[Python-Dev] Future of SSL

[Christopher Petrilli]

Guido van Rossum [guido@python.org] wrote:
> > I think that if OpenSSL is available, Python should build "out of the
> > box" with SSL support.  This is becomming more and more important with 
> > projects I'm working on, especially with SOAP and XML-RPC.  This
> > doesn't mean someone shouldn't be able to replace it, and we should
> > always define an API, but... I think we need to work out of the box.
> 
> Good point.  That's how the SSL support is configured now, and that's
> how it should continue to work.

Perhaps there is one of the existing modules (M2Crypto?) that can be
integrated, assuming licensing issues can be resolved. Also, I think
that perhaps high level abstractions should be introduced, though I'm
not sure what they are now... that's just hand waving.

The initial goal in my mind would be to have transparent (or nearly
so) SSL session management, but the X.509 manipulation and general
crypto interface could wait until later.  While they are both useful,
the SSL side is the really critical part.

> (Note that, alas, the DB-API never made it this far -- we still
> haven't been able to find the time to do the tedious work of moving
> the various database adapters in the core distribution. :-( )

Actually what this looks more like is not just SSL, but a "crypto"
collection for Python, dependent on the excellent work in OpenSSL.  I
can start outlining some stuff if that would be a good start, though
obviously if there's an existing library that could be integrated,
that would be excellent.

Chris
-- 
| Christopher Petrilli
| petrilli@amber.org