[issue8109] Server-side support for TLS Server Name Indication extension

2013-06-24 Thread mpb

Changes by mpb :


--
nosy: +mpb

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-04-11 Thread Antoine Pitrou

Antoine Pitrou added the comment:

Thank you for finding this! The patch is now committed.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-04-11 Thread Roundup Robot

Roundup Robot added the comment:

New changeset 4ae6095b4638 by Antoine Pitrou in branch 'default':
Fix a crash when setting a servername callback on a SSL server socket and the 
client doesn't send a server name.
http://hg.python.org/cpython/rev/4ae6095b4638

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-04-11 Thread Kazuhiro Yoshida

Kazuhiro Yoshida added the comment:

Thanks for a comment.
I've made a version that adds a line to the document.

--
Added file: http://bugs.python.org/file29776/issue-8109.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-04-10 Thread Daniel Black

Daniel Black added the comment:

nice patch. Thanks for finding the bug. I like the solution with test case.

Just needs a small enhancement of documention to ensure other users expect this 
behaviour.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-04-10 Thread Kazuhiro Yoshida

Kazuhiro Yoshida added the comment:

I am trying to use SSLContext.set_servername_callback in my program but when a 
callback is set, it seems that connecting to the server without providing a 
server name causes a segmentation fault. (e.g. 'openssl s_client -connect 
localhost:443 -servername foo' is OK but 'openssl s_client -connect 
localhost:443' crashes the server. A simple test that causes the same error is 
included in the patch.)

My expectation was to get None as the second argument of the callback in such 
cases so I modified Modules/_ssl.c (as in the patch) to make it behave as I 
expected.

The modification seems to work fine as far as I've tested, but I'd appreciate 
if an official fix is available.

--
nosy: +kyoshida
Added file: http://bugs.python.org/file29770/issue-8109.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-06 Thread Antoine Pitrou

Antoine Pitrou added the comment:

(testing Roundup mail gateway, please ignore)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-06 Thread Antoine Pitrou

Antoine Pitrou added the comment:

Fixed in 52b4d9bfc9ea (Roundup e-mail gateway seems broken).

--
resolution:  -> fixed
stage: needs patch -> committed/rejected
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-05 Thread danblack

danblack added the comment:

> I don't know which error code should be returned in this case.

Thanks Christian. My fault - asked Antoine to remove the default value for it 
and didn't see this like.

make line 2403:

return SSL_TLSEXT_ERR_OK;

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-05 Thread Christian Heimes

Christian Heimes added the comment:

Coverity reports an issue in the callback function:

/Modules/_ssl.c: 2403 ( uninit_use)
   2400/* remove race condition in this the call back while if 
removing the
   2401 * callback is in progress */
   2402PyGILState_Release(gstate);
>>> CID 966640: Uninitialized scalar variable (UNINIT)
>>> Using uninitialized value "ret".
   2403return ret;
   2404}
   2405
   2406ssl = SSL_get_app_data(s);
   2407assert(PySSLSocket_Check(ssl));

I don't know which error code should be returned in this case.

--
nosy: +christian.heimes
resolution: fixed -> 
stage: committed/rejected -> needs patch
status: closed -> open

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-05 Thread danblack

danblack added the comment:

> I've committed the latest patch. Thank you very much!

much appreciate your help.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-05 Thread Antoine Pitrou

Antoine Pitrou added the comment:

I've committed the latest patch. Thank you very much!

--
resolution:  -> fixed
stage: patch review -> committed/rejected
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-05 Thread Roundup Robot

Roundup Robot added the comment:

New changeset 927afb7bca2a by Antoine Pitrou in branch 'default':
Issue #8109: The ssl module now has support for server-side SNI, thanks to a 
:meth:`SSLContext.set_servername_callback` method.
http://hg.python.org/cpython/rev/927afb7bca2a

--
nosy: +python-dev

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-04 Thread Antoine Pitrou

Antoine Pitrou added the comment:

Updated patch after Daniel's comments.

--
Added file: http://bugs.python.org/file28568/sni2.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-04 Thread Antoine Pitrou

Changes by Antoine Pitrou :


Added file: http://bugs.python.org/file28566/sni.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-04 Thread Antoine Pitrou

Changes by Antoine Pitrou :


Removed file: http://bugs.python.org/file28565/sni.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2013-01-04 Thread Antoine Pitrou

Antoine Pitrou added the comment:

Here is an updated patch with cyclic GC support, and other small things.

