Florencio Cano Gabarda wrote:
I would like to do the new SSL module as good as possible. A piece of art and efficiency if possible and obviusly having in mind all programming standards.
Guido and much of the community would certainly be appreciative of a new SSL module, especially if you can overcome the problems that plague M2Crypto. http://www.artima.com/weblogs/viewpost.jsp?thread=95863 I would say that the criteria for success would be: 1) A module, expected to be included in the standard library, that makes it easy to create both client and server SSL sockets. 2) No leaks or segfaults. 3) An API that any programmer can use without knowing much about cryptography. I want to be able to write code that's as simple as this: import socket import ssl def open_ssl_socket(address): base = socket.socket() base.connect(address) sock = ssl.client(base) return sock def run_server(port, handler, pki_files): keys = ssl.load_keys(pki_files) s = socket.socket() s.bind(('', port)) s.listen(5) while True: base, address = s.accept() sock = ssl.server(base, keys) handler(sock) sock.close() "pki_filenames" in the example is a list of key files, certificate files, certificiate signing requests, and perhaps other PKI files. I want the ssl module to figure out for itself what each file means, so that I as a mere human can forget about those details. :-) However, if there's any ambiguity in the set of files provided, the SSL module should throw an exception rather than try to guess the intent. If you're ambitious, you could also figure out how to make this work with non-blocking sockets. I believe Twisted has made progress there. Shane