Jp Calderone [exarkun@intarweb.us] wrote:

I've taken Jeremy Rossi's TLS patch and updated it for current CVS, and also cleaned up the parts of it that broke regular TCP when SSL was unavailable.

What I have been completely unable to do is prevent this from introducing a branch/function call into the common path for doRead/doWrite, even when TLS is not in use.

In order of desirability (imho), this can be fixed by:

Rewrite tcp.py, more or less completely, *without* juggling methods as it currently does.

Take the _TLS_* and _NOTLS_* functions and just inline them.

Create a new transport, TLS, along with all the associated methods/functions (connect/listen/etc) so as to keep TLS code out of tcp.py entirely.

The branch/function call can be avoided by replacing the doRead/doWrite/etc methods in startTLS. While this is still not very perty ;) Example: <CUT LOTS OF CODE> def startTLS(self, ctx): if not SSL: raise RuntimeException, "No SSL support available" assert not self.TLS self._startTLS() self.socket = SSL.Connection(ctx.getContext(), self.socket) def _startTLS(self): self.TLS = 1 self.fileno = self.socket.fileno self.doRead = self._TLS_doRead self.doWrite = self._TLS_doWrite self._closeSocket = self._TLS_closeSocket def doRead(self): try: data = self.socket.recv(self.bufferSize) except socket.error, se: if se.args[0] == EWOULDBLOCK: return else: return main.CONNECTION_LOST if not data: return main.CONNECTION_LOST return self.protocol.dataReceived(data) def _TLS_doRead(self): if self.writeBlockedOnRead: self.writeBlockedOnRead = 0 return self.doWrite() try: return self._NOTLS_doRead() except SSL.ZeroReturnError: # close SSL layer, since other side has done so, if we haven't if not self.sslShutdown: try: self.socket.shutdown() self.sslShutdown = 1 except SSL.Error: pass return main.CONNECTION_DONE except SSL.WantReadError: return except SSL.WantWriteError: self.readBlockedOnWrite = 1 self.startWriting() return except SSL.Error: return main.CONNECTION_LOST <CUT LOTS MORE CODE> Jeremy