Author desbma
Recipients desbma
Date 2014-11-27.20:23:06
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1417119786.53.0.605275113083.issue22960@psf.upfronthosting.co.za>
In-reply-to
Content
When using xmlrpc.server it is possible (despite being intrusive) to use a custom SSL context, ie:

import ssl
import xmlrpc.server

rpc_server = xmlrpc.server.SimpleXMLRPCServer(...)
ssl_context = ssl.SSLContext()
# setup the context ...
rpc_server.socket = ssl_context.wrap_socket(rpc_server.socket, ...)

However it is not possible (unless using some ugly monkey patching, which I am ashamed of writing) to do the same for xmlrpc.client.

xmlrpc.client.ServerProxy() could accept a context constructor, and pass it to the SafeTransport instance, and then to the http.client.HTTPSConnection instance (https://hg.python.org/cpython/file/3.4/Lib/xmlrpc/client.py#l1338).

I would allow passing a SSL context more secure than the default one, and thus improve security.
History
Date User Action Args
2014-11-27 20:23:06desbmasetrecipients: + desbma
2014-11-27 20:23:06desbmasetmessageid: <1417119786.53.0.605275113083.issue22960@psf.upfronthosting.co.za>
2014-11-27 20:23:06desbmalinkissue22960 messages
2014-11-27 20:23:06desbmacreate