Closed jsfrerot closed 2 years ago
From my experience with implementing STARTTLS client in the past, that is negotiated after a plaintext socket connection is made. Once you know that TLS should be negotiated, based on receiving a prompt or acknowledgment to commence, you would call something like:
tlssock = oscrypto.tls.TLSSocket.wrap(plaintext_socket, hostname)
thx, do you have any working examples? having a hard time to figure out how to do this with mariadb.
From my understanding, you would start a normal socket,
import socket
sock = socket.socket()
sock.connect((address, port))
Read from the socket until it tells a TLS session should be started. Then you would wrap the socket like suggested
tlssock = oscrypto.tls.TLSSocket.wrap(sock, hostname)
and use the functions suggested documented in
https://github.com/wbond/oscrypto/blob/master/docs/tls.md
to read/write from the socket.
Here is what I did basing my code on the pymysql driver. I'm providing this only as a working example.
https://gist.github.com/jsfrerot/8d8581d497e822dda5a2264bb27cfce7
I don't think there is anything here for oscrypto to implement, so I am closing this
Hi, Would it be possible to support starttls when connecting to servers ? Some servers require this to start an encrypted connection. (mariadb, dovecot, etc.)