This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author njs
Recipients benjamin.peterson, christian.heimes, miss-islington, ned.deily, njs, xnox
Date 2018-10-18.04:23:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1539836583.94.0.788709270274.issue34670@psf.upfronthosting.co.za>
In-reply-to
Content 
FYI Christian, your "typical scenario for HTTP" doesn't make sense to me... you can't send HTTP Connection Upgrade in the middle of a regular request/response cycle. I feel like the typical scenario ought to be more like:

* client
  * send ``HTTP GET /path``
* server
  * recv
  * verify_client_post_handshake (maybe... via calling SSL_do_handshake again?)
* client
  * recv
  * send upgrade confirmation (emits Certificate, CertificateVerify, Finish message)
* server
  * recv
  * verify certificate
  * send either the requested response, or a 401 Unauthorized depending

But I don't really understand the underlying design here, either at the TLS 1.3 level or the openssl level, and haven't found very useful docs yet, so I could be wrong.
History
Date User Action Args
2018-10-18 04:23:04njssetrecipients: + njs, christian.heimes, benjamin.peterson, ned.deily, xnox, miss-islington
2018-10-18 04:23:03njssetmessageid: <1539836583.94.0.788709270274.issue34670@psf.upfronthosting.co.za>
2018-10-18 04:23:03njslinkissue34670 messages
2018-10-18 04:23:03njscreate