[Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
Antoine Pitrou
solipsis at pitrou.net
Thu May 25 07:24:00 EDT 2017
On Tue, 23 May 2017 23:09:31 -0500
Victor Stinner <victor.stinner at gmail.com> wrote:
> Le 23 mai 2017 20:43, "David Wilson" <dw+python-dev at hmmz.org> a écrit :
> In which case, what is to prevent Requests from just depending on
>
> pyOpenSSL as usual?
>
>
> From what I heard, pyOpenSSL development is slowing down, so I'm not sure
> that it's really safe and future-proof (TLS 1.3 anyone?).
So what? Python 2.7 isn't future-proof either...
> I'm still writing 2.7 code every day and would love to see it live a
> little longer, but accepting every feature request seems the wrong way
> to go - and MemoryBIO is a hard sell as a security enhancement, it's new
> functionality.
Agreed with this.
> You are true that they are new features. I disagree on the "accepting every
> feature" part: we are talking about two classes and it's restricted to
> security.
The new TLS API wouldn't significantly improve security. It's just a
different API.
> I also understood that getting access to system CA allows admins to
> register their company CA and so avoid that users ignore the TLS warning
> (unknown CA).
System admins can add the company CA at the system level in the
system's CA cert store, they have no need for a Python API. Actually,
they certainly don't want to modify every Python application to add a
company CA.
Regards
Antoine.
More information about the Python-Dev
mailing list