Nathaniel Smith <n...@pobox.com> added the comment:
FYI Christian, your "typical scenario for HTTP" doesn't make sense to me... you can't send HTTP Connection Upgrade in the middle of a regular request/response cycle. I feel like the typical scenario ought to be more like: * client * send ``HTTP GET /path`` * server * recv * verify_client_post_handshake (maybe... via calling SSL_do_handshake again?) * client * recv * send upgrade confirmation (emits Certificate, CertificateVerify, Finish message) * server * recv * verify certificate * send either the requested response, or a 401 Unauthorized depending But I don't really understand the underlying design here, either at the TLS 1.3 level or the openssl level, and haven't found very useful docs yet, so I could be wrong. ---------- nosy: +njs _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue34670> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
