[Twisted-Python] Can transport.write() to hostname instead of IP address?

Sean DiZazzo sean.dizazzo at gmail.com
Thu Aug 30 14:22:14 MDT 2018 

>>You can't use connectSSL in combination with UNIX sockets

I'm working on a rewrite of this system which will use endpoints once
complete.  So far I've got basic server and client endpoints running over
TLS through our reverse proxy.  Its working as expected on a given port,
but I'd rather have the server listen on a unix socket.  Based on your
comment it sounds possible for a client to connect to a socket over TLS,
but is it possible for a server to listen on one over TLS?  I've tried
several different approaches and can't seem to find a way.

I tried wrapping a UnixServerEndpoint with my CertificateOptions, then
tried to find a way to pass a socket path into a SSL4ServerEndpoint
Can't seem to find a corresponding wraperServerTLS to the client function
Tim posted.

Thanks for your help, and thanks for writing Twisted.  :)

~Sean

On Sat, Aug 18, 2018 at 2:12 PM Glyph <glyph at twistedmatrix.com> wrote:

> On Aug 17, 2018, at 9:24 AM, Sean DiZazzo <sean.dizazzo at gmail.com> wrote:
>
>
> Starting to look over the docs and I realize I might have just been able
> to incorporate the `optionsForClientTLS` into what I was already using.
>
> I was using `reactor.connectSSL()` with a default
> ``ssl.ClientContextFactory()` so I think I can make my own
> sslClientContextFactory with `optionsForClientTLS(hostname=host)` and pass
> that in to connectSSL instead.
>
> It would look something like this:
>
> reactor.connectSSL(hostname, port, MyProtocolClientFactory(),
> optionsForClientTLS(hostname=hostname))
>
> I'll give it a try and play around with it.  If it doesn't work, I'll head
> back over to the endpoint examples.
>
>
> This should indeed work for now, but adopting endpoints is a more
> forward-looking approach; "connectSSL" is a much less flexible API, and
> will hopefully someday be removed.
>
> For example:
>
>
>    1. You can't use connectSSL in combination with UNIX sockets
>    2. When we (one day) have a client version of the PROXY endpoint, you
>    won't be able to use that with connectSSL
>    3. You can't do TLS-in-TLS tunneling with connectSSL for backhaul
>    connections
>
>
> It's just generally harder to switch to other secure transports if you're
> not using the endpoint APIs.
>
> Thanks for using Twisted,
>
> -glyph
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20180830/d5b98d1c/attachment-0002.html>

More information about the Twisted-Python mailing list