Author geertj
Recipients Ben.Darnell, christian.heimes, dstufft, ezio.melotti, geertj, giampaolo.rodola, gvanrossum, janssen, pitrou, vstinner, yselivanov
Date 2014-08-04.15:21:40
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1407165700.6.0.15932426212.issue21965@psf.upfronthosting.co.za>
In-reply-to
Content
> A question though: does it support server-side SNI? AFAIR server-side SNI requires you to be able to change a SSL object's context.

Yes, it does. See the following comment in _servername_callback():

  /* Pass a PySSLSocket instance when using memory BIOs, but an ssl.SSLSocket
   * when using sockets. Note that the latter is not a subclass of the
   * former, but both do have a "context" property. THis supports the common
   * use case of setting this property in the servername callback. */

The C-level _ssl._SSLSocket object is passed to the servername callback. It has a "context" property that can be set.

I realize the above is an abstraction violation between the C and Python level. Now that we have an SSLObject Python level API, I could update the code to store a weakref to the SSLObject in the _SSLSocket (just like it does for SSLSocket). That way I can pass the Python level object into the callback. Any thoughts?
History
Date User Action Args
2014-08-04 15:21:40geertjsetrecipients: + geertj, gvanrossum, janssen, pitrou, vstinner, giampaolo.rodola, christian.heimes, ezio.melotti, Ben.Darnell, yselivanov, dstufft
2014-08-04 15:21:40geertjsetmessageid: <1407165700.6.0.15932426212.issue21965@psf.upfronthosting.co.za>
2014-08-04 15:21:40geertjlinkissue21965 messages
2014-08-04 15:21:40geertjcreate