[Twisted-Python] txsni + alpn + acme (letsencrypt)
Daniel Holth
dholth at gmail.com
Sat Mar 23 22:20:53 MDT 2019
All we have to do is have some kind of per connection certificate store or
flag. If acme is in the first packet and the special certificate exists,
send it. Otherwise send the normal certificate, for a very short window of
possible brokenness. Letsencrypt may or may not require correct alpn
negotiation. Should be simple.
I'm happy running the acme client separately and listing my domain instead
of doing it all on demand inside twisted.
On Sat, Mar 23, 2019, 23:59 Glyph <glyph at twistedmatrix.com> wrote:
>
>
> > On Mar 23, 2019, at 4:06 PM, Daniel Holth <dholth at gmail.com> wrote:
> >
> > HOLY REGEX BATMAN
> >
> > class _ConnectionProxy(object):
> >
> > def bio_write(self, buf):
> > if ACME_TLS_1 in buf:
> > self.acme_tls_1 = True
> > self.bio_write = self._obj.bio_write
> > return self._obj.bio_write(buf)
> > Now we can choose the acme certificate store in the sni callback and
> > make letsencrypt happy!
>
> 1. Gross
> 2. Hooray!
>
> -g
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20190324/ff338129/attachment-0002.html>
More information about the Twisted-Python
mailing list