Added OpenSSL.SSL.Connection.set_info_callback (#1438)

Author: alex

CHANGELOG.rst

@@ -3,35 +3,24 @@ Changelog
 
 Versions are year-based with a strict backward-compatibility policy.
 The third digit is only for regressions.
-UNRELEASED
-----------
-
-Backward-incompatible changes:
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Deprecations:
-^^^^^^^^^^^^^
-
-Changes:
-^^^^^^^^
-
-- Added ``OpenSSL.SSL.Context.set_tls13_ciphersuites`` that allows the allowed TLS 1.3 ciphers.
 
 25.2.0 (UNRELEASED)
 -------------------
 
 Backward-incompatible changes:
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-pyOpenSSL now sets SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default, matching CPython's behavior. #1287.
-The minimum cryptography version is now 42.0.0.
+- The minimum ``cryptography`` version is now 45.0.7.
 
 Deprecations:
 ^^^^^^^^^^^^^
 
 Changes:
 ^^^^^^^^
 
+- pyOpenSSL now sets ``SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`` by default, matching CPython's behavior.
+- Added ``OpenSSL.SSL.Context.set_tls13_ciphersuites`` that allows the allowed TLS 1.3 ciphers.
+- Added ``OpenSSL.SSL.Connection.set_info_callback``
 
 25.1.0 (2025-05-17)
 -------------------

noxfile.py

@@ -3,7 +3,7 @@
 nox.options.reuse_existing_virtualenvs = True
 nox.options.default_venv_backend = "uv|virtualenv"
 
-MINIMUM_CRYPTOGRAPHY_VERSION = "41.0.5"
+MINIMUM_CRYPTOGRAPHY_VERSION = "45.0.7"
 
 
 @nox.session

setup.py

@@ -94,7 +94,7 @@ def find_meta(meta):
         packages=find_packages(where="src"),
         package_dir={"": "src"},
         install_requires=[
-            "cryptography>=42.0.0,<46",
+            "cryptography>=45.0.7,<46",
             (
                 "typing-extensions>=4.9; "
                 "python_version < '3.13' and python_version >= '3.8'"

src/OpenSSL/SSL.py

@@ -3213,3 +3213,27 @@ def request_ocsp(self) -> None:
             self._ssl, _lib.TLSEXT_STATUSTYPE_ocsp
         )
         _openssl_assert(rc == 1)
+
+    def set_info_callback(
+        self, callback: Callable[[Connection, int, int], None]
+    ) -> None:
+        """
+        Set the information callback to *callback*. This function will be
+        called from time to time during SSL handshakes.
+
+        :param callback: The Python callback to use.  This should take three
+            arguments: a Connection object and two integers.  The first integer
+            specifies where in the SSL handshake the function was called, and
+            the other the return code from a (possibly failed) internal
+            function call.
+        :return: None
+        """
+
+        @wraps(callback)
+        def wrapper(ssl, where, return_code):  # type: ignore[no-untyped-def]
+            callback(Connection._reverse_mapping[ssl], where, return_code)
+
+        self._info_callback = _ffi.callback(
+            "void (*)(const SSL *, int, int)", wrapper
+        )
+        _lib.SSL_set_info_callback(self._ssl, self._info_callback)

tests/test_ssl.py

@@ -3473,6 +3473,33 @@ def test_buffer_size(self) -> None:
         data = conn.bio_read(2)
         assert 2 == len(data)
 
+    def test_connection_set_info_callback(self) -> None:
+        (server_sock, client_sock) = socket_pair()
+
+        context = Context(SSLv23_METHOD)
+        context.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))
+        context.use_privatekey(load_privatekey(FILETYPE_PEM, root_key_pem))
+        server = Connection(context, server_sock)
+        server.set_accept_state()
+
+        client = Connection(Context(SSLv23_METHOD), client_sock)
+        client.set_connect_state()
+
+        called = []
+
+        def info(conn: Connection, where: int, ret: int) -> None:
+            assert conn is client
+            called.append(where)
+
+        client.set_info_callback(info)
+
+        handshake(client, server)
+
+        # Verify that the callback was actually called during handshake
+        assert len(called) > 0
+        assert SSL_CB_HANDSHAKE_START in called
+        assert SSL_CB_HANDSHAKE_DONE in called
+
 
 class TestConnectionGetCipherList:
     """