Pull request for txsni acme https://github.com/glyph/txsni/pull/28
On Sun, Mar 24, 2019, 16:33 Glyph <gl...@twistedmatrix.com> wrote: > Any chance you could include a link to the relevant PR? Pulling this out > of the raging tire-fire of my Github notifications would take an > unfortunately non-trivial amount of time - and I imagine that not everyone > subscribed might even be on the appropriate repos :). > > -g > > On Mar 24, 2019, at 9:26 AM, Daniel Holth <dho...@gmail.com> wrote: > > The cleaned up pull request should be really easy to try, with a > dehydrated:(basedir) string port. Go get some certs people! > > On Sun, Mar 24, 2019, 00:55 Glyph <gl...@twistedmatrix.com> wrote: > >> I think ACME_TLS_1 is a sufficiently high-entropy string that the >> likelihood of brokenness from this approach is basically zero. >> >> -g >> >> On Mar 23, 2019, at 9:20 PM, Daniel Holth <dho...@gmail.com> wrote: >> >> All we have to do is have some kind of per connection certificate store >> or flag. If acme is in the first packet and the special certificate exists, >> send it. Otherwise send the normal certificate, for a very short window of >> possible brokenness. Letsencrypt may or may not require correct alpn >> negotiation. Should be simple. >> >> I'm happy running the acme client separately and listing my domain >> instead of doing it all on demand inside twisted. >> >> >> On Sat, Mar 23, 2019, 23:59 Glyph <gl...@twistedmatrix.com> wrote: >> >>> >>> >>> > On Mar 23, 2019, at 4:06 PM, Daniel Holth <dho...@gmail.com> wrote: >>> > >>> > HOLY REGEX BATMAN >>> > >>> > class _ConnectionProxy(object): >>> > >>> > def bio_write(self, buf): >>> > if ACME_TLS_1 in buf: >>> > self.acme_tls_1 = True >>> > self.bio_write = self._obj.bio_write >>> > return self._obj.bio_write(buf) >>> > Now we can choose the acme certificate store in the sni callback and >>> > make letsencrypt happy! >>> >>> 1. Gross >>> 2. Hooray! >>> >>> -g >>> >>> _______________________________________________ >>> Twisted-Python mailing list >>> Twisted-Python@twistedmatrix.com >>> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >>> >> _______________________________________________ >> Twisted-Python mailing list >> Twisted-Python@twistedmatrix.com >> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >> >> >> _______________________________________________ >> Twisted-Python mailing list >> Twisted-Python@twistedmatrix.com >> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >> > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > > > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python