Notary fails for sites relying on SNI #28
Comments
|
I think we're going to have to add the SNI support to Twisted if we want this. |
|
I think we have to add it, as we really should support it. I mean all major browsers today support it. |
|
@ewanm89, you on it? =) |
|
I'm just about to grab the twisted source to look at it. Currently stuck at the little bit where they are using SVN for scm and I'm on windows at this moment without SVN installed. |
|
I've submitted a patch to Twisted for this: http://twistedmatrix.com/trac/ticket/5374 |
|
beat me to it, it's the line 299 of twisted/protocols/tls.py that is the call to pyopenssl to turn on TLS right? |
|
Great work. I am really waiting for this feature. I checked out the Twisted code but got kind of lost in it. |
|
@reissman, the only reason I didn't was cause I was halfway through doing it myself, twisted is quite nasty in how they jump their code all over the place, in this class out this one... |
|
It's logical the way it's broken down, but it's complicated enough to leave a nice tangled knot to unravel to trace through it. |
|
right, i realized that when looking at the code ... |
Convergence will currently give a certificate error for sites using SNI to provide appropriate certificates for virtual hosts; it looks like this will magically fix itself once Twisted supports SNI.
http://twistedmatrix.com/trac/ticket/4887 is re. server-side SNI support, http://twistedmatrix.com/trac/ticket/5190 SNI in general.
The 4887 bug mentions waiting for SNI support in PyOpenSSL, which according to https://bugs.launchpad.net/pyopenssl/+bug/705683 is now done.
So, fingers crossed.
The text was updated successfully, but these errors were encountered: