Python does not play well with others

[John Nagle]

Harry George wrote:
> John Nagle <nagle at animats.com> writes:

> You experience isn't shared by everyone.  Some of us find Python the
> most functional and portable of the candidates you mention.

    The language is fine.  It's the bindings to other packages that
are the problem.  There are three different packages for talking
to OpenSSL, and they're all broken in some important way.

    What's actually needed on the SSL side, I think, is to
add bindings to the built-in SSL to export the functionality
the M2Crypto C binding module has.  Preferably with better
attention to reference count problems, and without using SWIG.
Then move over the Python portions of M2Crypto.

    Some problems, all of which are known and logged bugs:

    - The built in SSL package doesn't actually validate anything,
	and will happily accept bogus SSL certificates.
    - The built in SSL package doesn't allow access to most of the
	fields of an SSL certificate, and the ones you can get
	are returned in a debug format that's not parseable.
    - M2Crypto has OpenSSL and SWIG version dependencies beyond
	what is documented.  The latest version of SWIG has
	a problem which breaks builds with older versions of
	OpenSSL.
    - M2Crypto may still have a memory leak associated with contexts.
	(Check out "close" in "Context".)
    - M2Crypto doesn't understand SSL certificates which support
	a list of sites.
    - M2Crypto and the socket library don't play nice about timeouts.

Most of these problems have been known for years.  The last person to
try to fix this was treated so badly he stopped contributing.  Read
the bug history for "[1114345] Add SSL certificate validation".
It's sad.

				John Nagle