[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Benjamin Peterson [EMAIL PROTECTED] added the comment: I assume you wanted to close this too. -- nosy: +benjamin.peterson status: open - closed ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Bill Janssen [EMAIL PROTECTED] added the comment: Looking at this patch, I definitely agree with the need for documentation.And a test case which uses the SafeTransport class. But the patch itself also needs a bit more work. (It uses httplib.HTTPS underneath, and that needs more work, too.) At a minimum, the caller should be able to optionally specify somehow, either as a contructor arg, or otherwise (a module-global variable, perhaps), a set of certificate-authority root certs, which, if specified, would cause client-side validation of the server's certificate. I think this should be added as an optional constructor arg to the HTTPS class. __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Bill Janssen [EMAIL PROTECTED] added the comment: No test case. No provision for client validation of server certificate. -- resolution: - rejected __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Sean Reifschneider [EMAIL PROTECTED] added the comment: This patch also needs to include a patch to the documentation. Martin: Do you agree with the discussion on the changes for 2.6? -- nosy: +jafo __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Andreas Hasenack added the comment:
The only difference between xmlrpclib.py from trunk and 2.5.1 is in the
Marshaller class. Unrelated, as far as I can see.
Note that it seems that the intent of the original code was to support
this x509-dict all along:
$ grep -n x509 xmlrpclib.py.trunk
1224:# Host may be a string, or a (host, x509-dict) tuple; if a string,
1228:# @param host Host descriptor (URL or (URL, x509 info) tuple).
1230:# x509 info). The header and x509 fields may be None.
1234:x509 = {}
1236:host, x509 = host
1251:return host, extra_headers, x509
1262:host, extra_headers, x509 = self.get_host_info(host)
1282:host, extra_headers, x509 = self.get_host_info(host)
1362:# host may be a string, or a (host, x509-dict) tuple
1364:host, extra_headers, x509 = self.get_host_info(host)
1372:return HTTPS(host, None, **(x509 or {}))
Basically just the ServerProxy constructor doesn't support it. One would
have to create a new class with a new constructor just because of it.
That's why I opened this ticket.
__
Tracker [EMAIL PROTECTED]
http://bugs.python.org/issue1581
__
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
New submission from Andreas Hasenack:
I was trying to use xmlrpclib.ServerProxy() with https and client
certificate validation (I know httplib doesn't do server certificate
validation yet). I found no way to pass on host/uri as a
(host,x509_dict) tuple as the connection methods support, so I came up
with this patch.
--
components: Library (Lib)
files: xmlrpclib-x509.patch
messages: 58363
nosy: ahasenack
severity: minor
status: open
title: xmlrpclib.ServerProxy() doesn't use x509 data
type: behavior
versions: Python 2.5
Added file: http://bugs.python.org/file8911/xmlrpclib-x509.patch
__
Tracker [EMAIL PROTECTED]
http://bugs.python.org/issue1581
__--- xmlrpclib.py.orig 2007-12-10 17:00:49.0 -0200
+++ xmlrpclib.py 2007-12-10 17:37:55.0 -0200
@@ -1185,6 +1185,7 @@
errcode, errmsg, headers = h.getreply()
if errcode != 200:
+host, extra, x509 = self.get_host_info(host)
raise ProtocolError(
host + handler,
errcode, errmsg,
@@ -1382,7 +1383,8 @@
uri [,options] - a logical connection to an XML-RPC server
uri is the connection point on the server, given as
-scheme://host/target.
+scheme://host/target. It can also be a tuple of the form (uri,x509_dict)
+where x509_dict is a dictionary specifying files for SSL key and certificate.
The standard implementation always supports the http scheme. If
SSL socket support is available (Python 2.0), it also supports
@@ -1404,12 +1406,17 @@
allow_none=0, use_datetime=0):
# establish a logical server connection
+x509 = {}
# get the url
import urllib
+if isinstance(uri, TupleType):
+uri, x509 = uri
type, uri = urllib.splittype(uri)
if type not in (http, https):
raise IOError, unsupported XML-RPC protocol
self.__host, self.__handler = urllib.splithost(uri)
+if x509:
+self.__host = (self.__host, x509)
if not self.__handler:
self.__handler = /RPC2
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Guido van Rossum added the comment: This should be considered for 2.6, not 2.5 (which is in feature freeze). I'm hoping Bill Janssen can review this. -- assignee: - janssen nosy: +gvanrossum, janssen __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Martin v. Löwis added the comment: I would like to ask the submitter to review the code himself for suitability in 2.6. The underlying API has been extended a lot, so it's unlikely that this patch is still the best choice. -- nosy: +loewis __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
