Ticket #4655 enhancement new

Opened 3 years ago

Last modified 3 years ago

function or method to construct an SSL context factory for clients that do not use a certificate from objects in twisted.internet.ssl

Reported by: glyph Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: Branch:
Author: Launchpad Bug:

Description (last modified by glyph) (diff)

Right now, you can construct a CertificateOptions directly (using PyOpenSSL junk) or call PrivateCertificate.options(), which doesn't allow for much in the way of customization (you can't select the method, etc).

It should be possible to pass a list of Certificate objects for your CAs, and using some named constants for the 'method' that don't require you to import PyOpenSSL, so that we could have some alternate SSL implementation, at some point in the future.

Change History

1

follow-up: ↓ 2   Changed 3 years ago by exarkun

What do you have in mind when you mention using some named constants? The method? That's the only thing that I see other than key and certificate objects that leaks through from pyOpenSSL to CertificateOptions.

2

in reply to: ↑ 1   Changed 3 years ago by glyph

  • description modified (diff)

Replying to exarkun:

What do you have in mind when you mention using some named constants? The method? That's the only thing that I see other than key and certificate objects that leaks through from pyOpenSSL to CertificateOptions.

Yes. Updated the description to reflect that.

3

  Changed 2 years ago by <automation>

  • owner glyph deleted
Note: See TracTickets for help on using tickets.