1

I want to configure an SSLContext correctly. Some settings can be checked with methods, e.g. get_ciphers(). Others, such as those set by set_alpn_protocols(), don't seem to have corresponding get methods. How do I check such settings?

I've tried using inspect.getmembers(), but I don't see any attributes that store the list of ALPN protocol strs. If it helps, the source code for set_alpn_protocols() seems to involve an underlying C function, but I'm not terribly familiar with C.

1 Answers1

1

The getter is not exposed in the python API, which is a recurrent theme with python's wrapper around OpenSSL in general. To do this, you'll have to monkey-patch the SSLContext.set_alpn_protocols method to store the provided alpn protocols in an instance attribute (or some other place). That way, you can access it from some other part of your application. Example:

from functools import wraps
from ssl import SSLContext, create_default_context

def wrapper(set_alpn_protocols):
    """
    Wrapper designed for SSLContext.set_alpn_protocols
    """
    @wraps(set_alpn_protocols)
    def new_setter(self, alpn_protocols):
        set_alpn_protocols(self, alpn_protocols)  # This has no return value
        self._alpn_protocols = alpn_protocols  # You can change the attr name if you want

    return new_setter


SSLContext.set_alpn_protocols = wrapper(SSLContext.set_alpn_protocols)
context = create_default_context()
context.set_alpn_protocols(['h2', 'http/1.1'])

# Now if the setter was ever used, you can access it through _alpn_protocols attribute
try:
    print(context._alpn_protocols)
except AttributeError:
    print('setter was not called')

Output

['h2', 'http/1.1']
Charchit Agarwal
  • 2,829
  • 2
  • 8
  • 20