[Python-Dev] ssl improvements and testing question
christian at python.org
Fri Jun 7 00:37:01 CEST 2013
I'm working on a couple of improvements for the ssl module:
#17134 is going to provide a way to use Window's crypt32.dll to load CA
certs from Window's CA cert storage. I have a working proof of concept
 that uses ctypes to interface crypt32.dll. I'll reimplement the code
#18138 implements the bits and pieces for #17134 in order to add DER and
PEM certs from memory (ASCII unicode or Py_Buffer). Until now the ssl
module can only load files from the file system.
#18143 and #18147 are diagnostic and debugging helpers that I would like
to add. The SSLContext() object is black box. You stuff in some PEM
files and don't know which CA certs have been loaded. The enhancements
implement a function to retrieve a list of CA certs (same format as
getpeercert()) and list of default CA locations for the platform.
I'm also thinking about OCSP support and X509v3 extension support for
_decode_certificate(). Both are a PITB ... Python has an easier and
better documented C API.
What's the minimum version of OpenSSL Python 3.4 is going to support? Do
we have an easy way to compile and link Python against a custom
installation of OpenSSL or do I have to fiddle around with CPPFLAGS and
More information about the Python-Dev