Return-Path: <users-return-15788-archive-asf-public=cust-asf.ponee.io@qpid.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id BA73E200BBF
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 14 Nov 2016 15:19:17 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id B926C160B06; Mon, 14 Nov 2016 14:19:17 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 0FF7E160B05
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 14 Nov 2016 15:19:16 +0100 (CET)
Received: (qmail 14444 invoked by uid 500); 14 Nov 2016 14:19:11 -0000
Mailing-List: contact users-help@qpid.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@qpid.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@qpid.apache.org>
List-Post: <mailto:users@qpid.apache.org>
List-Id: <users.qpid.apache.org>
Reply-To: users@qpid.apache.org
Delivered-To: mailing list users@qpid.apache.org
Received: (qmail 14431 invoked by uid 99); 14 Nov 2016 14:19:10 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Nov 2016 14:19:10 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 895A1C1B43
	for <users@qpid.apache.org>; Mon, 14 Nov 2016 14:19:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 0.479
X-Spam-Level: 
X-Spam-Status: No, score=0.479 tagged_above=-999 required=6.31
	tests=[RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001]
	autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id QRCq9a-BJ-FO for <users@qpid.apache.org>;
	Mon, 14 Nov 2016 14:19:09 +0000 (UTC)
Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 579795FC5F
	for <users@qpid.apache.org>; Mon, 14 Nov 2016 14:19:09 +0000 (UTC)
Received: by mail-wm0-f44.google.com with SMTP id c184so13945586wmd.0
        for <users@qpid.apache.org>; Mon, 14 Nov 2016 06:19:09 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:message-id:subject:from:to:date:organization
         :mime-version:content-transfer-encoding;
        bh=soS0izaY/iKlK+KyUDahNgqxjukFbzFcNyQVUyO7ESI=;
        b=QNbP/toPIbbX8G/Ju0tvmhmdJqF5lNC5MxTQTC6X/Zntv6b+z5qEOwXBFqA+qS+I9r
         WGxv9dsyXNJRY7I71UhzgtU/4raGhoTvza6gglz3Jfk3Cy5T4Wxyr15dVmTElpNkyQJq
         EInMyBkAK1cPFrwZ9pJm1Sy+WljlJVF6DDHoMdw3KsydGkbJ4mX1uF22FwfW+TLTFTRQ
         GOwFGNo5+Dout5hXmzyjXPGVINoaDdxV5iwOMFLkmaFsfrtWYwY4rhgTm6jF5F/1Ia26
         q2UjjllDi1vvEIorZtKbYIu72wszrHQ0OAt57W8zsxu8kpbe4ilx2Gdjdq0r7eFpP5rq
         NMeg==
X-Gm-Message-State: ABUngvfcsoOt53SDt7edfULLCovt6OHU8dbtv5llZU8WsTiKWVVVVUXF8TBwUxA3iEiExgVT
X-Received: by 10.194.164.226 with SMTP id yt2mr23153587wjb.201.1479133132215;
        Mon, 14 Nov 2016 06:18:52 -0800 (PST)
Received: from strappi ([2001:4662:afe3:0:d059:486f:8d45:9595])
        by smtp.gmail.com with ESMTPSA id k74sm29709998wmd.18.2016.11.14.06.18.51
        for <users@qpid.apache.org>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 14 Nov 2016 06:18:51 -0800 (PST)
Message-ID: <1479133130.5502.20.camel@redhat.com>
Subject: Qpid Proton SSL and SNI
From: Ulf Lilleengen <lulf@redhat.com>
To: "users@qpid.apache.org" <users@qpid.apache.org>
Date: Mon, 14 Nov 2016 15:18:50 +0100
Organization: Red Hat
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
archived-at: Mon, 14 Nov 2016 14:19:17 -0000

Hi all,

I've been playing around with setting Server Name Indication (SNI)
 when using the qpid proton python bindings.

For configuring SSL, it seems to be expected that configuration
parameters come from a SSLDomain python object, which maps to the
underlying pn_ssl_domain_t in proton-c.

Today, setting SNI is done through the pn_ssl_t instance using
'pn_ssl_set_peer_hostname'. The pn_ssl_t instance does not seem to be
exposed in the end APIs in the same way as pn_ssl_domain_t, at least
not in the python bindings. I tried to work around this in the python
bindings by passing an extra parameter in addition to the ssl_domain
instance on connect(), but it didn't seem like a good approach.

Would it make sense to add the peer_hostname attribute to the
pn_ssl_domain_t instance, and use that when configuring the pn_ssl_t
internally (in addition to keeping todays API)? 

-- 
Ulf Lilleengen



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org