[Python-3000] Merging the trunk SSL changes.
Bill Janssen
janssen at parc.com
Wed Aug 29 02:15:49 CEST 2007
> > If you can hold off one day before doing the trunk merge, I'm going to
> > post a fix to the Windows SSL breakage this evening (PDT).
>
>
> Too late, sorry, it's already checked in. You can revert the SSL bits if you
> want, and take care to merge the proper changes later.
No, that's OK. I'll just (eventually) generate a 3K patch against
what's in the repo. Probably not this week.
Here's my work plan (from yesterday's python-dev):
1) Generate a patch to the trunk to remove all use of socket.ssl in
library modules (and elsewhere except for
test/test_socket_ssl.py), and switch them to use the ssl module.
This would affect httplib, imaplib, poplib, smtplib, urllib,
and xmlrpclib.
This patch should also deprecate the use of socket.ssl, and
particularly the "server" and "issuer" methods on it, which can
return bad data.
2) Expand the test suite to exhaustively test edge cases, particularly
things like invalid protocol ids, bad cert files, bad key files,
etc.
3) Take the threaded server example in test/test_ssl.py, clean it up,
and add it to the Demos directory (maybe it should be a HOWTO?).
4) Generate a patch for the Py3K branch. This patch would remove the
"ssl" function from the socket module, and would also remove the
"server" and "issuer" methods on the SSL context. The ssl.sslsocket
class would be renamed to SSLSocket (PEP 8), and would inherit
from socket.socket and io.RawIOBase. The current improvements to
the Modules/_ssl.c file would be folded in. The patch would
also fix all uses of socket.ssl in the other library modules.
5) Generate a package for older Pythons (2.3-2.5). This would
install the ssl module, plus the improved version of _ssl.c.
Needs more design.
I've currently got a patch for (1). Sounds like I should switch the
order of (3) and (4).
Bill
More information about the Python-3000
mailing list