I think the next steps to take are as follows, in order:
1) Generate a patch to the trunk to remove all use of socket.ssl in
library modules (and elsewhere except for
test/test_socket_ssl.py), and switch them to use the ssl module.
This would affect httplib, imaplib, poplib, smtplib, urllib,
This patch should also deprecate the use of socket.ssl, and
particularly the "server" and "issuer" methods on it, which can
return bad data.
I don't know how to deprecate something... Pointers?
2) Expand the test suite to exhaustively test edge cases, particularly
things like invalid protocol ids, bad cert files, bad key files,
3) Take the threaded server example in test/test_ssl.py, clean it up,
and add it to the Demos directory (maybe it should be a HOWTO?).
4) Generate a patch for the Py3K branch. This patch would remove the
"ssl" function from the socket module, and would also remove the
"server" and "issuer" methods on the SSL context. The ssl.sslsocket
class would be renamed to SSLSocket (PEP 8), and would inherit
from socket.socket and io.RawIOBase. The current improvements to
the Modules/_ssl.c file would be folded in. The patch would
also fix all uses of socket.ssl in the other library modules.
5) Generate a package for older Pythons (2.3-2.5). This would
install the ssl module, plus the improved version of _ssl.c.
Needs more design.