[New-bugs-announce] [issue22960] xmlrpc.client.ServerProxy() should accept a custom SSL context parameter
zodalahtathi
report at bugs.python.org
Thu Nov 27 21:23:06 CET 2014
New submission from zodalahtathi:
When using xmlrpc.server it is possible (despite being intrusive) to use a custom SSL context, ie:
import ssl
import xmlrpc.server
rpc_server = xmlrpc.server.SimpleXMLRPCServer(...)
ssl_context = ssl.SSLContext()
# setup the context ...
rpc_server.socket = ssl_context.wrap_socket(rpc_server.socket, ...)
However it is not possible (unless using some ugly monkey patching, which I am ashamed of writing) to do the same for xmlrpc.client.
xmlrpc.client.ServerProxy() could accept a context constructor, and pass it to the SafeTransport instance, and then to the http.client.HTTPSConnection instance (https://hg.python.org/cpython/file/3.4/Lib/xmlrpc/client.py#l1338).
I would allow passing a SSL context more secure than the default one, and thus improve security.
----------
components: Library (Lib)
messages: 231778
nosy: zodalahtathi
priority: normal
severity: normal
status: open
title: xmlrpc.client.ServerProxy() should accept a custom SSL context parameter
type: enhancement
versions: Python 3.5
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________
More information about the New-bugs-announce
mailing list