Issue 13403: Option for XMLPRC Server to support HTTPS

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/57612

classification

Title:	Option for XMLPRC Server to support HTTPS
Type:	enhancement	Stage:	needs patch
Components:	Library (Lib)	Versions:	Python 3.7

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	christian.heimes, flox, fweimer, loewis, mcjeff, pitrou, rhettinger
Priority:	normal	Keywords:	patch

Created on 2011-11-14 17:29 by rhettinger, last changed 2022-04-11 14:57 by admin.

Files
File name	Uploaded	Description	Edit
ssl_xmlrpc_server.patch	mcjeff, 2012-10-29 03:38		review

Messages (6)
msg147622 - (view)	Author: Raymond Hettinger (rhettinger) *	Date: 2011-11-14 17:29
The xmlrpc.client module supports secure transport using https; however, the xmlrpc.server does not have an https option. Adding this support isn't difficult. Here's an example of how to it could be implemented: http://code.activestate.com/recipes/496786-simple-xml-rpc-server-over-https/
msg171264 - (view)	Author: Antoine Pitrou (pitrou) *	Date: 2012-09-25 13:06
Note there's already a couple of HTTPS servers in Lib/test/ssl_servers.py. I'm not sure there's anything special to do for XMLRPC except to take the core instantiation code and put it in xmlrpclib.
msg174090 - (view)	Author: Jeff McNeil (mcjeff) *	Date: 2012-10-29 00:12
I've hacked this support in myself a few times with a simple socket wrap call in SimpleXMLRPCServer's __init__. I'd be happy to put a quick patch together if that's a viable approach. Is there any desire to support client authentication or advanced features like that? Or, are we simply looking for encryption?
msg174102 - (view)	Author: Jeff McNeil (mcjeff) *	Date: 2012-10-29 03:38
Attached... worked in the way I've done it in the past and updated documents.
msg275021 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2016-09-08 14:37
The patch is out of date. The XMLRPC HTTPS server should accept a ssl context instead of key and cert file. This allows better customization and SSL session resumption.
msg301477 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2017-09-06 14:59
This issue hasn't seen any serious activity in five years. The patch is outdated, too. Is anybody interested to take it?

History
Date	User	Action	Args
2022-04-11 14:57:23	admin	set	github: 57612
2017-09-06 14:59:33	christian.heimes	set	assignee: christian.heimes -> messages: + msg301477 components: - SSL
2016-09-15 08:49:49	petri.lehtinen	set	nosy: - petri.lehtinen
2016-09-15 08:00:42	christian.heimes	set	assignee: christian.heimes components: + SSL
2016-09-08 14:37:05	christian.heimes	set	nosy: + christian.heimes messages: + msg275021 versions: + Python 3.7, - Python 3.4
2013-03-08 08:56:11	fweimer	set	nosy: + fweimer
2012-10-29 03:38:48	mcjeff	set	files: + ssl_xmlrpc_server.patch keywords: + patch messages: + msg174102
2012-10-29 00:12:27	mcjeff	set	nosy: + mcjeff messages: + msg174090
2012-09-25 13:06:37	pitrou	set	versions: + Python 3.4, - Python 3.3 nosy: + loewis, pitrou, flox messages: + msg171264 stage: needs patch
2011-11-19 10:51:43	petri.lehtinen	set	nosy: + petri.lehtinen
2011-11-14 17:29:26	rhettinger	create