[PYTHON-CRYPTO] M2Crypto 0.16 mini-roadmap proposal

Guido van Rossum guido at PYTHON.ORG
Tue Feb 14 20:24:19 CET 2006 

On 2/14/06, Heikki Toivonen <heikki at osafoundation.org> wrote:
> Guido van Rossum wrote:
> > How about conditionally compiling the parts that don't work with older
> > OpenSSL versions?
>
> That's certainly possible, but I was hoping I could avoid that.
> Currently all of M2Crypto functionality is available regardless of
> OpenSSL version. If we go this route, we will have to document things
> that only work with OpenSSL 0.9.8 and newer.

I think that's reasonable. Python does the same thing with its os
module and other os-specific code. Users who are currently using
OpenSSL 0.9.7 may want to upgrade to a newer M3Crypto just to get
bugfixes; but they don't need the new 0.9.8 functionality and forcing
them to upgrade is a pain (and will reduce acceptance of the new
M2Crypto). Also it will make it harder to distribute code that depends
on M2Crypto -- the users installing it won't want to upgrade OpenSSL
(which can be a lot of work, and could break dependencies of other
apps that requires 0.9.7).

> Also, I am not sure which is the best way to implement things on Python
> side that depends on stuff that is only compiled with OpenSSL 0.9.8.
> Implement the method, and rely on Python automatically raising an
> exception if the OpenSSL function doesn't exist?

As long that's safe (won't dump core), I'm fine with that. The C
extension presumably could have a stub that raises an exception with
an explanatory error message, e.g. "You need OpenSSL 0.9.8 or newer to
use function XYZZY". (Being specific about the function/method that's
missing is helpful.)

> Protect OpenSSL 0.9.8
> only constructs with if statements in Python code so that they won't
> even be visible if an older version of OpenSSL was used?

That's another reasonable alternative; then an app can query the
presence of certain attributes to determine whether it can provide
optional functionality that only works with OpenSSL 0.9.8. (I would
also add a way to query the full version of the underlying OpenSSL
library, if it's not already there.)

>  Something else?
> i.e.:
>
> foo():
>   m2.some_openssl_098_function()

Fine.

> or
>
> if m2.opensslversion >= 098:

Apart from the problem with octal numbers containing 8 and 9 :-), I'd
rather code this as

  if hasattr(m2, "some_openssl_098_function"):

>   foo():
>     m2.some_openssl_098_function()
>
> or
>
> ???

I guess I suggested the something else: check hasattr instead of
version number. :-)

--
--Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the python-crypto mailing list