[PATCH] https: support tls sni (server name indication) for https urls (issue3090)

Sat Apr 26 19:05:53 CDT 2014

First off, congratulations Matt on managing to get them to accept reality
wrt Python 2. Given that the 2.7.7 release is slated for late May this
sounds like a workable solution.

I strongly disagree with your (Augie) implication that because it is a
seldom-requested feature it is a seldom-wanted feature. I have seen a
number of links back to the mercurial bug and then they say something along
the lines of "oh darn, python 2 doesn't support it, nothing the mercurial
devs can do, closed/abandoned as impossible" (these bugs being downstream
of course so you're not seeing all of them). I just went the extra mile of
getting annoyed and going about seeing how I could get around the Python 2
limitation. That being said, in light of Python 2.7.7 coming out it is a
whole lot of code to implement something that will be a ton simpler in
2.7.7.

**One question**: has anyone picked this up as far as writing a patch for
Python 2.7.7? If not, I would be interested in applying the knowledge of
where the hostname needs to get passed around a bit more to making a patch
for Python 2.7.7. I assume I should just start a new email (as opposed to
replying to this one) for that, as the solution will be much much simpler
and bear little resemblance to this patch.

Alex

On Sat, Apr 26, 2014 at 8:13 AM, Augie Fackler <raf at durin42.com> wrote:

>
> On Apr 23, 2014, at 9:17 PM, Matt Mackall <mpm at selenic.com> wrote:
>
> > On Wed, 2014-04-23 at 12:48 -0600, Alex Orange wrote:
> >> I haven't heard anything in quite some time, and since the inbox numbers
> >> are low I've decided to bump. Is there any more action I need to take on
> >> this? Is someone looking at it?
> >
> > I briefly discussed this with Augie, who I'd asked to review it. He's
> > given it a once or twice over and come away with the conclusion that he
> > doesn't have enough time to properly review it from a security
> > standpoint.
>
> Yeah, after going over it a couple of times, it's a lot of code for a
> relatively seldom-requested feature, and...
>
> > In related news, I went to the Python Language Summit two weeks ago and
> > complained about the current state of affairs. Two major things came out
> > of this:
> >
> > - an agreement that Python 2.7 was not actually dead and just pining for
> > the fjords:
> >
> > http://hg.python.org/peps/rev/76d43e52d978
> >
> > - a plan to fix a bunch of stuff (including SNI support) for 2.7.7,
> > hopefully:
> >
> > http://legacy.python.org/dev/peps/pep-0466/
> >
> >
> > So, it looks like the way forward is going to be 2.7.7. If you can
> > figure out a way to publish your changes as a third-party extension,
> > that's probably the best way to bridge the gap until that happens.
>
> In light of Python 2.7.7 being a plan, then I'm strongly in favor of
> punting this until 2.7.7 is available, and then we can get a good,
> maintained openssl baked into the Python people use. That'll be the best
> result.
>
> > --
> > Mathematics is the supreme nostalgia of our time.
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20140426/3cee2861/attachment.html>