#twisted-dev

Tickets pending review: https://tm.tl/#9287, #9305, #9333 (markrwilliams), #9337, #9338, #9340, #9350 (ktdreyer), #9210 (markrwilliams), #9358, #9353, #9365 (axiaoxin), #9374, #9375, #9377, #9379, #8966 (the0id), #9383, #9100, #9118 (the0id), #4964 (jameshilliard), #9138, #9176

Tickets pending review: https://tm.tl/#9287, #9305, #9333 (markrwilliams), #9337, #9338, #9340, #9350 (ktdreyer), #9210 (markrwilliams), #9358, #9353, #9365 (axiaoxin), #9374, #9375, #9377, #9379, #8966 (the0id), #9383, #9100, #9118 (the0id), #4964 (jameshilliard), #9138, #9176

Tickets pending review: https://tm.tl/#9287, #9305, #9333 (markrwilliams), #9337, #9338, #9340, #9350 (ktdreyer), #9210 (markrwilliams), #9358, #9353, #9365 (axiaoxin), #9374, #9375, #9377, #9379, #8966 (the0id), #9383, #9100, #9118 (the0id), #4964 (jameshilliard), #9138, #9176

Tickets pending review: https://tm.tl/#9287, #9305, #9333 (markrwilliams), #9337, #9338, #9340, #9350 (ktdreyer), #9210 (markrwilliams), #9358, #9353, #9365 (axiaoxin), #9374, #9375, #9377, #9379, #8966 (the0id), #9383, #9100, #9118 (the0id), #4964 (jameshilliard), #9138, #9176

Tickets pending review: https://tm.tl/#9287, #9305, #9333 (markrwilliams), #9337, #9338, #9340, #9350 (ktdreyer), #9210 (markrwilliams), #9358, #9353, #9365 (axiaoxin), #9374, #9375, #9377, #9379, #8966 (the0id), #9383, #9100, #9118 (the0id), #4964 (jameshilliard), #9138, #9176

Hola twisted friends.

I have recently added some more TLS tooling to hendrix. Specifically, I manually bent two pieces of logic that, AFAICT, don't exist in Twisted: 1) The ability to manually specific a curve for ECC, and 2) the ability to use an EC key created from a curve other than P-256.

See: https://github.com/hendrix/hendrix/blob/3.0.0rc...

I'm wondering: does this logic rightfully belong in twisted instead of hendrix?

jMyles: :)

Hey adiroiban :-)

I guess that as long as you can do it without touching private API

and without doing API gymnastics and massaging

it proves that twisted API is ok

not you can push it to twisted, but it might be hard to update it after that... as Twisted reviews and changes are slow

is nice to have a core Twisted "stdlib" with everything

yeah

but then is hard to find someone to review various patces for various less mainstream features

now in Twisted there is HTTP/DNS/SMTP... used to be XMMP (or maybe still is)

The only part where I had to touch a private attr is here: `SSL_CTX_use_PrivateKey(self._context, _private_key._evp_pkey)`

+ SSH

And you know, that's a PyOpenSSL issue more than a Twisted issue

It's just kind of a bummer that you are stuck with P-256 in Twisted unless you basically replicate this logic (or use hendrix)

so for OpenSSL context I don't know how to change the API to let you do all kind of things with it

so I guess that it is worth pushing for a change in Twisted

at least to refactor the existing code to make it easier to extend it

without touching private members

in this way, it would be easier for you to keep henrix up and running

... I don't expect the private context to be removed anytime soon

but we can make some promises in terms of when to access it

and what can be done with it

I know that the host validation part, is using the app data callback

so if you are already using the openssl app data for the SSL connection you can't use that API... I am in that case

but I don't know how to change it in a generic API