Message 224733 - Python tracker

Message224733

Author	geertj
Recipients	Ben.Darnell, christian.heimes, dstufft, ezio.melotti, geertj, giampaolo.rodola, gvanrossum, janssen, pitrou, vstinner, yselivanov
Date	2014-08-04.15:21:40
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1407165700.6.0.15932426212.issue21965@psf.upfronthosting.co.za>
In-reply-to

Content
> A question though: does it support server-side SNI? AFAIR server-side SNI requires you to be able to change a SSL object's context. Yes, it does. See the following comment in _servername_callback(): /* Pass a PySSLSocket instance when using memory BIOs, but an ssl.SSLSocket * when using sockets. Note that the latter is not a subclass of the * former, but both do have a "context" property. THis supports the common * use case of setting this property in the servername callback. */ The C-level _ssl._SSLSocket object is passed to the servername callback. It has a "context" property that can be set. I realize the above is an abstraction violation between the C and Python level. Now that we have an SSLObject Python level API, I could update the code to store a weakref to the SSLObject in the _SSLSocket (just like it does for SSLSocket). That way I can pass the Python level object into the callback. Any thoughts?

Content

> A question though: does it support server-side SNI? AFAIR server-side SNI requires you to be able to change a SSL object's context.

Yes, it does. See the following comment in _servername_callback():

  /* Pass a PySSLSocket instance when using memory BIOs, but an ssl.SSLSocket
   * when using sockets. Note that the latter is not a subclass of the
   * former, but both do have a "context" property. THis supports the common
   * use case of setting this property in the servername callback. */

The C-level _ssl._SSLSocket object is passed to the servername callback. It has a "context" property that can be set.

I realize the above is an abstraction violation between the C and Python level. Now that we have an SSLObject Python level API, I could update the code to store a weakref to the SSLObject in the _SSLSocket (just like it does for SSLSocket). That way I can pass the Python level object into the callback. Any thoughts?

History
Date	User	Action	Args
2014-08-04 15:21:40	geertj	set	recipients: + geertj, gvanrossum, janssen, pitrou, vstinner, giampaolo.rodola, christian.heimes, ezio.melotti, Ben.Darnell, yselivanov, dstufft
2014-08-04 15:21:40	geertj	set	messageid: <1407165700.6.0.15932426212.issue21965@psf.upfronthosting.co.za>
2014-08-04 15:21:40	geertj	link	issue21965 messages
2014-08-04 15:21:40	geertj	create