Do move it to twisted. I was surprised it wasn't already there. On Sun, Mar 24, 2019, 17:39 Glyph <gl...@twistedmatrix.com> wrote:
> Thanks! I put some review comments on it. I would encourage others with > interest in this area to have a look; I might not get back to this for a > couple of weeks, but I'd be happy to give people collaborator permissions > on the repo if they'd like to help out. > > (Frankly it's probably time that this project grew up and moved over to > the Twisted org anyway, given that txacme depends on it...) > > -g > > On Mar 24, 2019, at 1:59 PM, Daniel Holth <dho...@gmail.com> wrote: > > Pull request for txsni acme https://github.com/glyph/txsni/pull/28 > > On Sun, Mar 24, 2019, 16:33 Glyph <gl...@twistedmatrix.com> wrote: > >> Any chance you could include a link to the relevant PR? Pulling this out >> of the raging tire-fire of my Github notifications would take an >> unfortunately non-trivial amount of time - and I imagine that not everyone >> subscribed might even be on the appropriate repos :). >> >> -g >> >> On Mar 24, 2019, at 9:26 AM, Daniel Holth <dho...@gmail.com> wrote: >> >> The cleaned up pull request should be really easy to try, with a >> dehydrated:(basedir) string port. Go get some certs people! >> >> On Sun, Mar 24, 2019, 00:55 Glyph <gl...@twistedmatrix.com> wrote: >> >>> I think ACME_TLS_1 is a sufficiently high-entropy string that the >>> likelihood of brokenness from this approach is basically zero. >>> >>> -g >>> >>> On Mar 23, 2019, at 9:20 PM, Daniel Holth <dho...@gmail.com> wrote: >>> >>> All we have to do is have some kind of per connection certificate store >>> or flag. If acme is in the first packet and the special certificate exists, >>> send it. Otherwise send the normal certificate, for a very short window of >>> possible brokenness. Letsencrypt may or may not require correct alpn >>> negotiation. Should be simple. >>> >>> I'm happy running the acme client separately and listing my domain >>> instead of doing it all on demand inside twisted. >>> >>> >>> On Sat, Mar 23, 2019, 23:59 Glyph <gl...@twistedmatrix.com> wrote: >>> >>>> >>>> >>>> > On Mar 23, 2019, at 4:06 PM, Daniel Holth <dho...@gmail.com> wrote: >>>> > >>>> > HOLY REGEX BATMAN >>>> > >>>> > class _ConnectionProxy(object): >>>> > >>>> > def bio_write(self, buf): >>>> > if ACME_TLS_1 in buf: >>>> > self.acme_tls_1 = True >>>> > self.bio_write = self._obj.bio_write >>>> > return self._obj.bio_write(buf) >>>> > Now we can choose the acme certificate store in the sni callback and >>>> > make letsencrypt happy! >>>> >>>> 1. Gross >>>> 2. Hooray! >>>> >>>> -g >>>> >>>> _______________________________________________ >>>> Twisted-Python mailing list >>>> Twisted-Python@twistedmatrix.com >>>> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >>>> >>> _______________________________________________ >>> Twisted-Python mailing list >>> Twisted-Python@twistedmatrix.com >>> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >>> >>> >>> _______________________________________________ >>> Twisted-Python mailing list >>> Twisted-Python@twistedmatrix.com >>> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >>> >> _______________________________________________ >> Twisted-Python mailing list >> Twisted-Python@twistedmatrix.com >> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >> >> >> _______________________________________________ >> Twisted-Python mailing list >> Twisted-Python@twistedmatrix.com >> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >> > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > > > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python