On Mar 23, 2019, at 3:39 PM, Daniel Holth <dholth@gmail.com> wrote:
Wow! Such broken. I was starting to get suspicious of openssl myself.
Poor documentation about the rules on context switching and whether
doing things in a certain order should trigger callbacks.
At least you can get a cert when the ALPN / ACME certificate (and
DEFAULT?) is the only one provided by twisted. If the several attempts
they make came from the same IP address that might be one way to hack
it.
Source: https://letsencrypt.org/docs/faq/#what-ip-addresses-does-let-s-encrypt-use-to-validate-my-web-serverWhat IP addresses does Let’s Encrypt use to validate my web server?We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.
If it gets that bad I'll put the ClientHello regex next to the
regex-based pkcs parser from my rsalette library :)
Fixing the http-01 challenge is a very rational suggestion.
Thanks!
Daniel
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python