[Twisted-Python] SNI callback with support for deferreds

[Glyph Lefkowitz]

> On Oct 25, 2015, at 4:54 AM, Jonathan Stoppani <jonathan at stoppani.name> wrote:
> 
> Hello,
> 
> A couple of days ago I asked on Stack Overflow about returning a deferred from an SNI callback and have pyOpenSSL wait for it to fire before continuing handling the request.
> 
> Thanks to some pointers by Gyph I've found a solution ("workaround") for my problem, involving a fake TLSMemoryBIOProtocol to handle the client hello until the SNI is received, firing the SNI callback, waiting for it to callback and then re-feeding the resulting context to the real TLSMemoryBIOProtocol.

Really glad to hear that this worked.

> The implementation of this solution is available at https://gist.github.com/GaretJax/124c523a62ba48c9eec1 <https://gist.github.com/GaretJax/124c523a62ba48c9eec1>, and I'd like to contribute it back to Twisted, however, it has no unit tests and needs some design decisions/validation.

It also needs a serious overhaul on its indentation - something messed up happened to that code :).

> I've opened a ticket to track it at https://twistedmatrix.com/trac/ticket/8065 <https://twistedmatrix.com/trac/ticket/8065>. Real-life impediments permitting, I'm willing to work on it and get the feature supported in Twisted core.

Thanks!  We don't really support an SNI callback at all (that's purely in the pyOpenSSL layer) so this will be very good to have.

> Anyone willing to help me getting a proper patch?

What help do you need?  I will be happy to do reviews when it's readye. :)

> P.S.: A big shout-out to Twisted for its excellent TLS support out of the box. We got a straight A rating out of the box on ssl labs!

really glad to hear this!  I do plan to quote you on that :)

-glyph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20151025/9c2fac05/attachment-0002.html>