Asgiref tls extension proposal #2586
Open
+174
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eirikhex
force-pushed
the
asgiref-tls-extension-proposal
branch
9 times, most recently
from
ece9cf9 to
78a2f6e
Compare
Kludex
requested changes
Mar 9, 2025
| @@ -260,6 +260,7 @@ def __init__( | |||
| self.callback_notify = callback_notify | |||
| self.ssl_keyfile = ssl_keyfile | |||
| self.ssl_certfile = ssl_certfile | |||
| self.ssl_cert_pem: str | None = None | |||
There was a problem hiding this comment.
Why did you add this? Seems out of scope?
There was a problem hiding this comment.
This was added in order to serve read and store the server cert pem one place. This need to be passed to the scope, and the file should not be read on every request.
should this be placed somewhere else?
uvicorn/protocols/utils.py
Outdated
Comment on lines
62
to
66
| class TLSInfo(TypedDict, total=False): | ||
| server_cert: str | None | ||
| client_cert_chain: list[str] | ||
| tls_version: str | None | ||
| cipher_suite: str | None |
There was a problem hiding this comment.
This needs to go in the _types module, and be added to the extensions key.
There was a problem hiding this comment.
Bit unsure about how that works. This is my attempt to fix it: 3186a0d
eirikhex
force-pushed
the
asgiref-tls-extension-proposal
branch
from
78a2f6e to
db67d7a
Compare
eirikhex
force-pushed
the
asgiref-tls-extension-proposal
branch
2 times, most recently
from
77edfda to
54fc797
Compare
eirikhex
force-pushed
the
asgiref-tls-extension-proposal
branch
from
54fc797 to
a3bfb93
Compare
eirikhex
force-pushed
the
asgiref-tls-extension-proposal
branch
from
a3bfb93 to
1fc2beb
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Simplification of #1119 according to the discussion in django/asgiref#466
A proof of concept for a change in the asgi spec for the tls extension where
client_cert_nameis removed because it's not the role of the ASGI web server to parse X.509 certificate. The content of the field is a part of theclient_cert_chain, and should be extracted from there. (as shown in the test in this PR)client_cert_erroris removed as it was impossible to fill with any useful information.tls_versionandcipher_suiteis filled with string returned by ssl.SSLSocket.version() and ssl.SSLSocket.cipher()Checklist