Skip to content

Comments

Add SSL_set_info_callback function declaration#13375

Merged
reaperhulk merged 1 commit intomainfrom
alex-patch-1
Sep 1, 2025
Merged

Add SSL_set_info_callback function declaration#13375
reaperhulk merged 1 commit intomainfrom
alex-patch-1

Conversation

@alex
Copy link
Member

@alex alex commented Aug 31, 2025

we need this to have a set_info_callback on an SSL.Connection which twisted needs for reasons I don't understand

@alex
Add SSL_set_info_callback function declaration
2a65ead 
we need this to have a `set_info_callback` on an SSL.Connection which twisted needs for reasons I don't understand
@alex alex mentioned this pull request Aug 31, 2025
Closed
@reaperhulk reaperhulk merged commit 0a1e40c into main Sep 1, 2025
68 checks passed
@reaperhulk reaperhulk deleted the alex-patch-1 branch September 1, 2025 00:12
alex added a commit to alex/cryptography that referenced this pull request Sep 1, 2025
@alex
Add SSL_set_info_callback function declaration (pyca#13375)
44df0c2 
we need this to have a `set_info_callback` on an SSL.Connection which twisted needs for reasons I don't understand
reaperhulk pushed a commit that referenced this pull request Sep 1, 2025
@alex
prep for a 45.0.7 release (#13378)
f52a3e1 
* Add SSL_set_info_callback function declaration (#13375)

we need this to have a `set_info_callback` on an SSL.Connection which twisted needs for reasons I don't understand

* prep for a 45.0.7 releaes

* Update CI for the new staticnode location (#13305)

* Update CI for the new staticnode location

* get CI green
@adiroiban
Copy link
Contributor

adiroiban commented Sep 1, 2025

set_info_callback is used by Twisted to check that the connection hostname matches the connection certificate

The callback code is here

https://github.com/twisted/twisted/blob/aedee3ea72b2c206774fbeae7a54e71939699d54/src/twisted/internet/_sslverify.py#L1152-L1182

The Context.set_verify is not used, and instead the info callback is used so that the code can set the hostname connection.set_tlsext_host_name(self._hostnameBytes)

I think that this is "legacy" code in Twisted, and the plan is to (re)use newer code to check for server identity.

I remember that @glyph has mentioned that he wants to rewrite this code... but I can't find the conversation

@alex
Copy link
Member Author

alex commented Sep 1, 2025

It seems like connection.set_tlsext_host_name(self._hostnameBytes) should be callable as soon as the connection is created?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reaperhulk reaperhulk reaperhulk approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alex @adiroiban @reaperhulk