Issue 19084: No way to use TLS-PSK from python ssl (original) (raw)

process

Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: barry, christian.heimes, chrysn, giampaolo.rodola, janssen, jcea, karlp, luizdepra, njouanin, pitrou, ralight
Priority: normal Keywords:

Created on 2013-09-24 15:32 by karlp, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
5bcfpEKD.txt karlp,2013-09-24 15:32 implementation of TLS-PSK from Mosquitto
Messages (5)
msg198362 - (view) Author: Karl Palsson (karlp) Date: 2013-09-24 15:32
OpenSSL supports TLS-PSK which some people (myself obviously) find to be substantially easier to use than setting up certs. However, there's no way to use PSK via the current SSL api in python. It would be very nice to be able to use PSK from python. For OpenSSL, even the C API is particularly easy. Attached is the implementation used in Mosquitto, a MQTT message broker that supports both cert based and PSK based TLS.
msg198364 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2013-09-24 15:42
Python 2.7 is open only for bugfixes. No new features. Do you dare to write a patch for Python 3.4? :-). If you do, remember to sign a Contributor Agreement. Give it a try! :)
msg198365 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-09-24 17:57
Is it different from TLS SRP, which already has a feature request in ? As Jesus said, feel free to propose a patch, even a proof of concept so that we start discussing the API.
msg198378 - (view) Author: Roger Light (ralight) Date: 2013-09-25 09:28
This is not TLS-SRP, but TLS-PSK as described by RFC 4279[1] There is a very small amount of overlap - the "unknown_psk_identity" error defined by PSK is also used in SRP. [1] http://tools.ietf.org/html/rfc4279
msg301475 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-06 14:53
This feature request has been idle for almost four years. Although TLS-PSK is nice to have, it is not a priority for protocols such as HTTPS. I neither have time nor motivation to create a patch myself. Therefore I'm closing this issue of lack of activity. Please feel free to re-open it with a patch against 3.7.
History
Date User Action Args
2022-04-11 14:57:51 admin set github: 63284
2017-09-06 14:53:17 christian.heimes set status: open -> closedresolution: out of datestage: needs patch -> resolved
2017-09-06 14:53:02 christian.heimes set messages: +
2017-04-11 16:00:38 chrysn set nosy: + chrysn
2016-09-15 07:53:44 christian.heimes set assignee: christian.heimescomponents: + SSL
2016-09-08 15:32:56 christian.heimes set versions: + Python 3.7, - Python 3.4
2015-09-23 12:06:25 luizdepra set nosy: + luizdepra
2015-08-21 15:17:30 njouanin set nosy: + njouanin
2013-09-25 09:28:45 ralight set messages: +
2013-09-24 17:57:53 pitrou set nosy: + janssen, pitrou, giampaolo.rodola, christian.heimesmessages: + type: behavior -> enhancementstage: needs patch
2013-09-24 15:47:23 ralight set nosy: + ralight
2013-09-24 15:42:50 jcea set nosy: + jceamessages: + versions: - Python 2.7
2013-09-24 15:36:39 barry set nosy: + barry
2013-09-24 15:32:28 karlp create