Opened 4 years ago

#8065 enhancement new

Support returning a deferred from the SNI callback

Reported by: Jonathan Stoppani Owned by:
Priority: normal Milestone:
Component: core Keywords: ssl tls sni openssl
Cc: Branch:
Author:

Description

The callback set through set_tlsext_servername_callback requires the return value to be a valid context, but it does not allow a deferred to be returned instead.

As getting the right context depending on the requested server name might involve a non-blocking operation (e.g. fetching the certificate to be used from a remote resource), it would be useful to be able to return a deferred from the callback and have the underlying code wait until it fires before continuing with the SSL handshake.

I (GaretJax) have implemented a solution to this issue for a frontend proxy and SSL terminator that can be used as starting point for the implementation here (extract): https://gist.github.com/GaretJax/124c523a62ba48c9eec1

Change History (0)

Note: See TracTickets for help on using tickets.