Summer of Code: Developing complete SSL support for Python
Hello, This is my first post to the list but I wish to be an active developer of Python in the future. This project of Summer of Code from Google has opened my eyes to the open source community. The money has been a great motivation but thinking about coding something that will be remembered in the future and specially USEFUL to the community motivates me very much too. After this introduction I want to talk about SSL support in Python. I have read in the Summer of Code section of Python web that a possible project is coding a new complete module that implements SSL to Python. And possibly add this module to the python standard library. Appart from this the project would include adding functionality to the modules (like urlib) to support SSL as trasparent as possible. ¿What do you think about it? **I'm actually looking for information in the archives of this list and web** but I would like to ask the list something: - Is necessary a complete new SSL module for Python? - What do you need about SSL ? - What do you think about incorporing SSL to act trasparently in the modules that use it in the actuality ? - Any kind of information, references, would be appreciate. I would like to do the new SSL module as good as possible. A piece of art and efficiency if possible and obviusly having in mind all programming standards. Thanks very much for any help. -- Florencio Cano Gabarda <fcano@ono.com>
On Sat, Jun 04, 2005, Florencio Cano Gabarda wrote:
This is my first post to the list but I wish to be an active developer of Python in the future. This project of Summer of Code from Google has opened my eyes to the open source community. The money has been a great motivation but thinking about coding something that will be remembered in the future and specially USEFUL to the community motivates me very much too.
After this introduction I want to talk about SSL support in Python.
Great! Given the nature of your project, python-dev probably is the best place for you to get information, but I also encourage you to join the Summer of Code mailing list: http://mail.python.org/mailman/listinfo/summerofcode -- Aahz (aahz@pythoncraft.com) <*> http://www.pythoncraft.com/ "The only problem with Microsoft is they just have no taste." --Steve Jobs
Florencio Cano Gabarda wrote:
I would like to do the new SSL module as good as possible. A piece of art and efficiency if possible and obviusly having in mind all programming standards.
Guido and much of the community would certainly be appreciative of a new SSL module, especially if you can overcome the problems that plague M2Crypto. http://www.artima.com/weblogs/viewpost.jsp?thread=95863 I would say that the criteria for success would be: 1) A module, expected to be included in the standard library, that makes it easy to create both client and server SSL sockets. 2) No leaks or segfaults. 3) An API that any programmer can use without knowing much about cryptography. I want to be able to write code that's as simple as this: import socket import ssl def open_ssl_socket(address): base = socket.socket() base.connect(address) sock = ssl.client(base) return sock def run_server(port, handler, pki_files): keys = ssl.load_keys(pki_files) s = socket.socket() s.bind(('', port)) s.listen(5) while True: base, address = s.accept() sock = ssl.server(base, keys) handler(sock) sock.close() "pki_filenames" in the example is a list of key files, certificate files, certificiate signing requests, and perhaps other PKI files. I want the ssl module to figure out for itself what each file means, so that I as a mere human can forget about those details. :-) However, if there's any ambiguity in the set of files provided, the SSL module should throw an exception rather than try to guess the intent. If you're ambitious, you could also figure out how to make this work with non-blocking sockets. I believe Twisted has made progress there. Shane
On Sat, 2005-06-04 at 12:26 -0600, Shane Hathaway wrote:
Florencio Cano Gabarda wrote:
I would like to do the new SSL module as good as possible. A piece of art and efficiency if possible and obviusly having in mind all programming standards.
Guido and much of the community would certainly be appreciative of a new SSL module, especially if you can overcome the problems that plague M2Crypto.
http://www.artima.com/weblogs/viewpost.jsp?thread=95863
I would say that the criteria for success would be:
1) A module, expected to be included in the standard library, that makes it easy to create both client and server SSL sockets.
2) No leaks or segfaults.
3) An API that any programmer can use without knowing much about cryptography.
I want to be able to write code that's as simple as this:
import socket import ssl
def open_ssl_socket(address): base = socket.socket() base.connect(address) sock = ssl.client(base) return sock
def run_server(port, handler, pki_files): keys = ssl.load_keys(pki_files) s = socket.socket() s.bind(('', port)) s.listen(5) while True: base, address = s.accept() sock = ssl.server(base, keys) handler(sock) sock.close()
"pki_filenames" in the example is a list of key files, certificate files, certificiate signing requests, and perhaps other PKI files. I want the ssl module to figure out for itself what each file means, so that I as a mere human can forget about those details. :-) However, if there's any ambiguity in the set of files provided, the SSL module should throw an exception rather than try to guess the intent.
If you're ambitious, you could also figure out how to make this work with non-blocking sockets. I believe Twisted has made progress there.
4. In the socket module documentation: ssl( sock[, keyfile, certfile]) Initiate a SSL connection over the socket sock. keyfile is the name of a PEM formatted file that contains your private key. certfile is a PEM formatted certificate chain file. On success, a new SSLObject is returned. Warning: This does not do any certificate verification! I would make it a top priority to enable certificate verification in ssl sockets. I don't see the point in doing SSL without certificate verification. It's just false security. Maybe adding a callback asking the application what to do if certificate validation fails, so that application writers can show a GUI dialogue or something like that... Best regards. -- Gustavo J. A. M. Carneiro <gjc@inescporto.pt> <gustavo@users.sourceforge.net> The universe is always one step beyond logic
Gustavo J. A. M. Carneiro wrote: [...]
4. In the socket module documentation:
ssl( sock[, keyfile, certfile]) Initiate a SSL connection over the socket sock. keyfile is the name of a PEM formatted file that contains your private key. certfile is a PEM formatted certificate chain file. On success, a new SSLObject is returned.
Warning: This does not do any certificate verification!
I would make it a top priority to enable certificate verification in ssl sockets. I don't see the point in doing SSL without certificate verification. It's just false security. Maybe adding a callback asking the application what to do if certificate validation fails, so that application writers can show a GUI dialogue or something like that...
Best regards.
I believe that SSL sockets without certificate verification will still retain the advantages of encryption ind integrity checking, though you are right to say that *authentication* is lost without certificate checking: the certificate is essentially the CA's assertion that they have applied the process described in their Certification Practices Statement to identify the subject. Then you must consider which CA's will be acceptable certificate issuers, and build trust for their certificates into the system in some modifiable way - we need to be able to add CA's - by the incorporation of the CAs' self-signed certificates, as in the browsers. So almost certainly if the platform has a certificate repository it might be good to offer an interface to that, as well as offering a private certificate repository. regards Steve -- Steve Holden +1 703 861 4237 +1 800 494 3119 Holden Web LLC http://www.holdenweb.com/ Python Web Programming http://pydish.holdenweb.com/
participants (5)
-
Aahz -
Florencio Cano Gabarda -
Gustavo J. A. M. Carneiro -
Shane Hathaway -
Steve Holden