[Python-ideas] Fwd: PEP 3156: getting the socket or peer name from the transport
Umbrella Code
shane at umbrellacode.com
Sun Jan 27 19:15:31 CET 2013
Could it be handled as a context given to the protocol, and maybe accommodate the other information we'd been discussing? Ultimately the socket could also be part of the context information available as the escape hatch, but generally pre-populated to buffer from hardware. It could include address information, SSL data assigned by the server, etc. Populating it at the right places could also be more efficient.
Sent from my iPad
On Jan 27, 2013, at 9:41 AM, Yuval Greenfield <ubershmekel at gmail.com> wrote:
> On Sun, Jan 27, 2013 at 7:11 PM, Umbrella Code <shane at umbrellacode.com> wrote:
>> It's been a few years so my memory must be rusty, but where is the https protocol dependent on the transport/SSL setup in that way?
>>
>> Sent from my iPad
>>
>> Begin forwarded message:
>
> I can't speak for Antoine but I'm guessing he's talking about SNI:
>
> * a VPS server hosts 2 sites with 2 certificates for "mysite.com" and "yoursite.com"
> * the original TCP server has no idea which cert to use as both sites share the same IP address and port.
> * the solution is the client sends the hostname in the TLS handshake.
>
> So the DNS or HTTP line "host: mysite.com" is also used in the TLS layer. This example agrees with Antoine but it's in the reverse direction, so maybe he has another one in mind.
>
> http://en.wikipedia.org/wiki/Transport_Layer_Security#Support_for_name-based_virtual_servers
> http://en.wikipedia.org/wiki/HTTP_Secure#Limitations
> http://en.wikipedia.org/wiki/Server_Name_Indication
>
> Yuval
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20130127/a72c0ac5/attachment.html>
More information about the Python-ideas
mailing list