[Python-Dev] More on server-side SSL support

Bill Janssen janssen at parc.com
Mon Aug 20 19:19:25 CEST 2007


> That's somewhat limiting - you should be able to do connection
> upgrades (e.g. SMTP STARTTLS, or HTTP Connection: Upgrade); with
> that design, such usages would not be possible, no?

Yes, you're right.  Of course, STARTTLS is properly regarded as a
terrible hack :-).

The actual functionality exported from _ssl.c is still the "ssl"
wrapper, but with more arguments to control its behavior.  So to do
STARTTLS, server-side, you'd do something like

  mooring = socket.socket()
  mooring.bind()
  mooring.listen()
  [... connection request comes in ...]
  fd = mooring.accept()		# normal socket
  [... read request for TLS upgrade over socket ...]
  sslobj = socket.ssl(fd, ..., server=True)
  fd = socket.SSLSocket(..., ssl_protocol=PROTOCOL_TLSv1, _sock=fd, _sslobj=sslobj)

and continue on with normal use of the socket.  Do you see an easier
way to do it?

Bill


More information about the Python-Dev mailing list