[issue22960] xmlrpc.client.ServerProxy() should accept a custom SSL context parameter

Discussion:

zodalahtathi

2014-11-27 20:23:06 UTC

New submission from zodalahtathi:

When using xmlrpc.server it is possible (despite being intrusive) to use a custom SSL context, ie:

import ssl
import xmlrpc.server

rpc_server = xmlrpc.server.SimpleXMLRPCServer(...)
ssl_context = ssl.SSLContext()
# setup the context ...
rpc_server.socket = ssl_context.wrap_socket(rpc_server.socket, ...)

However it is not possible (unless using some ugly monkey patching, which I am ashamed of writing) to do the same for xmlrpc.client.

xmlrpc.client.ServerProxy() could accept a context constructor, and pass it to the SafeTransport instance, and then to the http.client.HTTPSConnection instance (https://hg.python.org/cpython/file/3.4/Lib/xmlrpc/client.py#l1338).

I would allow passing a SSL context more secure than the default one, and thus improve security.

----------
components: Library (Lib)
messages: 231778
nosy: zodalahtathi
priority: normal
severity: normal
status: open
title: xmlrpc.client.ServerProxy() should accept a custom SSL context parameter
type: enhancement
versions: Python 3.5

_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________

Alex Gaynor

2014-11-27 20:30:59 UTC

Permalink

Changes by Alex Gaynor <***@gmail.com>:

----------
nosy: +alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou
versions: +Python 2.7

_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________

Alex Gaynor

2014-11-30 02:47:15 UTC

Permalink

Alex Gaynor added the comment:

Attached is a patch for 2.7

----------
keywords: +patch
Added file: http://bugs.python.org/file37321/issue22960.diff

_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________

Benjamin Peterson

2014-11-30 03:20:53 UTC

Permalink

Benjamin Peterson added the comment:

I suppose I should ask you to write a test. Of course, HTTPS doesn't seem to be tested at all right now (see the attractive "FIXME: mostly untested" comment in SafeTransport.) Maybe, it's easier now, though, using the code in Lib/test/ssl_servers.py?

----------
nosy: +benjamin.peterson

_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________

Roundup Robot

2014-11-30 03:57:24 UTC

Permalink

Roundup Robot added the comment:

New changeset 62bd574e95d5 by Benjamin Peterson in branch '2.7':
add context parameter to xmlrpclib.ServerProxy (#22960)
https://hg.python.org/cpython/rev/62bd574e95d5

----------
nosy: +python-dev

_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________

Alex Gaynor

2014-11-30 04:08:13 UTC

Permalink

Alex Gaynor added the comment:

Attached patch fixes it for Python3.

----------
Added file: http://bugs.python.org/file37323/issue22960-3.diff

_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________

Roundup Robot

2014-11-30 04:34:36 UTC

Permalink

Roundup Robot added the comment:

New changeset 4b00430388ad by Benjamin Peterson in branch '3.4':
add context parameter to xmlrpclib.ServerProxy (#22960)
https://hg.python.org/cpython/rev/4b00430388ad

New changeset 2a126ce6f83e by Benjamin Peterson in branch 'default':
merge 3.4 (#22960)
https://hg.python.org/cpython/rev/2a126ce6f83e

----------

_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________

Benjamin Peterson

2014-11-30 04:37:20 UTC

Permalink

Changes by Benjamin Peterson <***@python.org>:

----------
resolution: -> fixed
status: open -> closed

_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________

zodalahtathi

2014-11-30 11:55:59 UTC

Permalink

zodalahtathi added the comment:

Thank you

----------

_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue22960>
_______________________________________