I am implementing the XMPP protocol in Python (2.7 and 3.2) and I found one important thing stopping me from making the implementation fully compliant.

The current specification (RFC 6120) requires implementation of the SCRAM-SHA-1-PLUS SASL mechanism (RFC 5802), which, in turn, requires the ‘tls-unique’ channel binding (RFC 5929), which is defined as:

Description: The first TLS Finished message sent (note: the Finished
struct, not the TLS record layer message containing it) in the most
recent TLS handshake of the TLS connection being bound to

Python doesn’t seem to provide this piece of information directly, but I know it may be obtained via the OpenSSL API, used internally by Python.

Is there any way to get the ‘SSL’ pointer for a SSL socket wrapper, so I could use it via the ctypes module or from my own extension module? I cannot find anything like that with the header files installed with Python.

Is there any third-party TLS module for Python providing such API, but keeping the general Python SSL API?

Or is the only way to do it, to extract the SSL code from Python and bundle a patched copy of it with my own package?

Update: I have created a Python feature request for this functionality: http://bugs.python.org/issue12551
I am still looking for a ‘ready to use’ solution, though.