Quinn Slack added the comment:
I have updated the patch in hg to address the sections marked "TODO" (after I
submitted a patch to OpenSSL that they depended on). I'll resubmit a patch here
in a ~week addressing that issue and those below, to continue pushing this
issue along.
Quinn Slack added the comment:
Thanks for checking this out. Yes, this should wait for OpenSSL 1.0.1.
I will fix the TODO. It is there because the current TLS-SRP patch to OpenSSL
uses old (pre-RFC 5054) TLS alert values for when the SRP username isn't in the
Client Hello. I'm
New submission from Quinn Slack :
This patch adds support for TLS-SRP (RFC 5054[1]) to Python ssl.SSLSocket,
_ssl.c, http, and urllib. TLS-SRP lets a client and server establish a mutually
authenticated SSL channel using only a username and password (a certificate may
also be used to
