Any chance you could include a link to the relevant PR? Pulling this out of the raging tire-fire of my Github notifications would take an unfortunately non-trivial amount of time - and I imagine that not everyone subscribed might even be on the appropriate repos :). -g
On Mar 24, 2019, at 9:26 AM, Daniel Holth <dholth@gmail.com> wrote:
The cleaned up pull request should be really easy to try, with a dehydrated:(basedir) string port. Go get some certs people!
On Sun, Mar 24, 2019, 00:55 Glyph <glyph@twistedmatrix.com <mailto:glyph@twistedmatrix.com>> wrote: I think ACME_TLS_1 is a sufficiently high-entropy string that the likelihood of brokenness from this approach is basically zero.
-g
On Mar 23, 2019, at 9:20 PM, Daniel Holth <dholth@gmail.com <mailto:dholth@gmail.com>> wrote:
All we have to do is have some kind of per connection certificate store or flag. If acme is in the first packet and the special certificate exists, send it. Otherwise send the normal certificate, for a very short window of possible brokenness. Letsencrypt may or may not require correct alpn negotiation. Should be simple.
I'm happy running the acme client separately and listing my domain instead of doing it all on demand inside twisted.
On Sat, Mar 23, 2019, 23:59 Glyph <glyph@twistedmatrix.com <mailto:glyph@twistedmatrix.com>> wrote:
On Mar 23, 2019, at 4:06 PM, Daniel Holth <dholth@gmail.com <mailto:dholth@gmail.com>> wrote:
HOLY REGEX BATMAN
class _ConnectionProxy(object):
def bio_write(self, buf): if ACME_TLS_1 in buf: self.acme_tls_1 = True self.bio_write = self._obj.bio_write return self._obj.bio_write(buf) Now we can choose the acme certificate store in the sni callback and make letsencrypt happy!
1. Gross 2. Hooray!
-g
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python <https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python> _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python <https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python>
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python <https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python> _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python