[Python-3000] Merging the trunk SSL changes.
Guido van Rossum
guido at python.org
Wed Aug 29 03:29:13 CEST 2007
On 8/28/07, Bill Janssen <janssen at parc.com> wrote:
> > > If you can hold off one day before doing the trunk merge, I'm going to
> > > post a fix to the Windows SSL breakage this evening (PDT).
> > Too late, sorry, it's already checked in. You can revert the SSL bits if you
> > want, and take care to merge the proper changes later.
> No, that's OK. I'll just (eventually) generate a 3K patch against
> what's in the repo. Probably not this week.
> Here's my work plan (from yesterday's python-dev):
> 1) Generate a patch to the trunk to remove all use of socket.ssl in
> library modules (and elsewhere except for
> test/test_socket_ssl.py), and switch them to use the ssl module.
> This would affect httplib, imaplib, poplib, smtplib, urllib,
> and xmlrpclib.
> This patch should also deprecate the use of socket.ssl, and
> particularly the "server" and "issuer" methods on it, which can
> return bad data.
> 2) Expand the test suite to exhaustively test edge cases, particularly
> things like invalid protocol ids, bad cert files, bad key files,
> 3) Take the threaded server example in test/test_ssl.py, clean it up,
> and add it to the Demos directory (maybe it should be a HOWTO?).
> 4) Generate a patch for the Py3K branch. This patch would remove the
> "ssl" function from the socket module, and would also remove the
> "server" and "issuer" methods on the SSL context. The ssl.sslsocket
> class would be renamed to SSLSocket (PEP 8), and would inherit
> from socket.socket and io.RawIOBase. The current improvements to
> the Modules/_ssl.c file would be folded in. The patch would
> also fix all uses of socket.ssl in the other library modules.
> 5) Generate a package for older Pythons (2.3-2.5). This would
> install the ssl module, plus the improved version of _ssl.c.
> Needs more design.
> I've currently got a patch for (1). Sounds like I should switch the
> order of (3) and (4).
Until ssl.py is fixed, I've added quick hacks to test_ssl.py and
test_socket_ssl.py to disable these tests, so people won't be alarmed
by the test failures.
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-3000