On Monday, November 14, 2016, Ken Giusti <[email protected]> wrote: > Hi Ulf, > > ----- Original Message ----- > > From: "Ulf Lilleengen" <[email protected] <javascript:;>> > > To: [email protected] <javascript:;> > > Sent: Monday, November 14, 2016 9:18:50 AM > > Subject: Qpid Proton SSL and SNI > > > > Hi all, > > > > I've been playing around with setting Server Name Indication (SNI) > > when using the qpid proton python bindings. > > > > For configuring SSL, it seems to be expected that configuration > > parameters come from a SSLDomain python object, which maps to the > > underlying pn_ssl_domain_t in proton-c. > > > > Today, setting SNI is done through the pn_ssl_t instance using > > 'pn_ssl_set_peer_hostname'. The pn_ssl_t instance does not seem to be > > exposed in the end APIs in the same way as pn_ssl_domain_t, at least > > not in the python bindings. I tried to work around this in the python > > bindings by passing an extra parameter in addition to the ssl_domain > > instance on connect(), but it didn't seem like a good approach. > > > > Are you using reactor API? IIRC the peer hostname is taken from the URL > used to create the connection. > > Lower layers of the python binding use the 'hostname' property of the > Connection class.
You are right. However, i need to set it to something different than the hostname i connect to. (This is needed in openshift when you don't have a global hostname to bind to an internal service and generates a hostname for you to use set as SNI). > > Would it make sense to add the peer_hostname attribute to the > > pn_ssl_domain_t instance, and use that when configuring the pn_ssl_t > > internally (in addition to keeping todays API)? > > > > -- > > Ulf Lilleengen > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] <javascript:;> > > For additional commands, e-mail: [email protected] > <javascript:;> > > > > > > -- > -K > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] <javascript:;> > For additional commands, e-mail: [email protected] <javascript:;> > >
