[Python-Dev] Summer of Code: Developing complete SSL support for Python
Shane Hathaway
shane at hathawaymix.org
Sat Jun 4 20:26:47 CEST 2005
Florencio Cano Gabarda wrote:
> I would like to do the new SSL module as good as possible. A piece of
> art and efficiency if possible and obviusly having in mind all
> programming standards.
Guido and much of the community would certainly be appreciative of a new
SSL module, especially if you can overcome the problems that plague
M2Crypto.
http://www.artima.com/weblogs/viewpost.jsp?thread=95863
I would say that the criteria for success would be:
1) A module, expected to be included in the standard library, that makes
it easy to create both client and server SSL sockets.
2) No leaks or segfaults.
3) An API that any programmer can use without knowing much about
cryptography.
I want to be able to write code that's as simple as this:
import socket
import ssl
def open_ssl_socket(address):
base = socket.socket()
base.connect(address)
sock = ssl.client(base)
return sock
def run_server(port, handler, pki_files):
keys = ssl.load_keys(pki_files)
s = socket.socket()
s.bind(('', port))
s.listen(5)
while True:
base, address = s.accept()
sock = ssl.server(base, keys)
handler(sock)
sock.close()
"pki_filenames" in the example is a list of key files, certificate
files, certificiate signing requests, and perhaps other PKI files. I
want the ssl module to figure out for itself what each file means, so
that I as a mere human can forget about those details. :-) However, if
there's any ambiguity in the set of files provided, the SSL module
should throw an exception rather than try to guess the intent.
If you're ambitious, you could also figure out how to make this work
with non-blocking sockets. I believe Twisted has made progress there.
Shane
More information about the Python-Dev
mailing list