Message 287866 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	David Ford (FirefighterBlu3), christian.heimes, vstinner
Date	2017-02-15.17:28:29
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1487179709.94.0.409335348322.issue29470@psf.upfronthosting.co.za>
In-reply-to

Content
> Do you modify the SSLContext object in your SNI callback? That's the wrong way to do it. You have to create a SSLContext object for each certificate/key pair at startup and then change the socket's context attribute. Would it be possible to prevent bugs? For example, make SSLContext "read only" while the SNI callback is called? Or my question doesn't make sense? :-) I don't know well how OpenSSL works. At least, we should warn users in the ssl documentation to mention such crash?

> Do you modify the SSLContext object in your SNI callback? That's the wrong way to do it. You have to create a SSLContext object for each certificate/key pair at startup and then change the socket's context attribute.

Would it be possible to prevent bugs? For example, make SSLContext "read only" while the SNI callback is called? Or my question doesn't make sense? :-) I don't know well how OpenSSL works.

At least, we should warn users in the ssl documentation to mention such crash?

History
Date	User	Action	Args
2017-02-15 17:28:29	vstinner	set	recipients: + vstinner, christian.heimes, David Ford (FirefighterBlu3)
2017-02-15 17:28:29	vstinner	set	messageid: <1487179709.94.0.409335348322.issue29470@psf.upfronthosting.co.za>
2017-02-15 17:28:29	vstinner	link	issue29470 messages
2017-02-15 17:28:29	vstinner	create