Skip to content

Commit

Permalink
Add Context.set_tlsext_use_srtp
Browse files Browse the repository at this point in the history
This allows negotiating SRTP keying material, which is useful when using
DTLS-SRTP, as WebRTC does for example.
  • Loading branch information
jlaine committed Feb 13, 2018
1 parent 3d231f0 commit 41e808c
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 1 deletion.
3 changes: 2 additions & 1 deletion CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ Deprecations:
Changes:
^^^^^^^^

*none*
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
`#734 </~https://github.com/pyca/pyopenssl/pull/734>`_


----
Expand Down
2 changes: 2 additions & 0 deletions doc/api/ssl.rst
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,8 @@ Context objects have the following methods:
.. versionadded:: 0.13


.. automethod:: Context.set_tlsext_use_srtp

.. py:method:: Context.set_npn_advertise_callback(callback)
Specify a callback function that will be called when offering `Next
Expand Down
15 changes: 15 additions & 0 deletions src/OpenSSL/SSL.py
Original file line number Diff line number Diff line change
Expand Up @@ -1303,6 +1303,21 @@ def wrapper(ssl, alert, arg):
_lib.SSL_CTX_set_tlsext_servername_callback(
self._context, self._tlsext_servername_callback)

def set_tlsext_use_srtp(self, profiles):
"""
Enable support for negotiating SRTP keying material.
:param bytes profiles: A colon delimited list of protection profile
names, such as ``b'SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32'``.
:return: None
"""
if not isinstance(profiles, bytes):
raise TypeError("profiles must be a byte string.")

_openssl_assert(
_lib.SSL_CTX_set_tlsext_use_srtp(self._context, profiles) == 0
)

@_requires_npn
def set_npn_advertise_callback(self, callback):
"""
Expand Down
29 changes: 29 additions & 0 deletions tests/test_ssl.py
Original file line number Diff line number Diff line change
Expand Up @@ -1596,6 +1596,35 @@ def test_get_cert_store(self):
store = context.get_cert_store()
assert isinstance(store, X509Store)

def test_set_tlsext_use_srtp_not_bytes(self):
"""
`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.
It raises a TypeError if the list of profiles is not a byte string.
"""
context = Context(TLSv1_METHOD)
with pytest.raises(TypeError):
context.set_tlsext_use_srtp(text_type('SRTP_AES128_CM_SHA1_80'))

def test_set_tlsext_use_srtp_invalid_profile(self):
"""
`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.
It raises an Error if the call to OpenSSL fails.
"""
context = Context(TLSv1_METHOD)
with pytest.raises(Error):
context.set_tlsext_use_srtp(b'SRTP_BOGUS')

def test_set_tlsext_use_srtp_valid(self):
"""
`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.
It does not return anything.
"""
context = Context(TLSv1_METHOD)
assert context.set_tlsext_use_srtp(b'SRTP_AES128_CM_SHA1_80') is None


class TestServerNameCallback(object):
"""
Expand Down

0 comments on commit 41e808c

Please sign in to comment.