[Cryptography-dev] pyOpenSSL

[Hynek Schlawack]

>> Are there things we can do to lower the maintenance burden for ourselves? At this point the X.509 layer in cryptography is complete, can we deprecate the one in pyOpenSSL? That'd let us kill a good deal of code, and really get pyOpenSSL down to just an SSL layer, which is all we care about anyways.
> 
> Right now there aren’t any functions that let you convert to cryptography X509 objects from PyOpenSSL ones or vice versa: only for keys. If we got those for the various X509 objects then I think that’d be a reasonable thing to do.

FWIW, that was kind of my goal since Montreal2 but we never got around to it.  Being able to deprecate x509 in pyOpenSSL obsolete it for plenty people.

It’s still a non-trivial SMOP someone has to actually do. :|

***

Regarding my sentiment that was echo’ed through this thread: pyOpenSSL needs a project lead that actually cares about it.  The people currently involved (including myself) do it mostly out of obligation and for the greater good.  Which is an unfortunate proposition for free labor.

It would be nice if someone heavily invested in Twisted (since this is the only major remaining user – or is there more?) would pick it up I guess?  They’d at least have an intrinsic interest in improving matters.  Our interest is to change as little so people don’t yell at us because we broke something.