Message 120463 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	StevenJ
Recipients	StevenJ, ajvant, brian.curtin, chasonr, christian.heimes, giampaolo.rodola, janssen, jelie, pitrou
Date	2010-11-05.01:04:03
SpamBayes Score	2.4699057e-08
Marked as misclassified	No
Message-id	<1288919107.48.0.763346414905.issue1926@psf.upfronthosting.co.za>
In-reply-to

Content
Hi Julien, >> I also don't understand why START_TLS and AUTHINFO need to change >> how the module is interfaced to (separating log in/authentication, etc) > Because once you have used AUTHINFO, STARTTLS is no longer a valid > command in a session. I understand this, but doesn't this mean the init function needs to change to something like: init: if capability STARTTLS is advertised STARTLS stuff reget capabilities because STARTTLS changed them probably Now handle AUTHINFO Stuff Is there a case where a server advertises STARTTLS and one would not use it? If so then couldn't that just be handled with an option to the class inhibiting it? This is one of the reasons why I proposed dividing the job across two features. 1. Simple NNTPS which seems to be the most common secured NNTP in use at the moment and is easy to implement, and verify (either as an improvement to the NNTP class or as a new NNTP_SSL class). 2. SASL AUTHINFO/STARTTLS Extension handling implementation and improvements. There are also other bugs with properly handling capabilities at start related to this, are there not? http://bugs.python.org/issue10287

Hi Julien,

>> I also don't understand why START_TLS and AUTHINFO need to change
>> how the module is interfaced to (separating log in/authentication, etc)

> Because once you have used AUTHINFO, STARTTLS is no longer a valid
> command in a session.

I understand this, but doesn't this mean the init function needs to change to something like:

init:
  if capability STARTTLS is advertised 
    STARTLS stuff
    reget capabilities because STARTTLS changed them probably

  Now handle AUTHINFO Stuff

Is there a case where a server advertises STARTTLS and one would not use it?  If so then couldn't that just be handled with an option to the class inhibiting it?

This is one of the reasons why I proposed dividing the job across two features. 
1. Simple NNTPS which seems to be the most common secured NNTP in use at the moment and is easy to implement, and verify (either as an improvement to the NNTP class or as a new NNTP_SSL class). 
2. SASL AUTHINFO/STARTTLS Extension handling implementation and improvements.  

There are also other bugs with properly handling capabilities at start related to this, are there not? http://bugs.python.org/issue10287

History
Date	User	Action	Args
2010-11-05 01:05:07	StevenJ	set	recipients: + StevenJ, janssen, pitrou, giampaolo.rodola, christian.heimes, chasonr, brian.curtin, ajvant, jelie
2010-11-05 01:05:07	StevenJ	set	messageid: <1288919107.48.0.763346414905.issue1926@psf.upfronthosting.co.za>
2010-11-05 01:04:07	StevenJ	link	issue1926 messages
2010-11-05 01:04:04	StevenJ	create