Message231778
When using xmlrpc.server it is possible (despite being intrusive) to use a custom SSL context, ie:
import ssl
import xmlrpc.server
rpc_server = xmlrpc.server.SimpleXMLRPCServer(...)
ssl_context = ssl.SSLContext()
# setup the context ...
rpc_server.socket = ssl_context.wrap_socket(rpc_server.socket, ...)
However it is not possible (unless using some ugly monkey patching, which I am ashamed of writing) to do the same for xmlrpc.client.
xmlrpc.client.ServerProxy() could accept a context constructor, and pass it to the SafeTransport instance, and then to the http.client.HTTPSConnection instance (https://hg.python.org/cpython/file/3.4/Lib/xmlrpc/client.py#l1338).
I would allow passing a SSL context more secure than the default one, and thus improve security. |
|
Date |
User |
Action |
Args |
2014-11-27 20:23:06 | desbma | set | recipients:
+ desbma |
2014-11-27 20:23:06 | desbma | set | messageid: <1417119786.53.0.605275113083.issue22960@psf.upfronthosting.co.za> |
2014-11-27 20:23:06 | desbma | link | issue22960 messages |
2014-11-27 20:23:06 | desbma | create | |
|