[issue10852] SSL/TLS sni use in smtp, pop, imap, nntp, ftp client libs by default
danblack added the comment:
Antoine,
I copied off your http example for all the other protocols.
tested with:
import smtplib
a = smtplib.SMTP_SSL('gmail-smtp-in.l.google.com.')
a.starttls()
a = smtplib.SMTP_SSL('mail.internode.on.net')
a = smtplib.SMTP_SSL('smtp.gmail.com')
import ftplib
# http://secureftp-test.com/
f = ftplib.FTP_TLS('ftp.secureftp-test.com')
f.auth()
import imaplib
i = imaplib.IMAP4('calmail.berkley.edu')
i.starttls()
i = imaplib.IMAP4_SSL('mail.internode.on.net')
import poplib
p = poplib.POP3_SSL('calmail.berkley.edu')
import nntplib
n = nntplib.NNTP_SSL('news.internode.on.net')
I did a network capture and saw the hostname in the SNI header
--
nosy: +daniel-black
Added file:
http://bugs.python.org/file26918/issue_10852_pop-smtp-imap-nntp.patch
___
Python tracker
<http://bugs.python.org/issue10852>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10852] SSL/TLS sni use in smtp, pop, imap, nntp, ftp client libs by default
Changes by danblack : Removed file: http://bugs.python.org/file26918/issue_10852_pop-smtp-imap-nntp.patch ___ Python tracker <http://bugs.python.org/issue10852> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10852] SSL/TLS sni use in smtp, pop, imap, nntp, ftp client libs by default
danblack added the comment: previous patch had dumb error and even failed test suit. Now fixed. -- Added file: http://bugs.python.org/file26949/issue10852-sni.patch ___ Python tracker <http://bugs.python.org/issue10852> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
danblack added the comment: test_sni not working. getpeercert() not returning a certificate. -- keywords: +patch nosy: +daniel-black Added file: http://bugs.python.org/file26950/issue8109_server_side_sni.patch ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10852] SSL/TLS sni use in smtp, pop, imap, nntp, ftp client libs by default
danblack added the comment: > Thanks for the patch > Daniel. 3.3 is nearing the release candidate phase, so I'm re-targetting to > 3.4. I'll take a detailed look soon. Welcome. Just noticed conflicts with #4473 in the client POP implementation. Hopefully they are close anyway. > (I suppose there's no easy way to write automated tests for this, > unfortunately) Well since #8109 writes the server SNI its getting easier. In Lib/test/test_ssl.py combined with the changes of #8109 it would seem that changing ConnectionHandler.run to respond to "AUTH TLS", "AUTH SSL" (ftp) and "STLS" for pop (preempt #4473). Changing server_params_test to support a proper arguments that correspond the the client protocol would be the way to do it. > By the way, could you sign a contributor agreement yes - emailed in. -- ___ Python tracker <http://bugs.python.org/issue10852> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
Changes by danblack : Removed file: http://bugs.python.org/file26950/issue8109_server_side_sni.patch ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
danblack added the comment: > Daniel, your patch looks quite interesting. Please, send a contributor > agreement to the PSF: http://www.python.org/psf/contrib/contrib-form-python/ > . Let me know when you status have changed. Already done. Has been accepted and I've got an acknowledgement email. > Why are you changing "Lib/test/keycert2.pem"? I was mistakely assuming that this was the only test that used it. Fixed now. Also added a CA key and server for validating key chains. I didn't end up using it however thought it would be handy. > Please, provide also a documentation patch. Done. Also improved error checking and reference counting. > This is a feature enhancement. Would be applied to 3.4, it is too late for > 3.3 :-(. Too bad! :( Was expected. Its been 2.5 years since the bug opened. A little more won't hurt. I've also changed SSLSocket.context to be a property. Its not quite working. The current test case as is working however using an assignment as per line 1958 of Lib/test/test_ssl.py. -- Added file: http://bugs.python.org/file27190/issue8109_server_side_sni.patch ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
danblack added the comment: happy with this? I'm not sure what i've done to make s._set_context(newctx) work but s.context = newctx fail. I though the code here http://bugs.python.org/review/8109/diff2/5815:5989/Lib/ssl.py effectively maps them. -- ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
danblack added the comment: > Antoine Pitrou (pitrou) * Date: 2012-10-06 13:10 > Daniel, I'll take a look. minor nag :-) -- ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
danblack added the comment: I've added a full set of alert descriptions and cleaned up the doco some more. The reference counting when the SNI callback comes in is my greatest worry. -- Added file: http://bugs.python.org/file28271/issue-8109-sni-serverside.patch ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10852] SSL/TLS sni use in smtp, pop, imap, nntp, ftp client libs by default
danblack added the comment: the one error in the previous review corrected. -- ___ Python tracker <http://bugs.python.org/issue10852> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
Changes by danblack : Added file: http://bugs.python.org/file28326/issue-8109-sni-serverside.patch ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
danblack added the comment: > If it isn't very clear to you, I can still handle it myself, though. Those > docs aren't the best. Not clear enough. Yes I'd appreciate you handling it. Thanks. -- ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
danblack added the comment: > I've committed the latest patch. Thank you very much! much appreciate your help. -- ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8109] Server-side support for TLS Server Name Indication extension
danblack added the comment: > I don't know which error code should be returned in this case. Thanks Christian. My fault - asked Antoine to remove the default value for it and didn't see this like. make line 2403: return SSL_TLSEXT_ERR_OK; -- ___ Python tracker <http://bugs.python.org/issue8109> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
