bpo-33062: Add SSL renegotiation and key update by fantix · Pull Request #8620 · python/cpython (original) (raw)

@csabella @fantix I went ahead and resolved the merge conflicts. The conflicts were only in auto-generated files, so I just regenerated them and also fixed one test that had broken in the interim since these changes were made. You can see the diff here, although I didn't open a new PR; I'm not sure whether I should, or what I should do next, for that matter:

main...jdevries3133:bpo-33063-ssl-renegotiation

I did have a few notes about how I fixed a broken test, including a question:

In one of the new tests, there was a check that the OpenSSL version is 1.1.
I believe that python must be built againt OpenSSL 1.1 now, right? I removed
the check because it was using a variable which is now undefined. Presumably
it was exported from SSL when the test was originally written.

In any case, if we do need to check the version, I can just use
ssl.OPENSSL_VERSION_INFO, but if I understand correctly, the check is not
necessary. If that's not right, just let me know!