![](https://secure.gravatar.com/avatar/fce8285a62cae101b839f07d32ba7e8a.jpg?s=120&d=mm&r=g)
On 2017-01-11 20:01, Cory Benfield wrote:
Socket ~~~~~~
The socket-wrapper ABC will be defined by the ``TLSWrappedSocket`` ABC, which has the following definition::
class TLSWrappedSocket(metaclass=ABCMeta): # The various socket methods all must be implemented. Their definitions # have been elided from this class defintion in the PEP because they # aren't instructive.
I sent my first mail too early and forgot three things. Python's ssl module has additional weird modes. It's possible to create an unconnected SSLSocket and later connect it. Pseudo code: s1 = socket.socket() s2 = context.wrap_socket(s1) s2.connect((host, port)) AFAIK PyOpenSSL doesn't support this mode. How do we deal with unconnected sockets, UDP/DTLS and other transports? Are sockets limited to AF_INET / AF_INET6 and SOCK_STREAM? In the not-so-distant future SRV-ID validation will become relevant. In order to support dNSName, IPAddress, and SRV-ID validation, the TLS socket needs the hostname (if available), IP address, port and service type (e.g. http, ldap, xmpp-server, ...). For hostname validation we should also define how we are going to deal with encodings. Is the hostname always a IDN U-label, A-label or can it be both? Christian