[python-tulip] SSL HandShake / Dynamic Certificates

2014-07-30 Thread Imran Geriskovan 
One can start a SSL server with a static certificate like this:

ctx = create_default_context(Purpose.CLIENT_AUTH)
ctx.load_cert_chain('pem.crt')
async(start_server(handle, host, port, family=AF_INET, limit=8192, ssl=ctx))

However, if you need to use dynamic certificates, you must have access
to SSL Handshake in async means. But this is not currently supported
by asyncio.

I also remember that, about 3 months ago we had some discussion
about creating a plain Stream and at some point of communication
switching to SSL, which again need Async SSL HandShake.

Are there any developments about supporting this capability.

Regards, Imran

Re: [python-tulip] SSL HandShake / Dynamic Certificates

2014-07-30 Thread Victor Stinner 
Hi,

2014-07-30 12:30 GMT+02:00 Imran Geriskovan imran.gerisko...@gmail.com:
 However, if you need to use dynamic certificates, you must have access
 to SSL Handshake in async means. But this is not currently supported
 by asyncio.

What is a dynamic certificate?

If you want to load a certificate from memory, you should take a look at:
http://bugs.python.org/issue21965

Victor

[python-tulip] Release of Trollius 1.0.1 (bugfix)

2014-07-30 Thread Victor Stinner 
Hi,

I released the version 1.0.1 of Trollius:
http://trollius.readthedocs.org/changelog.html#version-1-0-1

This release supports PyPy and has a better support of asyncio
coroutines, especially in debug mode.

It also gets enhancements done in Tulip, like enhancements on the IOCP
proactor for Windows.

Victor

Re: [python-tulip] SSL HandShake / Dynamic Certificates

2014-07-30 Thread Imran Geriskovan 
 What is a dynamic certificate?
 Victor

Certificates are not Dynamic after all.

It is providing different certificates to different accepted
clients by SSL server. Pre-Asyncio era code is here:

ctx = create_default_context(Purpose.CLIENT_AUTH)
ctx.load_cert_chain(pem1.crt') # or pem99.crt
s = ctx.wrap_socket(s, server_side = True, do_handshake_on_connect = False)
...
s.do_handshake()


Anyway..
The request is to ssl wrap a stream (sort of. Switch to ssl mode after
creation) and have seperate access to handshake on asyncio.

Regards,