Message106323
The patch probably needs refreshing now that first SSL contexts are in.
I wonder whether a combined boolean/string flag is really the best solution.
I think we could instead enable SNI by default and add an optional "server_hostname" to set the hostname to SSLContext.wrap_socket(), so that people can explicitly set the hostname; and otherwise take it, if possible, from the argument given to connect().
We can also add an "enable_sni" attribute to SSLContext (True by default) to allow selective disabling. This attribute would raise an exception if SNI support isn't available, which would be a way to test for it. |
|
Date |
User |
Action |
Args |
2010-05-22 20:17:18 | pitrou | set | recipients:
+ pitrou, jcea, janssen, giampaolo.rodola, pdp, grooverdan |
2010-05-22 20:17:18 | pitrou | set | messageid: <1274559438.27.0.0300208370643.issue5639@psf.upfronthosting.co.za> |
2010-05-22 20:17:16 | pitrou | link | issue5639 messages |
2010-05-22 20:17:15 | pitrou | create | |
|