How to get to the SSL/TLS internals from Python?

Question

I am implementing the XMPP protocol in Python (2.7 and 3.2) and I found one important thing stopping me from making the implementation fully compliant.

The current specification (RFC 6120) requires implementation of the SCRAM-SHA-1-PLUS SASL mechanism (RFC 5802), which, in turn, requires the 'tls-unique' channel binding (RFC 5929), which is defined as:

Description: The first TLS Finished message sent (note: the Finished struct, not the TLS record layer message containing it) in the most recent TLS handshake of the TLS connection being bound to

Python doesn't seem to provide this piece of information directly, but I know it may be obtained via the OpenSSL API, used internally by Python.

Is there any way to get the 'SSL' pointer for a SSL socket wrapper, so I could use it via the ctypes module or from my own extension module? I cannot find anything like that with the header files installed with Python.

Is there any third-party TLS module for Python providing such API, but keeping the general Python SSL API?

Or is the only way to do it, to extract the SSL code from Python and bundle a patched copy of it with my own package?

Update: I have created a Python feature request for this functionality: http://bugs.python.org/issue12551 I am still looking for a 'ready to use' solution, though.

Answer 1

It seems the easiest way to get the data from the Python SSLSocket is to fix the standard Python library. So I did it, the patch will be included in Python 3.3.

http://bugs.python.org/issue12551#msg140450