[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Cory Benfield cory at lukasa.co.uk
Fri Jun 9 15:48:53 EDT 2017


> On 9 Jun 2017, at 20:41, Steve Dower <steve.dower at python.org> wrote:
> 
> These are totally fine for implementing a requests-like API that relies on system configuration for HTTPS connections. They are not sufficient for building a server, but they should be sufficient for downloading the packages you need to build a server.
> 
> This is starting to feel to me like we're stuck on "building the thing right" and have skipped over "building the right thing". But maybe it's just me...

For the purposes of this PEP I think we should exclude this. The only way this works on a decent number of platforms (hi there BSDs and Linuxes) is if the option on those platforms is libcurl. Linux does not ship a high level HTTP client library: libcurl is basically the option. That would require pip binding libcurl, NSURLSession, and the Windows API. It’s not clear to me that the solution to “we don’t want to backport some SSL code” is “write a bunch of bindings to other third-party libraries”.

Cory 


More information about the Python-Dev mailing list