[Patches] [ python-Patches-401647 ] adds SSL server socket support to socketmodule.c
noreply@sourceforge.net
noreply@sourceforge.net
Thu, 17 May 2001 08:19:35 -0700
Patches item #401647, was updated on 2000-09-25 09:34
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=401647&group_id=5470
Category: Modules
Group: None
Status: Closed
Resolution: Rejected
Priority: 5
Submitted By: Andrew Csillag (drew_csillag)
Assigned to: Guido van Rossum (gvanrossum)
Summary: adds SSL server socket support to socketmodule.c
Initial Comment:
----------------------------------------------------------------------
>Comment By: Guido van Rossum (gvanrossum)
Date: 2001-05-17 08:19
Message:
Logged In: YES
user_id=6380
No, no, no! We won't be adding new functionality.
----------------------------------------------------------------------
Comment By: A.M. Kuchling (akuchling)
Date: 2001-05-17 08:02
Message:
Logged In: YES
user_id=11375
No, which is why this patch is marked as "Rejected". Use
M2Crypto if you want to write SSL servers.
----------------------------------------------------------------------
Comment By: Ilya Etingof (elie)
Date: 2001-05-17 07:59
Message:
Logged In: YES
user_id=106050
That is great!
Are you planning to commit the ssl-server-socket patch into
the socket module to make the latter
suitable for building SSL servers?
Thanks,
ilya
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2001-05-17 07:51
Message:
Logged In: YES
user_id=6380
The existing socket.ssl() support will remain in existence,
or a backwards compatibility solution will be provided.
----------------------------------------------------------------------
Comment By: Ilya Etingof (elie)
Date: 2001-05-17 07:36
Message:
Logged In: YES
user_id=106050
So, what is the fate of the socket.ssl stuff? Is it safe to
rely on SSL support of socket module or it will be dropped?
Thanks,
ilya
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2001-02-09 06:56
Message:
Rejected. Drew agrees after re-educating himself about M2Crypto.
----------------------------------------------------------------------
Comment By: A.M. Kuchling (akuchling)
Date: 2001-02-08 08:33
Message:
Drew provided instructions for creating a test key and certificate, but I couldn't make them work. Given that:
* this SSL support is undocumented
* it seems difficult to make it work
* OpenSSL is a big API, and only very basic support is in socketmodule.c
* M2Crypto already exists, and offers more complete support.
I'd suggest dropping SSL support from 2.1.
Reassigning to GvR; I can't test this code if I can't even make a client connection work!
----------------------------------------------------------------------
Comment By: A.M. Kuchling (akuchling)
Date: 2001-01-24 19:04
Message:
newServerSSLObject() is a near-duplicate of newSSLobject(). Rather than just cut-and-paste the code into a new function, newSSLobject() should take a fourth argument, and perform either the client or server initialization.
I've already modified the patch to do this. Before uploading the modified version, I'd like to test it, but can't figure out what it wants for the key and cert arguments. Drew, do you have a test program you used to test the code? Can you please e-mail it to me, or add it as a comment to this
patch?
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2001-01-24 12:05
Message:
OK, Andrew, it's all yours.
(But I disagree with your last point: client-only SSL support is still a lot better than no SSL support! :-)
----------------------------------------------------------------------
Comment By: A.M. Kuchling (akuchling)
Date: 2001-01-24 11:24
Message:
Guido, want me to re-open this patch and take it over? IMHO, if the SSL support is left in, then this patch should be added; no point in having only half-working support.
----------------------------------------------------------------------
Comment By: Andrew Csillag (drew_csillag)
Date: 2001-01-24 11:06
Message:
Sorry for the no-reply... Anyhoo, the ssl stuff currently in the socket module only allows ssl on client connections (i.e. where you connect to somebody else) as opposed to server connections (i.e. where somebody connects to you).
For example, you have a cheesy SSL socket client:
from socket import *
s = socket(AF_INET, SOCK_STREAM)
s.connect(('',9999))
ss = ssl(s,None,None)
ss.write("foo!\n")
The patch is required in order to be able to write the corresponding server, as such:
from socket import *
s = socket(AF_INET, SOCK_STREAM)
s.bind(('',9999))
s.listen(5)
f,a = s.accept()
ss = sslserv(f, "keyfilename", "certfilename")
print ss.read(5)
If you try to just use the ssl function on both sides and it
doesn't work.
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2000-11-13 11:41
Message:
Still no reply. I'll reject the patch now, for lack of sufficient motivation.
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2000-10-25 13:54
Message:
Drew, could you provide an example of how this is used? If I can't test it I can't add it. It doesn't have to be a test module (although a test module for all the SSL support is sorely needed) but I would like to see a little motivation for why this is useful. Also note that the SSL support in the socket module is controversial; there are some who believe that a different approach is needed, e.g. based on M2crypto.
----------------------------------------------------------------------
Comment By: Naris Siamwalla (naris)
Date: 2000-09-27 03:51
Message:
too late ? this patch solves world hunger and brings world peace!
such a valuable patch, but i guess deadlines are deadlines :-(
----------------------------------------------------------------------
Comment By: Jeremy Hylton (jhylton)
Date: 2000-09-25 09:41
Message:
too late for 2.0
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=401647&group_id=5470