diff options
| author | Jeremy Lainé <jeremy.laine@m4x.org> | 2018-05-16 18:33:25 +0200 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-05-16 12:33:25 -0400 |
| commit | 02261ad7a51f8cad31c548a67f8406a1ef5ff052 (patch) | |
| tree | 51394a24919278755e2c09872f17ab4802758004 | |
| parent | 7cc15e8ce33f63cd09ba7f158b3ed9e4ed2aec92 (diff) | |
| download | pyopenssl-git-02261ad7a51f8cad31c548a67f8406a1ef5ff052.tar.gz | |
Add Context.set_tlsext_use_srtp (#734)
This allows negotiating SRTP keying material, which is useful when using
DTLS-SRTP, as WebRTC does for example.
| -rw-r--r-- | CHANGELOG.rst | 2 | ||||
| -rw-r--r-- | src/OpenSSL/SSL.py | 15 | ||||
| -rw-r--r-- | tests/test_ssl.py | 29 |
3 files changed, 46 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index ab28dcb..0d8765f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -26,6 +26,8 @@ Changes: - ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default. `#753 <https://github.com/pyca/pyopenssl/pull/753>`_ +- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material. + `#734 <https://github.com/pyca/pyopenssl/pull/734>`_ ---- diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 1bf6450..8d8cfe3 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -1371,6 +1371,21 @@ class Context(object): _lib.SSL_CTX_set_tlsext_servername_callback( self._context, self._tlsext_servername_callback) + def set_tlsext_use_srtp(self, profiles): + """ + Enable support for negotiating SRTP keying material. + + :param bytes profiles: A colon delimited list of protection profile + names, like ``b'SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32'``. + :return: None + """ + if not isinstance(profiles, bytes): + raise TypeError("profiles must be a byte string.") + + _openssl_assert( + _lib.SSL_CTX_set_tlsext_use_srtp(self._context, profiles) == 0 + ) + @_requires_npn def set_npn_advertise_callback(self, callback): """ diff --git a/tests/test_ssl.py b/tests/test_ssl.py index 87bd18c..b09fce7 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -1593,6 +1593,35 @@ class TestContext(object): store = context.get_cert_store() assert isinstance(store, X509Store) + def test_set_tlsext_use_srtp_not_bytes(self): + """ + `Context.set_tlsext_use_srtp' enables negotiating SRTP keying material. + + It raises a TypeError if the list of profiles is not a byte string. + """ + context = Context(TLSv1_METHOD) + with pytest.raises(TypeError): + context.set_tlsext_use_srtp(text_type('SRTP_AES128_CM_SHA1_80')) + + def test_set_tlsext_use_srtp_invalid_profile(self): + """ + `Context.set_tlsext_use_srtp' enables negotiating SRTP keying material. + + It raises an Error if the call to OpenSSL fails. + """ + context = Context(TLSv1_METHOD) + with pytest.raises(Error): + context.set_tlsext_use_srtp(b'SRTP_BOGUS') + + def test_set_tlsext_use_srtp_valid(self): + """ + `Context.set_tlsext_use_srtp' enables negotiating SRTP keying material. + + It does not return anything. + """ + context = Context(TLSv1_METHOD) + assert context.set_tlsext_use_srtp(b'SRTP_AES128_CM_SHA1_80') is None + class TestServerNameCallback(object): """ |