On Sat, 2005-06-04 at 12:26 -0600, Shane Hathaway wrote:
Florencio Cano Gabarda wrote:
I would like to do the new SSL module as good as possible. A piece of art and efficiency if possible and obviusly having in mind all programming standards.
Guido and much of the community would certainly be appreciative of a new SSL module, especially if you can overcome the problems that plague M2Crypto.
http://www.artima.com/weblogs/viewpost.jsp?thread=95863
I would say that the criteria for success would be:
1) A module, expected to be included in the standard library, that makes it easy to create both client and server SSL sockets.
2) No leaks or segfaults.
3) An API that any programmer can use without knowing much about cryptography.
I want to be able to write code that's as simple as this:
import socket import ssl
def open_ssl_socket(address): base = socket.socket() base.connect(address) sock = ssl.client(base) return sock
def run_server(port, handler, pki_files): keys = ssl.load_keys(pki_files) s = socket.socket() s.bind(('', port)) s.listen(5) while True: base, address = s.accept() sock = ssl.server(base, keys) handler(sock) sock.close()
"pki_filenames" in the example is a list of key files, certificate files, certificiate signing requests, and perhaps other PKI files. I want the ssl module to figure out for itself what each file means, so that I as a mere human can forget about those details. :-) However, if there's any ambiguity in the set of files provided, the SSL module should throw an exception rather than try to guess the intent.
If you're ambitious, you could also figure out how to make this work with non-blocking sockets. I believe Twisted has made progress there.
4. In the socket module documentation: ssl( sock[, keyfile, certfile]) Initiate a SSL connection over the socket sock. keyfile is the name of a PEM formatted file that contains your private key. certfile is a PEM formatted certificate chain file. On success, a new SSLObject is returned. Warning: This does not do any certificate verification! I would make it a top priority to enable certificate verification in ssl sockets. I don't see the point in doing SSL without certificate verification. It's just false security. Maybe adding a callback asking the application what to do if certificate validation fails, so that application writers can show a GUI dialogue or something like that... Best regards. -- Gustavo J. A. M. Carneiro <gjc@inescporto.pt> <gustavo@users.sourceforge.net> The universe is always one step beyond logic