What I'd suggest for Python 2.2 is to *not* add any new features, like server-side SSL but only accept bugfixes for the current client-side code.
Sounds good to me.
As the current implementation is broken and there is probably little SSL knowledge in the Python core team, I propose to "outsource" the problem:
Thanks! We can sure use some help here.
It should be possible to define a "Python SSL interface" that describes an API for SSL. The various modules in Python that use SSL (urllib, smtp, ...) would then be rewritten to use the new API. The socketmodule.c would be rewritten to use the new API instead.
I've just started digging in the socketmodule.c for a different reason, and I propose to move all the SSL stuff to a separate file and module.
Then, wrappers could be written for the various SSL modules that wrap them into the new "Python SSL interface" API.
This is a good idea. The DB API works like this.
As for me, I'm not an expert in SSL, but I'd be willing to try coordinate the efforts, write a PEP, talk with the module maintainers and such.
But we do need *an* expert, don't we? Maybe you can develop expertise as you go?
I'd be grateful to hear your opinions about this newbie proposal :-)
You don't sound much like a newbie. :-) --Guido van Rossum (home page: http://www.python.org/~guido/)