[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Victor Stinner victor.stinner at gmail.com
Thu Jun 8 07:30:52 EDT 2017


Maybe the intent of my PEP is unclear: the goal is not to allow
Requests to require MemoryBIO, but to get a wide adoption of a future
implementation of the new TLS API (PEP). IMHO having an implementation
working on the latest Python 2.7 version should make it possible to
use it on some kinds of applications.

I should take time to read the last messages in this thread and try to
summarize them in the PEP ;-)

Victor

2017-06-08 13:06 GMT+02:00 Donald Stufft <donald at stufft.io>:
>
> On Jun 8, 2017, at 6:36 AM, Victor Stinner <victor.stinner at gmail.com> wrote:
>
> 2017-06-08 10:30 GMT+02:00 Cory Benfield <cory at lukasa.co.uk>:
>
> This is what I was worried about. Moving to require PyOpenSSL *also* locks
> us out of Jython support, at least for the time being. That’s another point
> in the “con” column for making PyOpenSSL a mandatory dependency.
>
>
> Even if we do backport MemoryBIO to the next Python 2.7.14, I don't
> think that you can require MemoryBIO. What about all existing
> operating systems which provide a Python 2.7 without MemoryBIO? You
> need to have a workaround anyway. For example, make the new
> asynchronous API optional and use the old blocking mode in the
> meanwhile.
>
>
> I mentioned it earlier, but using the current download numbers from PyPI,
> <2.7.9 is rapidly dropping and is likely going to be single digit %age
> within the next 6-8 months IIRC. If 2.7.14 follows a similar trajectory,
> requests can depend on it within like… 2 years? Maybe 3? Likely it will
> depend on whether 2.7.14 gets into the next Ubuntu LTS or not.
>
>> Donald Stufft
>
>
>


More information about the Python-Dev mailing list