Any chance you could include a link to the relevant PR? Pulling this out of the raging tire-fire of my Github notifications would take an unfortunately non-trivial amount of time - and I imagine that not everyone subscribed might even be on the appropriate repos :).
-g > On Mar 24, 2019, at 9:26 AM, Daniel Holth <dho...@gmail.com> wrote: > > The cleaned up pull request should be really easy to try, with a > dehydrated:(basedir) string port. Go get some certs people! > > On Sun, Mar 24, 2019, 00:55 Glyph <gl...@twistedmatrix.com > <mailto:gl...@twistedmatrix.com>> wrote: > I think ACME_TLS_1 is a sufficiently high-entropy string that the likelihood > of brokenness from this approach is basically zero. > > -g > >> On Mar 23, 2019, at 9:20 PM, Daniel Holth <dho...@gmail.com >> <mailto:dho...@gmail.com>> wrote: >> >> All we have to do is have some kind of per connection certificate store or >> flag. If acme is in the first packet and the special certificate exists, >> send it. Otherwise send the normal certificate, for a very short window of >> possible brokenness. Letsencrypt may or may not require correct alpn >> negotiation. Should be simple. >> >> I'm happy running the acme client separately and listing my domain instead >> of doing it all on demand inside twisted. >> >> >> On Sat, Mar 23, 2019, 23:59 Glyph <gl...@twistedmatrix.com >> <mailto:gl...@twistedmatrix.com>> wrote: >> >> >> > On Mar 23, 2019, at 4:06 PM, Daniel Holth <dho...@gmail.com >> > <mailto:dho...@gmail.com>> wrote: >> > >> > HOLY REGEX BATMAN >> > >> > class _ConnectionProxy(object): >> > >> > def bio_write(self, buf): >> > if ACME_TLS_1 in buf: >> > self.acme_tls_1 = True >> > self.bio_write = self._obj.bio_write >> > return self._obj.bio_write(buf) >> > Now we can choose the acme certificate store in the sni callback and >> > make letsencrypt happy! >> >> 1. Gross >> 2. Hooray! >> >> -g >> >> _______________________________________________ >> Twisted-Python mailing list >> Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> >> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >> <https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python> >> _______________________________________________ >> Twisted-Python mailing list >> Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> >> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >> <https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python> > > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > <https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python> > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python