diff options
author | Mark Williams <mrw@enotuniq.org> | 2019-11-17 19:56:26 -0800 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-11-18 11:56:26 +0800 |
commit | 5d890a00af541abe379c2eea76ab668080eabff6 (patch) | |
tree | e407dc7711d3a095416a30a8810087b7b6a34e37 /CHANGELOG.rst | |
parent | 079c963ddd4ebfd13a905829bc341dce85d94fbd (diff) | |
download | pyopenssl-5d890a00af541abe379c2eea76ab668080eabff6.tar.gz |
ALPN: complete handshake without accepting a client's protocols. (#876)
* ALPN: complete handshake without accepting a client's protocols.
The callback passed to `SSL_CTX_set_alpn_select_cb` can return
`SSL_TLSEXT_ERR_NOACK` to allow the handshake to continue without
accepting any of the client's offered protocols.
This commit introduces `NO_OVERLAPPING_PROTOCOLS`, which the Python
callback passed to `Context.set_alpn_select_callback` can return to
achieve the same thing.
It does not change the previous meaning of an empty string, which
still terminates the handshake.
* Update src/OpenSSL/SSL.py
Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* Address @alex's review.
* Use recorded value in test, fix lint error.
* Cover TypeError branch in _ALPNHelper.callback
Diffstat (limited to 'CHANGELOG.rst')
-rw-r--r-- | CHANGELOG.rst | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e0c034d..3b39465 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -30,6 +30,8 @@ Changes: - Support ``bytearray`` in ``SSL.Connection.send()`` by using cffi's from_buffer. `#852 <https://github.com/pyca/pyopenssl/pull/852>`_ +- The ``OpenSSL.SSL.Context.set_alpn_select_callback`` can return a new ``NO_OVERLAPPING_PROTOCOLS`` sentinel value + to allow a TLS handshake to complete without an application protocol. ---- |