[Python-Dev] PEP 543-conform TLS library

Brett Cannon brett at python.org
Fri Nov 2 18:24:20 EDT 2018 

In case you never received a reply, you can try emailing Christian and Cory
directly for an answer.

On Fri, 26 Oct 2018 at 13:20, Mathias Laurin <mathias.laurin at gmail.com>
wrote:

> Hello Python Dev,
>
>
> I posted the following to python-ideas but here may be
> a more suitable place.  I apologize if cross posting
> bothers anyone.
>
>
> I have implemented an (I believe) PEP 543-conform TLS library
> and released TLS support in the latest version yesterday:
>
> https://github.com/Synss/python-mbedtls/tree/0.13.0
> https://pypi.org/project/python-mbedtls/0.13.0/
>
>
> As far as I know, I am the first one to follow PEP 543.  So one
> point is that the API works.  However, I have a couple of
> questions regarding the PEP:
>
> - I do not know what to do in `TLSWrappedBuffer.do_handshake()`.
>  The full TLS handshake requires writing to the server, reading
>  back, etc., (ClientHello, ServerHello, KeyExchange, etc.),
>  which cannot be accomplished in a single buffer.
>
>  For now, I am doing the handshake in
>  `TLSWrappedSocket.do_handshake()`: I set the BIO to using the
>  socket directly, then perform the handshake on the socket thus
>  entirely bypassing the TLSWrappedBuffer.  Once this is done, I
>  swap the BIO to using the buffer and go on encrypting and
>  decrypting from the buffer.  That is, the encrypted
>  communication is buffered.
>
> - The PEP sometimes mentions an "input buffer" and an "output
>  buffer", and some other times just "the buffer".  I believe
>  that both implementations are possible.  That is, with two
>  different buffers for input and output, or a single one.
>
>  I have implemented it with a single circular buffer (that is a
>  stream after all).  What the PEP is expecting is nonetheless
>  not clear to me.
>
>
> So, can anybody clarify these two points from the PEP?
>
>
> Or should I just address Cory Benfield (who does not seem very
> active anymore lately) and Christian Heimes directly?
>
>
> Cheers,
> Mathias
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/options/python-dev/brett%40python.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20181102/315b7850/attachment.html>

More information about the Python-Dev mailing list