> On Oct 25, 2015, at 4:54 AM, Jonathan Stoppani <jonat...@stoppani.name> wrote:
>
> Hello,
>
> A couple of days ago I asked on Stack Overflow about returning a deferred
> from an SNI callback and have pyOpenSSL wait for it to fire before continuing
> handling the request.
>
> Thanks to some pointers by Gyph I've found a solution ("workaround") for my
> problem, involving a fake TLSMemoryBIOProtocol to handle the client hello
> until the SNI is received, firing the SNI callback, waiting for it to
> callback and then re-feeding the resulting context to the real
> TLSMemoryBIOProtocol.
Really glad to hear that this worked.
> The implementation of this solution is available at
> https://gist.github.com/GaretJax/124c523a62ba48c9eec1
> <https://gist.github.com/GaretJax/124c523a62ba48c9eec1>, and I'd like to
> contribute it back to Twisted, however, it has no unit tests and needs some
> design decisions/validation.
It also needs a serious overhaul on its indentation - something messed up
happened to that code :).
> I've opened a ticket to track it at
> https://twistedmatrix.com/trac/ticket/8065
> <https://twistedmatrix.com/trac/ticket/8065>. Real-life impediments
> permitting, I'm willing to work on it and get the feature supported in
> Twisted core.
Thanks! We don't really support an SNI callback at all (that's purely in the
pyOpenSSL layer) so this will be very good to have.
> Anyone willing to help me getting a proper patch?
What help do you need? I will be happy to do reviews when it's readye. :)
> P.S.: A big shout-out to Twisted for its excellent TLS support out of the
> box. We got a straight A rating out of the box on ssl labs!
really glad to hear this! I do plan to quote you on that :)
-glyph
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
