[Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
Victor Stinner
victor.stinner at gmail.com
Tue May 23 20:46:38 EDT 2017
Hi,
Would you be ok to backport ssl.MemoryBIO and ssl.SSLObject on Python
2.7? I can do the backport.
https://docs.python.org/dev/library/ssl.html#ssl.MemoryBIO
Cory Benfield told me that it's a blocking issue for him to implement
his PEP 543 -- A Unified TLS API for Python 2.7:
https://www.python.org/dev/peps/pep-0543/
And I expect that if a new cool TLS API happens, people will want to
use it on Python 2.7-3.6, not only on Python 3.7. Security evolves
more quickly that the current Python release process, and people wants
to keep their application secure.
>From what I understood, he wants to first implement an abstract
MemoryBIO API (http://sans-io.readthedocs.io/ like API? I'm not sure
about that), and then implement a socket/FD based on top of that.
Maybe later, some implementations might have a fast-path using
socket/FD directly.
He described me his PEP and I strongly support it (sorry, I missed it
when he posted it on python-dev), but we decided (Guido van Rossum,
Christian Heimes, Cory Benfield and me, see the tweet below) to not
put this in the stdlib right now, but spend more time on testing it on
Twisted, asyncio, requests, etc. So publishing an implementation on
PyPI was proposed instead. It seems like we agreed on a smooth plan
(or am I wrong, Cory?).
https://twitter.com/VictorStinner/status/865467388141027329
I'm quite sure that Twisted will love MemoryBIO on Python 2.7 as well,
to implement TLS, especially on Windows using IOCP. Currently,
external libraries (C extensions) are required.
I'm not sure if the PEP 466 should be amended for that? Is a new PEP
really needed? MemoryBIO/SSLObject are tiny. Nick (Coghlan): what do
you think?
https://www.python.org/dev/peps/pep-0466/
Victor
More information about the Python-Dev
mailing list