Opened 7 years ago

Last modified 7 years ago

#6370 enhancement new

Agent should use SNI to indicate for what hostname it expects it is issuing a request when it is requesting an HTTPS URL

Reported by: Jean-Paul Calderone Owned by:
Priority: normal Milestone:
Component: web Keywords:
Cc: jknight, Christian Kampka Branch:
Author:

Description

First, see #5374 for an explanation of (client) SNI.

When Agent requests an HTTPS URI, in order to get the server to use a certificate which agrees with the request URI, it may need to use SNI to tell the server the expected hostname before the SSL handshake gets to the certificate exchange stage.

This involves calling methods on the pyOpenSSL-supplied Context object to configure it with the hostname to indicate. One place this might be done is in a Twisted-supplied WebClientContextFactory. Another place might be in a wrapper for the (yet implicit) interface of that class. A wrapper has the advantage of being more re-usable but the disadvantage of making it a bit more complicated to figure out how any particular context might be configured (a somewhat interesting thing to be able to figure out, since it has a lot to do with the resulting security properties).

Change History (2)

comment:1 Changed 7 years ago by DefaultCC Plugin

Cc: jknight added

comment:2 Changed 7 years ago by Christian Kampka

Cc: Christian Kampka added
Note: See TracTickets for help on using tickets.