[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Cory Benfield cory at lukasa.co.uk
Mon Jun 5 07:36:08 EDT 2017

> On 5 Jun 2017, at 12:00, Nick Coghlan <ncoghlan at gmail.com> wrote:
> Would you be OK with the notion of a "just for pip bootstrapping"
> private backend in _ensurepip_ssl?
> That is, the only officially supported async-backed requests
> configuration on Py2 would be with the PyOpenSSL dependency installed,
> but in collaboration with the pip devs we'd also plumb in the pieces
> to let a new async-backed requests work without any extension modules
> other than those in the standard library.
> That way, the only thing truly gated on the backport would be *pip*
> updating its bundled version of requests to the async-backed version -
> for normal third party use, the change would be "you need PyOpenSSL",
> rather than "you need a newer version of Python".
> We'd still effectively end up with two different code execution paths
> (one backed by PyOpenSSL, one backed by the new private _ensurepip_ssl
> extension module), but the level of divergence would be much lower
> (it's just a question of where MemoryBIO and SSLObject are coming
> from) and the support scope for the less frequently used path would be
> much narrower (i.e. if a problem report isn't related to pip
> bootstrapping, it can be closed as "won't fix”

It’s not clear to me what the structure of that looks like, or what work is required to achieve it.

Right now Twisted never uses MemoryBIO and SSLObject: it always uses PyOpenSSL. That seems like we’d need to add MemoryBIO and SSLObject support to Twisted which can be enabled in some way other than feature detection (that is, so it can be installed). Without PEP 543 this is pretty gross. With PEP 543 it sucks less, but it also gates this work behind PEP 543 being successfully implemented and landed.

I guess we are *open* to that approach? It’s not clear to me how beneficial that is, and it doesn’t gain any of the ecosystem benefits (no-one else on Py 2 can ever use this chunk of tested, understood code), but it’s certainly an option. The indirection gives me pause though.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170605/5834cbc6/attachment.html>

More information about the Python-Dev mailing list