I guess? |
After some research it appears to me that the reason why they’re not implemented is that cryptography is missing bindings. Unless we get a back port to older cryptography versions, we can’t implement them for now. Would raising a warning be an adequate compromise? |
@reaperhulk any particular reason why you’d implement everything but renegotiate? Turns out those two methods are the only that have the necessary bindings. :) |
@hynek Yes, I think a warning would be the best option available immediately. |
Mostly because renegotiation is not a good feature in TLS and it's not common to actually need it. :) |
The main people asking for it that I've seen are security researchers looking for new exploits in it :) |
@mhils so…would you mind transforming those Exceptions into RuntimeWarnings? I think |
Or please don't do anything until #419 is decided on. 😞 |
I’ve more or less decided to not care about Travis/PyPy anymore and redirect all the hate to them if necessary. Unfortunately there’s no release with the bindings and 1.3 is weeks away. @reaperhulk offered to release a cryptography 1.2 point release with the necessary bindings. I guess that would be a viable solution. We should also figure out how to test on PyPy ourselves since Travis isn’t likely to show any progress anytime soon I’ve heard. |
💯 |
Mimic's build configuration sets a reasonable example here. |
There’s multiple examples but someone has to actually do it. :) And integrate with our already nontrivial setup. :( |
Waiting for pyca/cryptography#2715 to decide what route to go. |
As the title says - just silently doing nothing is really unexpected.
refs #387, refs #388