--
components: +Library (Lib) -Extension Modules
Added file: http://bugs.python.org/file28565/sni.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-12-16 Thread danblack

danblack added the comment:

> If it isn't very clear to you, I can still handle it myself, though. Those 
> docs aren't the best.

Not clear enough. Yes I'd appreciate you handling it. Thanks.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-12-15 Thread danblack

Changes by danblack :


Added file: http://bugs.python.org/file28326/issue-8109-sni-serverside.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-12-15 Thread Antoine Pitrou

Antoine Pitrou added the comment:

I've posted a few more comments.
As for cyclic garbage collection, it's explained a bit there:
http://docs.python.org/dev/extending/newtypes.html#supporting-cyclic-garbage-collection

If it isn't very clear to you, I can still handle it myself, though. Those docs 
aren't the best.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-12-09 Thread danblack

danblack added the comment:

I've added a full set of alert descriptions and cleaned up the doco some more.

The reference counting when the SNI callback comes in is my greatest worry.

--
Added file: http://bugs.python.org/file28271/issue-8109-sni-serverside.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-12-01 Thread danblack

danblack added the comment:

> Antoine Pitrou (pitrou) * Date: 2012-10-06 13:10
> Daniel, I'll take a look.

minor nag :-)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-11-23 Thread Piotr Dobrogost

Changes by Piotr Dobrogost :


--
nosy: +piotr.dobrogost

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-10-06 Thread Antoine Pitrou

Antoine Pitrou added the comment:

Daniel, I'll take a look.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-10-05 Thread danblack

danblack added the comment:

happy with this?

I'm not sure what i've done to make s._set_context(newctx) work but s.context = 
newctx fail. I though the code here 
http://bugs.python.org/review/8109/diff2/5815:5989/Lib/ssl.py effectively maps 
them.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-09-14 Thread danblack

danblack added the comment:

> Daniel, your patch looks quite interesting. Please, send a contributor 
> agreement to the PSF: http://www.python.org/psf/contrib/contrib-form-python/ 
> . Let me know when you status have changed.

Already done. Has been accepted and I've got an acknowledgement email.

> Why are you changing "Lib/test/keycert2.pem"?
I was mistakely assuming that this was the only test that used it. Fixed now. 
Also added a CA key and server for validating key chains. I didn't end up using 
it however thought it would be handy.

> Please, provide also a documentation patch.

Done. Also improved error checking and reference counting.

> This is a feature enhancement. Would be applied to 3.4, it is too late for 
> 3.3 :-(. Too bad! :(

Was expected. Its been 2.5 years since the bug opened. A little more won't hurt.

I've also changed SSLSocket.context to be a property. Its not quite working. 
The current test case as is working however using an assignment as per line 
1958 of Lib/test/test_ssl.py.

--
Added file: http://bugs.python.org/file27190/issue8109_server_side_sni.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-09-14 Thread danblack

Changes by danblack :


Removed file: http://bugs.python.org/file26950/issue8109_server_side_sni.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-09-10 Thread Jesús Cea Avión

Changes by Jesús Cea Avión :


--
versions: +Python 3.4 -Python 3.3

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-09-10 Thread Jesús Cea Avión

Jesús Cea Avión added the comment:

Daniel, your patch looks quite interesting. Please, send a contributor 
agreement to the PSF: http://www.python.org/psf/contrib/contrib-form-python/ . 
Let me know when you status have changed.

Why are you changing "Lib/test/keycert2.pem"?

Please, provide also a documentation patch.

This is a feature enhancement. Would be applied to 3.4, it is too late for 3.3 
:-(. Too bad! :(

--
stage: needs patch -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2012-08-21 Thread danblack

danblack added the comment:

test_sni not working. getpeercert() not returning a certificate.

--
keywords: +patch
nosy: +daniel-black
Added file: http://bugs.python.org/file26950/issue8109_server_side_sni.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue8109] Server-side support for TLS Server Name Indication extension

2011-01-07 Thread Antoine Pitrou

Antoine Pitrou  added the comment:

> Server side SNI is still missing.

Right, re-opening.

--
resolution: duplicate -> 
stage:  -> needs patch
status: closed -> open
superseder: Support TLS SNI extension in ssl module -> 
title: Support for TLS Server Name Indication extension -> Server-side support 
for TLS Server Name Indication extension
versions: +Python 3.3 -Python 2.7, Python 3.2

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com