Message 106323 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	giampaolo.rodola, grooverdan, janssen, jcea, pdp, pitrou
Date	2010-05-22.20:17:15
SpamBayes Score	0.00016215084
Marked as misclassified	No
Message-id	<1274559438.27.0.0300208370643.issue5639@psf.upfronthosting.co.za>
In-reply-to

Content
The patch probably needs refreshing now that first SSL contexts are in. I wonder whether a combined boolean/string flag is really the best solution. I think we could instead enable SNI by default and add an optional "server_hostname" to set the hostname to SSLContext.wrap_socket(), so that people can explicitly set the hostname; and otherwise take it, if possible, from the argument given to connect(). We can also add an "enable_sni" attribute to SSLContext (True by default) to allow selective disabling. This attribute would raise an exception if SNI support isn't available, which would be a way to test for it.

The patch probably needs refreshing now that first SSL contexts are in.

I wonder whether a combined boolean/string flag is really the best solution.

I think we could instead enable SNI by default and add an optional "server_hostname" to set the hostname to SSLContext.wrap_socket(), so that people can explicitly set the hostname; and otherwise take it, if possible, from the argument given to connect().

We can also add an "enable_sni" attribute to SSLContext (True by default) to allow selective disabling. This attribute would raise an exception if SNI support isn't available, which would be a way to test for it.

History
Date	User	Action	Args
2010-05-22 20:17:18	pitrou	set	recipients: + pitrou, jcea, janssen, giampaolo.rodola, pdp, grooverdan
2010-05-22 20:17:18	pitrou	set	messageid: <1274559438.27.0.0300208370643.issue5639@psf.upfronthosting.co.za>
2010-05-22 20:17:16	pitrou	link	issue5639 messages
2010-05-22 20:17:15	pitrou	create