Message 272177 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	gvanrossum
Recipients	gvanrossum, j1m, python-dev, vstinner, yselivanov
Date	2016-08-08.16:33:17
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CAP7+vJ+47pS_BiijUO-_baOWnpH+5Y1aGKTRPF488D-7LTOJFg@mail.gmail.com>
In-reply-to	<1470594736.72.0.232127359657.issue27392@psf.upfronthosting.co.za>

Content
Did the patch not get merged?? On Sun, Aug 7, 2016 at 11:32 AM, Jim Fulton <report@bugs.python.org> wrote: > > Jim Fulton added the comment: > > FTR another use case for this. :) > > We have a ZEO applications where individual database users authenticate > via self-signed certs. The server's SSL connection has to have this > collection of certs. User CRUD operations can add and remove certs to > authenticate against. SSL contexts don't provide an API for removing (or > even clearing) CAs used for authentication, so we need to create new SSL > contexts when the set of valid certs change. There's no way to update the > SSL context used by a server, so we're wrapping accepted sockets ourselves, > so we can use dynamic SSL contexts. > > Some alternatives: > > - Add an SSLContext API for removing or clearing CAs > > - Add a Server API to update the SSL context used for new connections. (I > may pursue this at some point. I spent a few minutes trying to find where a > Server's SSL context is stored, but failed and can't spend more time ATM.) > > ---------- > > _______________________________________ > Python tracker <report@bugs.python.org> > <http://bugs.python.org/issue27392> > _______________________________________ >

Did the patch not get merged??

On Sun, Aug 7, 2016 at 11:32 AM, Jim Fulton <report@bugs.python.org> wrote:

>
> Jim Fulton added the comment:
>
> FTR another use case for this. :)
>
> We have a ZEO applications where individual database users authenticate
> via self-signed certs. The server's SSL connection has to have this
> collection of certs. User CRUD operations can add and remove certs to
> authenticate against.  SSL contexts don't provide an API for removing (or
> even clearing) CAs used for authentication, so we need to create new SSL
> contexts when the set of valid certs change.  There's no way to update the
> SSL context used by a server, so we're wrapping accepted sockets ourselves,
> so we can use dynamic SSL contexts.
>
> Some alternatives:
>
> - Add an SSLContext API for removing or clearing CAs
>
> - Add a Server API to update the SSL context used for new connections.  (I
> may pursue this at some point. I spent a few minutes trying to find where a
> Server's SSL context is stored, but failed and can't spend more time ATM.)
>
> ----------
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue27392>
> _______________________________________
>

History
Date	User	Action	Args
2016-08-08 16:33:17	gvanrossum	set	recipients: + gvanrossum, vstinner, j1m, python-dev, yselivanov
2016-08-08 16:33:17	gvanrossum	link	issue27392 messages
2016-08-08 16:33:17	gvanrossum	create