[Python-Dev] Backport ssl.MemoryBIO on Python 2.7?

Victor Stinner victor.stinner at gmail.com
Tue May 23 20:54:34 EDT 2017 

Well, things evolved recently. asyncio is getting more popular, TLS
became even more important, and pyOpenSSL is not more evolving (from
what I heard from his maintainer, Hynek). Does Twister still use
pyOpenSSL?

I like the idea of putting more security stuff into Python to ease
maintainance of applications and try to make it as security as
possible. Python has more resources (ex: CI) than some smaller
projects.

Victor

2017-05-23 19:49 GMT-05:00 Alex Gaynor <alex.gaynor at gmail.com>:
> I'm +1 on this, I even wrote the patch: https://bugs.python.org/issue22559
> :-) If you're interested in making sure that still applies and tests still
> pass, I'd be a big fan.
>
> In addition to all the benefits you mentioned, it also substantially reduces
> the diff between 2.7 and 3.x (or at least it did when I originally wrote
> it).
>
> Cheers,
> Alex
>
> On Tue, May 23, 2017 at 8:46 PM, Victor Stinner <victor.stinner at gmail.com>
> wrote:
>>
>> Hi,
>>
>> Would you be ok to backport ssl.MemoryBIO and ssl.SSLObject on Python
>> 2.7? I can do the backport.
>>
>>   https://docs.python.org/dev/library/ssl.html#ssl.MemoryBIO
>>
>> Cory Benfield told me that it's a blocking issue for him to implement
>> his PEP 543 -- A Unified TLS API for Python 2.7:
>>
>>   https://www.python.org/dev/peps/pep-0543/
>>
>> And I expect that if a new cool TLS API happens, people will want to
>> use it on Python 2.7-3.6, not only on Python 3.7. Security evolves
>> more quickly that the current Python release process, and people wants
>> to keep their application secure.
>>
>> From what I understood, he wants to first implement an abstract
>> MemoryBIO API (http://sans-io.readthedocs.io/ like API? I'm not sure
>> about that), and then implement a socket/FD based on top of that.
>> Maybe later, some implementations might have a fast-path using
>> socket/FD directly.
>>
>> He described me his PEP and I strongly support it (sorry, I missed it
>> when he posted it on python-dev), but we decided (Guido van Rossum,
>> Christian Heimes, Cory Benfield and me, see the tweet below) to not
>> put this in the stdlib right now, but spend more time on testing it on
>> Twisted, asyncio, requests, etc. So publishing an implementation on
>> PyPI was proposed instead. It seems like we agreed on a smooth plan
>> (or am I wrong, Cory?).
>>
>>   https://twitter.com/VictorStinner/status/865467388141027329
>>
>> I'm quite sure that Twisted will love MemoryBIO on Python 2.7 as well,
>> to implement TLS, especially on Windows using IOCP. Currently,
>> external libraries (C extensions) are required.
>>
>> I'm not sure if the PEP 466 should be amended for that? Is a new PEP
>> really needed? MemoryBIO/SSLObject are tiny. Nick (Coghlan): what do
>> you think?
>>
>>   https://www.python.org/dev/peps/pep-0466/
>>
>> Victor
>
>
>
>
> --
> "I disapprove of what you say, but I will defend to the death your right to
> say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
> "The people's good is the highest law." -- Cicero
> GPG Key fingerprint: D1B3 ADC0 E023 8CA6
>

More information about the Python-Dev mailing list