[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Steve Dower steve.dower at python.org
Fri Jun 9 13:07:21 EDT 2017


On 09Jun2017 0343, Nick Coghlan wrote:
> So honestly, I'd be +1 for either approach:
> 
> - stdlib backport to make dual-stack maintenance easier for the
> current volunteers, and we'll see how things work out on the
> ease-of-adoption front
> - PyPI backport to make 2.7 adoption easier, and we'll continue
> pestering redistributors to actually fund maintenance of Python 2.7's
> SSL stack properly (and encourage customers of those redistributors to
> do the same)

My draft reply to Donald sat overnight, so I abandoned it in favour of 
agreeing with Nick.

I'm in principle in favour of anything that makes 2.7 less of a burden 
to maintain (up to and including EOL :) ), so if backporting parts of 
ssl/_ssl makes that easier then I'm +0.

However, I do prefer the PyPI backport with some tool bundled in order 
to obtain it. In fact, given the nature of OpenSSL, I'd be in favour of 
that approach for all versions of Python (at least on Windows it would 
likely work well - probably less so on other platforms where we couldn't 
include a prebuilt fallback easily, though those tend to include 
compilers...).

That hypothetical "_ensuressl" module in my mind really doesn't have to 
do much other than determine which file to download and then download 
and extract it, which can be done with OS level tools rather than 
needing our own stack. It may also be the necessary mechanism to make 
ssl pip-updateable, since we have the locking problem that prevents it 
being possible normally.

Cheers,
Steve


More information about the Python-Dev mailing list