SNI (Server Name Indication) Support

von / PerProxy

A python-based proxy that uses Perspectives to detect and thwart SSL MITM attacks.

7 stars 2 forks source link

SNI (Server Name Indication) Support #46

Open ddidderr opened 12 years ago

ddidderr commented 12 years ago

Please add support for SNI (Server Name Indication), because out there are many SSL enabled servers, with name-based virtual hosts, whose subdomains all have wrong certificates because pyPerspectives is only seeing the default certificate.

von commented 12 years ago

Looks like in C with openssl I would use ```SSL_set_tlsext_host_name(ssl, servername)'''.

But I'm not seeing that exposed in the M2Crypto API. So agree entirely on the need for this, but don't see reasonable way to implement at this moment. Question posed on StackOverflow.

von commented 12 years ago

The Python 3.2 SSL module has support for SNI: http://bugs.python.org/issue5639#msg141950 And looks like Python 2.x won't have it: http://bugs.python.org/issue5639#msg141913

With the Python 3.2 ssl module: "...you can use the server_hostname argument to SSLContext.wrap_socket()"