[Python-Dev] Future of SSL

[Gerhard Häring]

On Sat, Oct 27, 2001 at 09:43:58PM -0400, Christopher Petrilli wrote:
> Guido van Rossum [guido@python.org] wrote:
> > > I think that if OpenSSL is available, Python should build "out of the
> > > box" with SSL support.  This is becomming more and more important with 
> > > projects I'm working on, especially with SOAP and XML-RPC.  This
> > > doesn't mean someone shouldn't be able to replace it, and we should
> > > always define an API, but... I think we need to work out of the box.
> > 
> > Good point.  That's how the SSL support is configured now, and that's
> > how it should continue to work.

Ok. I understand completely "outsourcing" SSL is not an option. So we
either build a completely new SSL module or try to integrate an existing
one.

> Perhaps there is one of the existing modules (M2Crypto?) that can be
> integrated, assuming licensing issues can be resolved.

Yup. To save you time finding them all, I've summarized them and put up
a page about them (cf. my other post).

> [...] The initial goal in my mind would be to have transparent (or nearly
> so) SSL session management, [...]

I'm not sure I understand what you mean by transparent session
management. Perhaps that one important feature would be that SSL objects
be interface compatible with socket objects as much as possible?  So
ugly hacks like FakeSocket in httplib and SSLFakeSocket in smtplib are
no longer necessary.

And, btw. one complaint about socketmodule.c I've heard is that it
doesn't have a C API, it might be necessary to expose some of it with
the help of a header file.

Gerhard
-- 
mail:   gerhard <at> bigfoot <dot> de       registered Linux user #64239
web:    http://www.cs.fhm.edu/~ifw00065/    OpenPGP public key id 86AB43C0
public key fingerprint: DEC1 1D02 5743 1159 CD20  A4B6 7B22 6575 86AB 43C0
reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b')))