Author j1m
Recipients gvanrossum, haypo, j1m, python-dev, yselivanov
Date 2016-08-07.18:32:16
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1470594736.72.0.232127359657.issue27392@psf.upfronthosting.co.za>
In-reply-to
Content
FTR another use case for this. :)

We have a ZEO applications where individual database users authenticate via self-signed certs. The server's SSL connection has to have this collection of certs. User CRUD operations can add and remove certs to authenticate against.  SSL contexts don't provide an API for removing (or even clearing) CAs used for authentication, so we need to create new SSL contexts when the set of valid certs change.  There's no way to update the SSL context used by a server, so we're wrapping accepted sockets ourselves, so we can use dynamic SSL contexts.

Some alternatives:

- Add an SSLContext API for removing or clearing CAs

- Add a Server API to update the SSL context used for new connections.  (I may pursue this at some point. I spent a few minutes trying to find where a Server's SSL context is stored, but failed and can't spend more time ATM.)
History
Date User Action Args
2016-08-07 18:32:16j1msetrecipients: + j1m, gvanrossum, haypo, python-dev, yselivanov
2016-08-07 18:32:16j1msetmessageid: <1470594736.72.0.232127359657.issue27392@psf.upfronthosting.co.za>
2016-08-07 18:32:16j1mlinkissue27392 messages
2016-08-07 18:32:16j1mcreate