classification
Title: Option for XMLPRC Server to support HTTPS
Type: enhancement Stage: needs patch
Components: Library (Lib) Versions: Python 3.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, flox, fweimer, loewis, mcjeff, pitrou, rhettinger
Priority: normal Keywords: patch

Created on 2011-11-14 17:29 by rhettinger, last changed 2017-09-06 14:59 by christian.heimes.

Files
File name Uploaded Description Edit
ssl_xmlrpc_server.patch mcjeff, 2012-10-29 03:38 review
Messages (6)
msg147622 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2011-11-14 17:29
The xmlrpc.client module supports secure transport using https; however, the xmlrpc.server does not have an https option.

Adding this support isn't difficult.  Here's an example of how to it could be implemented:  http://code.activestate.com/recipes/496786-simple-xml-rpc-server-over-https/
msg171264 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2012-09-25 13:06
Note there's already a couple of HTTPS servers in Lib/test/ssl_servers.py.
I'm not sure there's anything special to do for XMLRPC except to take the core instantiation code and put it in xmlrpclib.
msg174090 - (view) Author: Jeff McNeil (mcjeff) * Date: 2012-10-29 00:12
I've hacked this support in myself a few times with a simple socket wrap call in SimpleXMLRPCServer's __init__.  I'd be happy to put a quick patch together if that's a viable approach.

Is there any desire to support client authentication or advanced features like that? Or, are we simply looking for encryption?
msg174102 - (view) Author: Jeff McNeil (mcjeff) * Date: 2012-10-29 03:38
Attached... worked in the way I've done it in the past and updated documents.
msg275021 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-09-08 14:37
The patch is out of date. The XMLRPC HTTPS server should accept a ssl context instead of key and cert file. This allows better customization and SSL session resumption.
msg301477 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-06 14:59
This issue hasn't seen any serious activity in five years. The patch is outdated, too. Is anybody interested to take it?
History
Date User Action Args
2017-09-06 14:59:33christian.heimessetassignee: christian.heimes ->
messages: + msg301477
components: - SSL
2016-09-15 08:49:49petri.lehtinensetnosy: - petri.lehtinen
2016-09-15 08:00:42christian.heimessetassignee: christian.heimes
components: + SSL
2016-09-08 14:37:05christian.heimessetnosy: + christian.heimes

messages: + msg275021
versions: + Python 3.7, - Python 3.4
2013-03-08 08:56:11fweimersetnosy: + fweimer
2012-10-29 03:38:48mcjeffsetfiles: + ssl_xmlrpc_server.patch
keywords: + patch
messages: + msg174102
2012-10-29 00:12:27mcjeffsetnosy: + mcjeff
messages: + msg174090
2012-09-25 13:06:37pitrousetversions: + Python 3.4, - Python 3.3
nosy: + loewis, pitrou, flox

messages: + msg171264

stage: needs patch
2011-11-19 10:51:43petri.lehtinensetnosy: + petri.lehtinen
2011-11-14 17:29:26rhettingercreate