New submission from zodalahtathi:

When using xmlrpc.server it is possible (despite being intrusive) to use a 
custom SSL context, ie:

import ssl
import xmlrpc.server

rpc_server = xmlrpc.server.SimpleXMLRPCServer(...)
ssl_context = ssl.SSLContext()
# setup the context ...
rpc_server.socket = ssl_context.wrap_socket(rpc_server.socket, ...)

However it is not possible (unless using some ugly monkey patching, which I am 
ashamed of writing) to do the same for xmlrpc.client.

xmlrpc.client.ServerProxy() could accept a context constructor, and pass it to 
the SafeTransport instance, and then to the http.client.HTTPSConnection 
instance (https://hg.python.org/cpython/file/3.4/Lib/xmlrpc/client.py#l1338).

I would allow passing a SSL context more secure than the default one, and thus 
improve security.

----------
components: Library (Lib)
messages: 231778
nosy: zodalahtathi
priority: normal
severity: normal
status: open
title: xmlrpc.client.ServerProxy() should accept a custom SSL context parameter
type: enhancement
versions: Python 3.5

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to