Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Attempting to reuse twisted.internet.ssl.CertificateOptions results in wrong SNI being sent #4673

Closed
richvdh opened this issue Feb 18, 2019 · 1 comment
Closed

Attempting to reuse twisted.internet.ssl.CertificateOptions results in wrong SNI being sent #4673

richvdh opened this issue Feb 18, 2019 · 1 comment

Comments

@richvdh
Copy link
Member

richvdh commented Feb 18, 2019
edited
Loading

@hawkowl says that it should be possible to reuse CertificateOptions for multiple TLS connections, which would be good because creating them is expensive. However, attempting to do so results in the wrong SNI being sent.

It looks like this is because CertificateOptions only uses one OpenSSL context, and ClientTLSOptions sets the set_info_callback on that one context to set the SNI. Obviously if a different ClientTLSOptions changes the callback in the meantime, then it all goes wrong.

(Note that we override ClientTLSOptions to disable cert verification, but it looks the same in the normal twisted impl.)
@hawkowl hawkowl mentioned this issue Feb 19, 2019
Merged
@richvdh
Copy link
Member Author

richvdh commented Feb 19, 2019

fixed by #4674

@richvdh richvdh closed this as completed Feb 19, 2019
@richvdh richvdh mentioned this issue Jun 9, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@richvdh