[Patches] [ python-Patches-452110 ] socketmodule ssl: server & thread
noreply@sourceforge.net
noreply@sourceforge.net
Mon, 22 Oct 2001 06:51:53 -0700
Patches item #452110, was opened at 2001-08-17 08:10
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=452110&group_id=5470
Category: Library (Lib)
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Jozef Hatala (jhatala)
Assigned to: Jeremy Hylton (jhylton)
Summary: socketmodule ssl: server & thread
Initial Comment:
Simple enhancement to the SSL support in module socket
:
- support for writing SSL servers (as well as clients)
- Py_*_ALLOW_THREADS arround blocking calls to openssl
- rsa temp key to work with older export netscape
- renamed attribute server to peer
This patch allows for powerfull application servers
like the following one to be accessed with "netscape
https://localhost:1443/"
from socket import *
p=socket(AF_INET,SOCK_STREAM)
p.bind(('localhost',1443))
p.listen(1)
while 1 :
s,a = p.accept()
c = sslserver(s,'server.key','server.crt')
print "They said:", c.read()
c.write('HTTP/1.0 200 OK\r\n')
c.write('Content-Type: text/plain\r\n\r\n** Hi!
**')
c.close()
TODO: a kind of makefile() on the ssl object like on a
socket would be welcome.
Have fun,
jh
----------------------------------------------------------------------
Comment By: Gerhard Häring (ghaering)
Date: 2001-10-22 06:51
Message:
Logged In: YES
user_id=163326
I don't think it is a good idea to add this. Python's
builtin client-side SSL support is already pretty weak. This
patch would add a minimal SSL server implementation, but it
shares some of the same weaknesses, like missing the ability
to set the SSL method (version 2, version 3, version 2 or
3). I'd recommend not adding any more SSL features at this
point, but for Python 2.2 only keeping the existing
client-side functionality and fixing any remaining bugs there.
I'm working on something that would hopefully be better in
the longrun: an SSL API that the various Python SSL modules
(m2crypto, POW, pyOpenSSL) can implement and Python will
then use one of these third-party modules for https,
smtp/tls etc. Sort of a plugin ability for an SSL module.
If you add stuff to the broken SSL API now, you'll either
have to carry it around for a long time or, if my proposal
get implemented and accepted, the workarounds will be clunkier.
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2001-10-18 19:10
Message:
Logged In: YES
user_id=6380
Time to look at this again?
----------------------------------------------------------------------
Comment By: Jozef Hatala (jhatala)
Date: 2001-10-17 07:43
Message:
Logged In: YES
user_id=300564
This patch now against Python 2.2a3 contains:
SSL server support (SSL_accept) [as before]
additionally:
allow threads around getaddrinfo &Co.
more verbose exc messages (for failures in ssl() and sslserver())
methods recv and send on ssl object as equivalents of read and write.
methods makefile on ssl object (a look-alike and does no dup!)
a client/server test (depends on os.fork())
----------------------------------------------------------------------
Comment By: Jeremy Hylton (jhylton)
Date: 2001-10-16 09:05
Message:
Logged In: YES
user_id=31392
If you can provide test cases, I'll provide documentation.
But hurry, if we don't get this done this week, we may miss
Python 2.2.
----------------------------------------------------------------------
Comment By: Jozef Hatala (jhatala)
Date: 2001-10-16 03:21
Message:
Logged In: YES
user_id=300564
I'll submit a simple test with certificates and an enhanced
patch for 2.2a2 (does not patch cleanly any more) soon (this
week) [time and inet access issues].
I haven't written any doc. There was none for ssl. I know
that is no excuse...
Does some-one volonotere?
----------------------------------------------------------------------
Comment By: Jeremy Hylton (jhylton)
Date: 2001-10-11 09:13
Message:
Logged In: YES
user_id=31392
Jozef-- are you going to contribute tests and documentation?
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2001-08-18 23:17
Message:
Logged In: YES
user_id=6380
Nice, but where's the documentation? (Thanks for the
docstrings though!) And the test suite?
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=452110&group_id=5470