qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Giusti <kgiu...@redhat.com>
Subject Re: Qpid Proton SSL and SNI
Date Mon, 14 Nov 2016 14:55:40 GMT
Hi Ulf,

----- Original Message -----
> From: "Ulf Lilleengen" <lulf@redhat.com>
> To: users@qpid.apache.org
> Sent: Monday, November 14, 2016 9:18:50 AM
> Subject: Qpid Proton SSL and SNI
> 
> Hi all,
> 
> I've been playing around with setting Server Name Indication (SNI)
>  when using the qpid proton python bindings.
> 
> For configuring SSL, it seems to be expected that configuration
> parameters come from a SSLDomain python object, which maps to the
> underlying pn_ssl_domain_t in proton-c.
> 
> Today, setting SNI is done through the pn_ssl_t instance using
> 'pn_ssl_set_peer_hostname'. The pn_ssl_t instance does not seem to be
> exposed in the end APIs in the same way as pn_ssl_domain_t, at least
> not in the python bindings. I tried to work around this in the python
> bindings by passing an extra parameter in addition to the ssl_domain
> instance on connect(), but it didn't seem like a good approach.
> 

Are you using reactor API?  IIRC the peer hostname is taken from the URL used to create the
connection.

Lower layers of the python binding use the 'hostname' property of the Connection class.



> Would it make sense to add the peer_hostname attribute to the
> pn_ssl_domain_t instance, and use that when configuring the pn_ssl_t
> internally (in addition to keeping todays API)?
> 
> --
> Ulf Lilleengen
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
> 
> 

-- 
-K

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message