Message10365
Darjus, that was a good idea to run it on CPython 2/3. Strange it fails in this fashion for CPython, but it's looking good so far. Some further thoughts on looking at the code:
re SSLContext.cert_store_stats, we should be able to obtain via BC; see
http://www.bouncycastle.org/wiki/display/JA1/X.509+Certificate+Revocation+Lists
re SSLContext.set_default_verify_paths, I'm pretty sure we can get this functionality via CompositeX509TrustManager as defined in _sslcerts. Maybe this can also resolve the issue we see with /usr/local/etc/openssl/cert.pem for brew users? TBD.
re SSLContext.set_alpn_protocols, etc, raising NotImplemented is fine for now. (It's possible we can use Netty to support.) Note that per the docs on SSLContext.set_*, we need to set values for the following:
>>> ssl.HAS_ALPN
False
>>> ssl.HAS_NPN
False
>>> ssl.HAS_ECDH
True
>>> ssl.HAS_SNI
True
Maybe we can provide support for ALPN/NPN by digging into Netty and what we can do to support SSL negotiation, but just based
on what OS X 10.11 returns for their support, I think we are safe in deferring to 2.7.2 or later. |
|
Date |
User |
Action |
Args |
2015-10-20 20:40:46 | zyasoft | set | messageid: <1445373646.85.0.195655177698.issue2390@psf.upfronthosting.co.za> |
2015-10-20 20:40:46 | zyasoft | set | recipients:
+ zyasoft, darjus |
2015-10-20 20:40:46 | zyasoft | link | issue2390 messages |
2015-10-20 20:40:45 | zyasoft | create | |
|