[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Antoine Pitrou solipsis at pitrou.net
Thu Jun 1 07:20:52 EDT 2017


On Thu, 1 Jun 2017 12:01:41 +0100
Cory Benfield <cory at lukasa.co.uk> wrote:
> In principle, sure. In practice, that means most of our users don’t use those features and so we don’t get any feedback on whether they’re good solutions to the problem.

On bugs.python.org we get plenty of feedback from people using Python
3's features, and we have been for years.

Your concern would have been very valid in the Python 3.2 timeframe,
but I don't think it is anymore.

> All of this is related. I wrote a very, very long email initially and deleted it all because it was just too long to expect any normal human being to read it, but the TL;DR here is that we also want to support async/await, and doing so requires a memory BIO object.

async/await doesn't require a memory BIO object.  For example, Tornado
supports async/await (*) even though it doesn't use a memory BIO object
for its SSL layer.  And asyncio started with a non-memory BIO SSL
implementation while still using "yield from".

(*) Despite the fact that Tornado's own coroutines are yield-based
generators.

> As to Tornado, the biggest concern there is that there is no support for composing the TLS over non-TCP sockets as far as I am aware. The wrapped socket approach is not suitable for some kinds of stream-based I/O that users really should be able to use with Requests (e.g. UNIX pipes).

Hmm, why would you use TLS on UNIX pipes except as an academic
experiment?  Tornado is far from a full-fledged networking package like
Twisted, but its HTTP(S) support should be very sufficient
(understandably, since it is the core use case for it).

Regards

Antoine.


More information about the Python-Dev mailing list