[Python-Dev] More on server-side SSL support
Bill Janssen
janssen at parc.com
Mon Aug 20 19:19:25 CEST 2007
> That's somewhat limiting - you should be able to do connection
> upgrades (e.g. SMTP STARTTLS, or HTTP Connection: Upgrade); with
> that design, such usages would not be possible, no?
Yes, you're right. Of course, STARTTLS is properly regarded as a
terrible hack :-).
The actual functionality exported from _ssl.c is still the "ssl"
wrapper, but with more arguments to control its behavior. So to do
STARTTLS, server-side, you'd do something like
mooring = socket.socket()
mooring.bind()
mooring.listen()
[... connection request comes in ...]
fd = mooring.accept() # normal socket
[... read request for TLS upgrade over socket ...]
sslobj = socket.ssl(fd, ..., server=True)
fd = socket.SSLSocket(..., ssl_protocol=PROTOCOL_TLSv1, _sock=fd, _sslobj=sslobj)
and continue on with normal use of the socket. Do you see an easier
way to do it?
Bill
More information about the Python-Dev
mailing list