[Cryptography-dev] Let the flood gates open!

Mon Sep 9 23:20:41 CEST 2013

What about combining the two approaches.

We currently have:
bindings/openssl
api.py

Where api.py includes both the CFFI code and the API methods themselves.

The main api.py stays the same, but contains only high-level, generic API calls and imports the lower level API methods from the api package. We add two new packages:

Bindings/openssl/api
Bindings/openssl/cffi (need better name?)

The api package would allow us to break up the api definitions. Something like block.py, tls.py, hmac.py, etc.

The cffi package would contain the CFFI definitions. We don't have to decompose as much as opentls did, but it would be similar. We could also then pull over most of the work that was already done in opentls. These bindings would then be imported by the api package.

Just a straw man suggestion. I'm pretty new to openssl development and I'm mostly a ruby dev with a little experience in Python. Poke away. If its valuable, I could mock out something tonight / tomorrow and we can argue about it.

Jarret

From: Alex Gaynor <alex.gaynor at gmail.com<mailto:alex.gaynor at gmail.com>>
Reply-To: "cryptography-dev at python.org<mailto:cryptography-dev at python.org>" <cryptography-dev at python.org<mailto:cryptography-dev at python.org>>
Date: Monday, September 9, 2013 4:10 PM
To: "cryptography-dev at python.org<mailto:cryptography-dev at python.org>" <cryptography-dev at python.org<mailto:cryptography-dev at python.org>>
Subject: Re: [Cryptography-dev] Let the flood gates open!

+1 to a better structure for the OpenSSL bindings, I'm not sure OpenTLS has it totally right, but something more organized would be good.

Alex

On Mon, Sep 9, 2013 at 2:09 PM, Hynek Schlawack <hs at ox.cx<mailto:hs at ox.cx>> wrote:
Well, let's keep this conversation going then.  What are the current issues?

Sent from my phone.

Am 09.09.2013 um 15:17 schrieb Donald Stufft <donald at stufft.io<mailto:donald at stufft.io>>:

>
> On Sep 9, 2013, at 8:12 AM, Jean-Paul Calderone <jean-paul at hybridcluster.com<mailto:jean-paul at hybridcluster.com>> wrote:
>
>> I was a little discouraged by the structure of the
>> code which looks like it is much less amenable to improvement and
>> maintenance than the code from opentls.  opentls had its problems but it
>> was nice that it tried to split the necessary cffi declarations up a
>> bit.  I'd like to see something like this happen to the structure of the
>> openssl bindings in cryptography.
>
> I liked what I saw from opentls with how it structured the cffi bindings, I would be +1 on something similar.
>
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org<mailto:Cryptography-dev at python.org>
> https://mail.python.org/mailman/listinfo/cryptography-dev
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev at python.org<mailto:Cryptography-dev at python.org>
https://mail.python.org/mailman/listinfo/cryptography-dev

--
"I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20130909/e8944564/attachment-0001.html>