I want to configure an SSLContext correctly. Some settings can be checked with methods, e.g. get_ciphers(). Others, such as those set by set_alpn_protocols(), don't seem to have corresponding get methods. How do I check such settings?
I've tried using inspect.getmembers(), but I don't see any attributes that store the list of ALPN protocol strs. If it helps, the source code for set_alpn_protocols() seems to involve an underlying C function, but I'm not terribly familiar with C.
The getter is not exposed in the python API, which is a recurrent theme with python's wrapper around OpenSSL in general. To do this, you'll have to monkey-patch the SSLContext.set_alpn_protocols method to store the provided alpn protocols in an instance attribute (or some other place). That way, you can access it from some other part of your application. Example:
from functools import wraps
from ssl import SSLContext, create_default_context
def wrapper(set_alpn_protocols):
"""
Wrapper designed for SSLContext.set_alpn_protocols
"""
@wraps(set_alpn_protocols)
def new_setter(self, alpn_protocols):
set_alpn_protocols(self, alpn_protocols) # This has no return value
self._alpn_protocols = alpn_protocols # You can change the attr name if you want
return new_setter
SSLContext.set_alpn_protocols = wrapper(SSLContext.set_alpn_protocols)
context = create_default_context()
context.set_alpn_protocols(['h2', 'http/1.1'])
# Now if the setter was ever used, you can access it through _alpn_protocols attribute
try:
print(context._alpn_protocols)
except AttributeError:
print('setter was not called')
Output
['h2', 'http/1.1']
