-
-
Notifications
You must be signed in to change notification settings - Fork 754
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement asgiref tls extension #1119
Open
mdgilene
wants to merge
17
commits into
encode:master
Choose a base branch
from
mdgilene:feature-asgiref-tls-extension
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 2 commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
aa26b2c
Implement asgiref tls extension
mdgilene 3ae8704
Only add tls extension if connection is over tls
mdgilene 278fd24
Merge branch 'master' into feature-asgiref-tls-extension
mdgilene 053dc4f
Fix formatting issues
mdgilene 4114948
Merge remote-tracking branch 'upstream/master' into feature-asgiref-t…
mdgilene a84dc93
Address linting issues and fix tests
mdgilene d1feb3c
Merge remote-tracking branch 'upstream/master' into feature-asgiref-t…
5c7b539
Fix issues found by check script
02c53b4
add generated TLS constants
jschlyter b4da8a2
Add generate script and update generation to run formatting automatic…
19a5c1e
Added DN escaping and use new generated cipher_suite lookup table
eb60eb8
Add test for escaping
9f05147
Run formatting on tests
1ac95c0
Merge branch 'master' into feature-asgiref-tls-extension
mdgilene 050d862
fix incorrect dictionary access
7b24335
Merge branch 'feature-asgiref-tls-extension' of https://github.com/md…
f50dddb
Merge branch 'master' into feature-asgiref-tls-extension
mdgilene File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,6 +20,13 @@ def tls_certificate(tls_certificate_authority: trustme.CA) -> trustme.LeafCert: | |
) | ||
|
||
|
||
@pytest.fixture | ||
def tls_client_certificate(tls_certificate_authority: trustme.CA) -> trustme.LeafCert: | ||
return tls_certificate_authority.issue_cert( | ||
"[email protected]", common_name="uvicorn client" | ||
) | ||
|
||
|
||
@pytest.fixture | ||
def tls_ca_certificate_pem_path(tls_certificate_authority: trustme.CA): | ||
with tls_certificate_authority.cert_pem.tempfile() as ca_cert_pem: | ||
|
@@ -59,3 +66,10 @@ def tls_ca_ssl_context(tls_certificate: trustme.LeafCert) -> ssl.SSLContext: | |
ssl_ctx = ssl.SSLContext() | ||
tls_certificate.configure_cert(ssl_ctx) | ||
return ssl_ctx | ||
|
||
|
||
@pytest.fixture | ||
def tls_client_certificate_pem_path(tls_client_certificate: trustme.LeafCert): | ||
private_key_and_cert_chain = tls_client_certificate.private_key_and_cert_chain_pem | ||
with private_key_and_cert_chain.tempfile() as client_cert_pem: | ||
yield client_cert_pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we drop this? (And exclusively populate it from
self.ssl_certfile
?)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to provide the server cert contents in the scope so I did this to avoid needing to read the certfile in on each connection. If that isn't a concern I can move it to the connection code. Otherwise not sure where else to put it.
Unless I am misunderstanding. ssl_certfile just contains the path to the cert on disk no? I couldn't find any existing location where it is being read in. I assumed it's just being passed down to the underlying socket which handles reading the file.