Use SSL context for wrapping socket #30

sfaiss · 2023-07-03T05:24:34Z

This PR adds fine-grained control over the SSL/TLS-settings. It includes the following changes:

SSL sockets behave slightly different than regular sockets in non-blocking mode. They raise SSLWantWriteError / SSLWantReadError instead of BlockingIOError. (see documentation). _tcp_socket_check() handles those exceptions now as well.
As per the documentation, the old wrap_socket() function is deprecated. Instead, a context with secure default settings is created.
If more control is needed, a preconfigured context can be passed to use_secure (instead of the default context when use_secure=True).

Alternative to 3.: Instead of the option to pass a SSL context directly to use_secure, a new optional keyword-argument could be used as well.

This implementation is working on my side, but I still left "untested" in the docstring until someone else can confirm.

jacobschaer · 2023-07-03T06:52:10Z

Can you add a blurb/example to the documentation about how you setup with use_secure since you said you had it working on your setup?

Thanks for adding this.

sfaiss · 2023-07-04T06:47:51Z

Sure, no problem. I just added a new section at the bottom of the main page.

jacobschaer · 2023-07-04T20:00:25Z

Merged! Thanks for the help and documentation :)

Simon Faiss added 4 commits July 3, 2023 06:43

Add test for SSL-exceptions

67d9b41

Add SSLError to "except" clause

ca99d73

Add tests for SSL-context

8299d10

User SSL context for wrapping socket

2ec822b

Add section about encrypted communication

b9b586d

jacobschaer merged commit 364b200 into jacobschaer:main Jul 4, 2023
17 checks passed

Provide feedback