[Twisted-Python] txsni + alpn + acme (letsencrypt)

Daniel Holth dholth at gmail.com
Sun Mar 24 10:26:59 MDT 2019 

The cleaned up pull request should be really easy to try, with a
dehydrated:(basedir) string port. Go get some certs people!

On Sun, Mar 24, 2019, 00:55 Glyph <glyph at twistedmatrix.com> wrote:

> I think ACME_TLS_1 is a sufficiently high-entropy string that the
> likelihood of brokenness from this approach is basically zero.
>
> -g
>
> On Mar 23, 2019, at 9:20 PM, Daniel Holth <dholth at gmail.com> wrote:
>
> All we have to do is have some kind of per connection certificate store or
> flag. If acme is in the first packet and the special certificate exists,
> send it. Otherwise send the normal certificate, for a very short window of
> possible brokenness. Letsencrypt may or may not require correct alpn
> negotiation. Should be simple.
>
> I'm happy running the acme client separately and listing my domain instead
> of doing it all on demand inside twisted.
>
>
> On Sat, Mar 23, 2019, 23:59 Glyph <glyph at twistedmatrix.com> wrote:
>
>>
>>
>> > On Mar 23, 2019, at 4:06 PM, Daniel Holth <dholth at gmail.com> wrote:
>> >
>> > HOLY REGEX BATMAN
>> >
>> > class _ConnectionProxy(object):
>> >
>> >    def bio_write(self, buf):
>> >        if ACME_TLS_1 in buf:
>> >            self.acme_tls_1 = True
>> >        self.bio_write = self._obj.bio_write
>> >        return self._obj.bio_write(buf)
>> > Now we can choose the acme certificate store in the sni callback and
>> > make letsencrypt happy!
>>
>> 1. Gross
>> 2. Hooray!
>>
>> -g
>>
>> _______________________________________________
>> Twisted-Python mailing list
>> Twisted-Python at twistedmatrix.com
>> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20190324/84d6e374/attachment-0002.html>

More information about the Twisted-Python mailing list