[Python-Dev] Synchronous and Asynchronous servers in the standard library

James Y Knight foom at fuhm.net
Wed Nov 10 20:18:38 CET 2004 

On Nov 10, 2004, at 1:38 PM, Josiah Carlson wrote:
> False.  ESMTP has /optional/ support for STARTTLS, as defined in RFC
> 3207.  Neither SMTP nor ESMTP compliant mail servers need to implement
> STARTTLS, regardless of their compliance to SMTP or ESMTP.

That is irrelevant. My point was, there is no need to make a subclass 
for STARTTLS. There is no architectural reason that it couldn't be in 
the same place as the other supported ESMTP commands. However, the 
original comment, and my response, and your response are all besides 
the main point, which is about SSL vs non-SSL sockets, not about 
whether you should have a separate class for SMTP and SMTP+some 
optional extensions.

>> But, the real point is that you can use the same class for SMTP and
>> SMTP-over-ssl, which is fortunate, because you need to switch to the
>> over-ssl implementation half way through the connection.
>
> You statement is a no-op.  One could implement the greater part of most
> any application in a single class, the question is about how much can 
> be
> shared.
>
> At the minimal level, self.send() and self.recv() need to have 
> different
> implementations for the different with/without SSL variants (assuming
> one would merely wrap the bare socket).  No surprise there.

The point is that the above assumption is a poor one. The protocol 
should not be wrapping the bare socket. With an architecture like 
Twisted, your protocol class doesn't have implementations of send and 
recv. Those belong to the transport, which you call. So, you do not 
have to derive from a different base class for SMTP-over-SSL and 
SMTP-over-TCP, and then do yucky things like switching your class 
halfway through the connection.

> At a higher
> level, because SSL-ifying a socket is a blocking operation (requires at
> least one round-trip if I remember correctly), discussion about async
> SMTP+TLS is pretty moot at this point (unless one uses/abuses tlslite).

That is completely incorrect. OpenSSL works perfectly well in async 
mode. Twisted implements async SSL __right now__.

Again, I do not think this is the appropriate place to be giving SSL 
lessons, but, yes, at least one roundtrip is required to setup an SSL 
session. But, this does __not__ mean your code has to block waiting for 
the roundtrip to complete. OpenSSL returns with an error code if it 
needs more read/write data to complete an operation. You get to take 
that information and feed it to select to wait for the condition to be 
fulfilled, and call OpenSSL again. This works.

James

More information about the Python-Dev mailing list