[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Ben Darnell ben at bendarnell.com
Thu Jun 1 09:47:21 EDT 2017


Trying to transfer github comments from
https://github.com/python/peps/pull/272#pullrequestreview-41388700:

I said:
> Tornado has been doing TLS in an event-loop model in python 2.5+ with
just wrap_socket, no MemoryBIO necessary. What am I missing? MemoryBIO
certainly gives some extra flexibility, but nothing I can see that's
strictly required for an HTTP client. (Maybe it comes up in some proxy
scenarios that Tornado hasn't implemented?)

There were three main responses:
- MemoryBIO is necessary to support TLS on windows with IOCP. Tornado's
approach requires the less-efficient select() interface. This is valid and
IMHO the biggest argument against using Tornado instead of Twisted in
requests. Even if requests is willing to accept the limitation of not being
able to use IOCP on Python 2, it may be tricky to arrange things so it can
support both Tornado's select-based event loop on Python 2 and the
IOCP-based interfaces in Python 3's asyncio (I'd volunteer to help with
this if the requests team is interested in pursuing it, though).

- wrap_socket is difficult to use correctly with an event loop; Twisted was
happy to move away from it to the MemoryBIO model. My response: MemoryBIO
is certainly a *better* solution for this problem, but it's not a
*requirement*. Twisted prefers to do as little buffering as possible, which
contributes to the difficulty of using wrap_socket. The buffering in
Tornado's SSLIOStream simplifies this. Glyph reports that there are still
some difficult-to-reproduce bugs; that may be but I haven't heard any other
reports of this. I believe that whatever bugs might remain in this area are
resolvable.

- MemoryBIO supports a wider variety of transports, including pipes.
There's a question about unix domain sockets - Tornado supports these
generally but I haven't tried them with TLS. I would expect it to work.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170601/ce691a4e/attachment.html>


More information about the Python-Dev mailing list