Added OpenSSL.SSL.Connection.set_info_callback

alex · alex · commit dd05ab5551c5 · 2025-08-31T20:54:55.000-04:00
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -16,6 +16,7 @@ Changes:
 ^^^^^^^^
 
 - Added ``OpenSSL.SSL.Context.set_tls13_ciphersuites`` that allows the allowed TLS 1.3 ciphers.
+- Added ``OpenSSL.SSL.Connection.set_info_callback``
 
 25.2.0 (UNRELEASED)
 -------------------
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -3233,3 +3233,27 @@ def request_ocsp(self) -> None:
             self._ssl, _lib.TLSEXT_STATUSTYPE_ocsp
         )
         _openssl_assert(rc == 1)
+
+    def set_info_callback(
+        self, callback: Callable[[Connection, int, int], None]
+    ) -> None:
+        """
+        Set the information callback to *callback*. This function will be
+        called from time to time during SSL handshakes.
+
+        :param callback: The Python callback to use.  This should take three
+            arguments: a Connection object and two integers.  The first integer
+            specifies where in the SSL handshake the function was called, and
+            the other the return code from a (possibly failed) internal
+            function call.
+        :return: None
+        """
+
+        @wraps(callback)
+        def wrapper(ssl, where, return_code):  # type: ignore[no-untyped-def]
+            callback(Connection._reverse_mapping[ssl], where, return_code)
+
+        self._info_callback = _ffi.callback(
+            "void (*)(const SSL *, int, int)", wrapper
+        )
+        _lib.SSL_set_info_callback(self._ssl, self._info_callback)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
@@ -3470,6 +3470,33 @@ def test_buffer_size(self) -> None:
         data = conn.bio_read(2)
         assert 2 == len(data)
 
+    def test_connection_set_info_callback(self) -> None:
+        (server, client) = socket_pair()
+
+        context = Context(SSLv23_METHOD)
+        context.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))
+        context.use_privatekey(load_privatekey(FILETYPE_PEM, root_key_pem))
+        server = Connection(context, server)
+        server.set_accept_state()
+
+        client = Connection(Context(SSLv23_METHOD), client)
+        client.set_connect_state()
+
+        called = []
+
+        def info(conn: Connection, where: int, ret: int) -> None:
+            assert conn is client
+            called.append(where)
+
+        client.set_info_callback(info)
+
+        handshake(client, server)
+
+        # Verify that the callback was actually called during handshake
+        assert len(called) > 0
+        assert SSL_CB_HANDSHAKE_START in called
+        assert SSL_CB_HANDSHAKE_DONE in called
+
 
 class TestConnectionGetCipherList:
     """
