Hello Python ideas, I have implemented an (I believe) PEP 543-conform TLS library and released TLS support in the latest version yesterday: https://github.com/Synss/python-mbedtls/tree/0.13.0 https://pypi.org/project/python-mbedtls/0.13.0/ As far as I know, I am the first one to follow PEP 543. So one point is that the API works. However, I have a couple of questions regarding the PEP: - I do not know what to do in `TLSWrappedBuffer.do_handshake()`. The full TLS handshake requires writing to the server, reading back, etc., (ClientHello, ServerHello, KeyExchange, etc.), which cannot be accomplished in a single buffer. For now, I am doing the handshake in `TLSWrappedSocket.do_handshake()`: I set the BIO to using the socket directly, then perform the handshake on the socket thus entirely bypassing the TLSWrappedBuffer. Once this is done, I swap the BIO to using the buffer and go on encrypting and decrypting from the buffer. That is, the encrypted communication is buffered. - The PEP sometimes mentions an "input buffer" and an "output buffer", and some other times just "the buffer". I believe that both implementations are possible. That is, with two different buffers for input and output, or a single one. I have implemented it with a single circular buffer (that is a stream after all). What the PEP is expecting is nonetheless not clear to me. So, can anybody clarify these two points from the PEP? Or should I just address Cory Benfield (who does not seem very active anymore lately) and Christian Heimes directly? Cheers, Mathias
On Fri, 26 Oct 2018 17:41:26 +0200 Mathias Laurin <mathias.laurin@gmail.com> wrote:
So, can anybody clarify these two points from the PEP?
Or should I just address Cory Benfield (who does not seem very active anymore lately) and Christian Heimes directly?
Either that, or post on python-dev where you'll be more likely to be read by the relevant people :-) Regards Antoine.
participants (2)
-
Antoine Pitrou
-
Mathias Laurin