New submission from zodalahtathi: When using xmlrpc.server it is possible (despite being intrusive) to use a custom SSL context, ie:
import ssl import xmlrpc.server rpc_server = xmlrpc.server.SimpleXMLRPCServer(...) ssl_context = ssl.SSLContext() # setup the context ... rpc_server.socket = ssl_context.wrap_socket(rpc_server.socket, ...) However it is not possible (unless using some ugly monkey patching, which I am ashamed of writing) to do the same for xmlrpc.client. xmlrpc.client.ServerProxy() could accept a context constructor, and pass it to the SafeTransport instance, and then to the http.client.HTTPSConnection instance (https://hg.python.org/cpython/file/3.4/Lib/xmlrpc/client.py#l1338). I would allow passing a SSL context more secure than the default one, and thus improve security. ---------- components: Library (Lib) messages: 231778 nosy: zodalahtathi priority: normal severity: normal status: open title: xmlrpc.client.ServerProxy() should accept a custom SSL context parameter type: enhancement versions: Python 3.5 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22960> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
