[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Benjamin Peterson [EMAIL PROTECTED] added the comment: I assume you wanted to close this too. -- nosy: +benjamin.peterson status: open - closed ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Bill Janssen [EMAIL PROTECTED] added the comment: Looking at this patch, I definitely agree with the need for documentation.And a test case which uses the SafeTransport class. But the patch itself also needs a bit more work. (It uses httplib.HTTPS underneath, and that needs more work, too.) At a minimum, the caller should be able to optionally specify somehow, either as a contructor arg, or otherwise (a module-global variable, perhaps), a set of certificate-authority root certs, which, if specified, would cause client-side validation of the server's certificate. I think this should be added as an optional constructor arg to the HTTPS class. __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Bill Janssen [EMAIL PROTECTED] added the comment: No test case. No provision for client validation of server certificate. -- resolution: - rejected __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Sean Reifschneider [EMAIL PROTECTED] added the comment: This patch also needs to include a patch to the documentation. Martin: Do you agree with the discussion on the changes for 2.6? -- nosy: +jafo __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Andreas Hasenack added the comment: The only difference between xmlrpclib.py from trunk and 2.5.1 is in the Marshaller class. Unrelated, as far as I can see. Note that it seems that the intent of the original code was to support this x509-dict all along: $ grep -n x509 xmlrpclib.py.trunk 1224:# Host may be a string, or a (host, x509-dict) tuple; if a string, 1228:# @param host Host descriptor (URL or (URL, x509 info) tuple). 1230:# x509 info). The header and x509 fields may be None. 1234:x509 = {} 1236:host, x509 = host 1251:return host, extra_headers, x509 1262:host, extra_headers, x509 = self.get_host_info(host) 1282:host, extra_headers, x509 = self.get_host_info(host) 1362:# host may be a string, or a (host, x509-dict) tuple 1364:host, extra_headers, x509 = self.get_host_info(host) 1372:return HTTPS(host, None, **(x509 or {})) Basically just the ServerProxy constructor doesn't support it. One would have to create a new class with a new constructor just because of it. That's why I opened this ticket. __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
New submission from Andreas Hasenack: I was trying to use xmlrpclib.ServerProxy() with https and client certificate validation (I know httplib doesn't do server certificate validation yet). I found no way to pass on host/uri as a (host,x509_dict) tuple as the connection methods support, so I came up with this patch. -- components: Library (Lib) files: xmlrpclib-x509.patch messages: 58363 nosy: ahasenack severity: minor status: open title: xmlrpclib.ServerProxy() doesn't use x509 data type: behavior versions: Python 2.5 Added file: http://bugs.python.org/file8911/xmlrpclib-x509.patch __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __--- xmlrpclib.py.orig 2007-12-10 17:00:49.0 -0200 +++ xmlrpclib.py 2007-12-10 17:37:55.0 -0200 @@ -1185,6 +1185,7 @@ errcode, errmsg, headers = h.getreply() if errcode != 200: +host, extra, x509 = self.get_host_info(host) raise ProtocolError( host + handler, errcode, errmsg, @@ -1382,7 +1383,8 @@ uri [,options] - a logical connection to an XML-RPC server uri is the connection point on the server, given as -scheme://host/target. +scheme://host/target. It can also be a tuple of the form (uri,x509_dict) +where x509_dict is a dictionary specifying files for SSL key and certificate. The standard implementation always supports the http scheme. If SSL socket support is available (Python 2.0), it also supports @@ -1404,12 +1406,17 @@ allow_none=0, use_datetime=0): # establish a logical server connection +x509 = {} # get the url import urllib +if isinstance(uri, TupleType): +uri, x509 = uri type, uri = urllib.splittype(uri) if type not in (http, https): raise IOError, unsupported XML-RPC protocol self.__host, self.__handler = urllib.splithost(uri) +if x509: +self.__host = (self.__host, x509) if not self.__handler: self.__handler = /RPC2 ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Guido van Rossum added the comment: This should be considered for 2.6, not 2.5 (which is in feature freeze). I'm hoping Bill Janssen can review this. -- assignee: - janssen nosy: +gvanrossum, janssen __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1581] xmlrpclib.ServerProxy() doesn't use x509 data
Martin v. Löwis added the comment: I would like to ask the submitter to review the code himself for suitability in 2.6. The underlying API has been extended a lot, so it's unlikely that this patch is still the best choice. -- nosy: +loewis __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1581 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com