Message224733
> A question though: does it support server-side SNI? AFAIR server-side SNI requires you to be able to change a SSL object's context.
Yes, it does. See the following comment in _servername_callback():
/* Pass a PySSLSocket instance when using memory BIOs, but an ssl.SSLSocket
* when using sockets. Note that the latter is not a subclass of the
* former, but both do have a "context" property. THis supports the common
* use case of setting this property in the servername callback. */
The C-level _ssl._SSLSocket object is passed to the servername callback. It has a "context" property that can be set.
I realize the above is an abstraction violation between the C and Python level. Now that we have an SSLObject Python level API, I could update the code to store a weakref to the SSLObject in the _SSLSocket (just like it does for SSLSocket). That way I can pass the Python level object into the callback. Any thoughts? |
|
Date |
User |
Action |
Args |
2014-08-04 15:21:40 | geertj | set | recipients:
+ geertj, gvanrossum, janssen, pitrou, vstinner, giampaolo.rodola, christian.heimes, ezio.melotti, Ben.Darnell, yselivanov, dstufft |
2014-08-04 15:21:40 | geertj | set | messageid: <1407165700.6.0.15932426212.issue21965@psf.upfronthosting.co.za> |
2014-08-04 15:21:40 | geertj | link | issue21965 messages |
2014-08-04 15:21:40 | geertj | create | |
|