I was able to figure out the tests, and improve coverage in txsni.
On Tue, Apr 2, 2019 at 10:29 AM Daniel Holth wrote:
>
> Let me know if you're able to try getting a https certificate in this way:
>
> Using tls-alpn-01 negotiation with txsni (acme branch) and the
> dehydrated letsencrypt client:
Let me know if you're able to try getting a https certificate in this way:
Using tls-alpn-01 negotiation with txsni (acme branch) and the
dehydrated letsencrypt client:
Install txsni (acme branch):
pip install git+https://github.com/dholth/txsni@acme#egg=txsni
Unpack dehydrated acme client shel
Do move it to twisted. I was surprised it wasn't already there.
On Sun, Mar 24, 2019, 17:39 Glyph wrote:
> Thanks! I put some review comments on it. I would encourage others with
> interest in this area to have a look; I might not get back to this for a
> couple of weeks, but I'd be happy to gi
Thanks! I put some review comments on it. I would encourage others with
interest in this area to have a look; I might not get back to this for a couple
of weeks, but I'd be happy to give people collaborator permissions on the repo
if they'd like to help out.
(Frankly it's probably time that th
Pull request for txsni acme https://github.com/glyph/txsni/pull/28
On Sun, Mar 24, 2019, 16:33 Glyph wrote:
> Any chance you could include a link to the relevant PR? Pulling this out
> of the raging tire-fire of my Github notifications would take an
> unfortunately non-trivial amount of time -
Any chance you could include a link to the relevant PR? Pulling this out of
the raging tire-fire of my Github notifications would take an unfortunately
non-trivial amount of time - and I imagine that not everyone subscribed might
even be on the appropriate repos :).
-g
> On Mar 24, 2019, at 9
The cleaned up pull request should be really easy to try, with a
dehydrated:(basedir) string port. Go get some certs people!
On Sun, Mar 24, 2019, 00:55 Glyph wrote:
> I think ACME_TLS_1 is a sufficiently high-entropy string that the
> likelihood of brokenness from this approach is basically zer
I think ACME_TLS_1 is a sufficiently high-entropy string that the likelihood of
brokenness from this approach is basically zero.
-g
> On Mar 23, 2019, at 9:20 PM, Daniel Holth wrote:
>
> All we have to do is have some kind of per connection certificate store or
> flag. If acme is in the first
All we have to do is have some kind of per connection certificate store or
flag. If acme is in the first packet and the special certificate exists,
send it. Otherwise send the normal certificate, for a very short window of
possible brokenness. Letsencrypt may or may not require correct alpn
negotia
> On Mar 23, 2019, at 4:06 PM, Daniel Holth wrote:
>
> HOLY REGEX BATMAN
>
> class _ConnectionProxy(object):
>
>def bio_write(self, buf):
>if ACME_TLS_1 in buf:
>self.acme_tls_1 = True
>self.bio_write = self._obj.bio_write
>return self._obj.bio_write(bu
> On Mar 23, 2019, at 3:39 PM, Daniel Holth wrote:
>
> Wow! Such broken. I was starting to get suspicious of openssl myself.
> Poor documentation about the rules on context switching and whether
> doing things in a certain order should trigger callbacks.
In fairness, they do realize that this is
HOLY REGEX BATMAN
class _ConnectionProxy(object):
def bio_write(self, buf):
if ACME_TLS_1 in buf:
self.acme_tls_1 = True
self.bio_write = self._obj.bio_write
return self._obj.bio_write(buf)
Now we can choose the acme certificate store in the sni callback an
Wow! Such broken. I was starting to get suspicious of openssl myself.
Poor documentation about the rules on context switching and whether
doing things in a certain order should trigger callbacks.
At least you can get a cert when the ALPN / ACME certificate (and
DEFAULT?) is the only one provided b
On Mar 23, 2019, at 7:21 AM, Daniel Holth wrote:
>
> Hello. Can you help me to learn to debug tls problems in twisted?
Hi Daniel! Thanks so much for trying to improve this aspect of the Twisted
ecosystem.
> I was disappointed that txacme, an automatic way to get certificates for
> twisted we
14 matches
Mail list logo
