On Thu, Jan 26, 2017 at 1:50 AM, Cory Benfield <cory@lukasa.co.uk> wrote:
On 26 Jan 2017, at 07:49, Nick Coghlan <ncoghlan@gmail.com> wrote:
Option 4: tls.TLSError, tls.WantReadError, tls.WantWriteError are defined as inheriting from ssl.SSLError, ssl.SSLWantReadError, and ssl.SSLWantWriteError *if* the latter are defined
Option 5: as with Option 4, but the "ssl" module is also changed such that it *always* defines at least ssl.SSLError, ssl.SSLWantReadError, and ssl.SSLWantWriteError (and perhaps some of the other APIs that can be emulated atop the new tls abstraction), even if OpenSSL itself is unavailable
Here’s my problem with this:
try: socket.recv(8192) except tls.WantWriteError: socket.write(some_buffer)
This code does not work with the legacy ssl module, because isinstance(ssl.SSLWantWriteError, tls.WantWriteError) is false. This means that we need to write a shim over the legacy ssl module that wraps *all* API calls, catches all exceptions and then translates them into subclasses of the tls error classes. That seems entirely batty to me.
It seems like the simplest effective solution to these problems would be for ssl in 3.7 to do ssl.py: from tls import TLSError as SSLError, WantWriteError as SSLWantWriteError, WantReadError as SSLWantReadError and then legacy code that catches SSLWant{Write,Read}Error will be automatically ported forward to the new TLS world. And in the backported version of the tls module for older Pythons, we could have it do the reverse to accomplish a similar effect (at the cost of importing ssl -- but this seems unavoidable in old-Python): tls.py: from ssl import SSLError as TLSError, SSLWantWriteError as WantWriteError, SSLWantReadError as WantReadError There's really no case where it's important to distinguish these, right? -n -- Nathaniel J. Smith -- https://vorpus.org