[Python-Dev] Summer of Code: Developing complete SSL support for Python

Sun Jun 5 14:05:25 CEST 2005

On Sat, 2005-06-04 at 12:26 -0600, Shane Hathaway wrote:
> Florencio Cano Gabarda wrote:
> > I would like to do the new SSL module as good as possible. A piece of
> > art and efficiency if possible and obviusly having in mind all
> > programming standards.
> 
> Guido and much of the community would certainly be appreciative of a new
> SSL module, especially if you can overcome the problems that plague
> M2Crypto.
> 
> http://www.artima.com/weblogs/viewpost.jsp?thread=95863
> 
> I would say that the criteria for success would be:
> 
> 1) A module, expected to be included in the standard library, that makes
> it easy to create both client and server SSL sockets.
> 
> 2) No leaks or segfaults.
> 
> 3) An API that any programmer can use without knowing much about
> cryptography.
> 
> I want to be able to write code that's as simple as this:
> 
>     import socket
>     import ssl
> 
>     def open_ssl_socket(address):
>         base = socket.socket()
>         base.connect(address)
>         sock = ssl.client(base)
>         return sock
> 
>     def run_server(port, handler, pki_files):
>         keys = ssl.load_keys(pki_files)
>         s = socket.socket()
>         s.bind(('', port))
>         s.listen(5)
>         while True:
>             base, address = s.accept()
>             sock = ssl.server(base, keys)
>             handler(sock)
>             sock.close()
> 
> "pki_filenames" in the example is a list of key files, certificate
> files, certificiate signing requests, and perhaps other PKI files.  I
> want the ssl module to figure out for itself what each file means, so
> that I as a mere human can forget about those details. :-)  However, if
> there's any ambiguity in the set of files provided, the SSL module
> should throw an exception rather than try to guess the intent.
> 
> If you're ambitious, you could also figure out how to make this work
> with non-blocking sockets.  I believe Twisted has made progress there.

  4. In the socket module documentation:

ssl(
sock[, keyfile, certfile])
        Initiate a SSL connection over the socket sock. keyfile is the
        name of a PEM formatted file that contains your private key.
        certfile is a PEM formatted certificate chain file. On success,
        a new SSLObject is returned.

Warning: This does not do any certificate verification!

   I would make it a top priority to enable certificate verification in
ssl sockets.  I don't see the point in doing SSL without certificate
verification.  It's just false security.  Maybe adding a callback asking
the application what to do if certificate validation fails, so that
application writers can show a GUI dialogue or something like that...

  Best regards.

-- 
Gustavo J. A. M. Carneiro
<gjc at inescporto.pt> <gustavo at users.sourceforge.net>
The universe is always one step beyond logic