Convergence
Convergence copied to clipboard
moxie0
Notary fails for sites relying on SNI
Convergence will currently give a certificate error for sites using SNI to provide appropriate certificates for virtual hosts; it looks like this will magically fix itself once Twisted supports SNI.
http://twistedmatrix.com/trac/ticket/4887 is re. server-side SNI support, http://twistedmatrix.com/trac/ticket/5190 SNI in general.
The 4887 bug mentions waiting for SNI support in PyOpenSSL, which according to https://bugs.launchpad.net/pyopenssl/+bug/705683 is now done.
So, fingers crossed.
I think we're going to have to add the SNI support to Twisted if we want this.
I think we have to add it, as we really should support it. I mean all major browsers today support it.
I'm just about to grab the twisted source to look at it. Currently stuck at the little bit where they are using SVN for scm and I'm on windows at this moment without SVN installed.
I've submitted a patch to Twisted for this: http://twistedmatrix.com/trac/ticket/5374
beat me to it, it's the line 299 of twisted/protocols/tls.py that is the call to pyopenssl to turn on TLS right?
Great work. I am really waiting for this feature. I checked out the Twisted code but got kind of lost in it.
@reissman, the only reason I didn't was cause I was halfway through doing it myself, twisted is quite nasty in how they jump their code all over the place, in this class out this one...
It's logical the way it's broken down, but it's complicated enough to leave a nice tangled knot to unravel to trace through it.