new twisted TLS context

NORDUnet / opennsa

Open-source implementation of the NSI protocol with support for different backends

BSD 3-Clause "New" or "Revised" License

13 stars 19 forks source link

new twisted TLS context #17

Closed hanstrompert closed 3 years ago

hanstrompert commented 3 years ago

New twisted TLS context with correct peer verification and SNI support:

uses twisted optionsForClientTLS for SNI support and certificate verification
uses service_identity and idna (if modules are present) to correctly verify peer
will load all certificates from certdir regardless of filename
now needs all certificates in chain for verification
ignores verify option in configuration file, will always verify certificates

hanstrompert commented 3 years ago

After a testing a couple of weeks decided to incorporate the original TLS context and use that for server connections, client connection will use the new TLS context to make SNI work properly. Will close this pull request and create a new one.