[Python-Dev] backport new server-side SSL to older Pythons?

[Guido van Rossum]

On 8/21/07, Bill Janssen <janssen at parc.com> wrote:
> I'd like to be able to backport this server-side SSL support to older
> Pythons, like the 2.3.4 in CentOS 4 and the 2.3.5 in OS X 10.4.

That would have to be a private fork or a 3rd party extension module;
python.org is committed to keeping existing releases stable
(feature-wise).

> So I'd like to move all the SSL stuff out of the "socket" module, and
> add a new top-level module called "ssl" (or "networking.ssl", or
> whatever the Py3K naming scheme says it should be).  The socket module
> will then re-export a function from that module as socket.ssl(), which
> will continue to do exactly what it does now.  More advanced users will
> call functions in the "ssl" module.
>
> Then I can bundle up the new versions of _ssl.c and ssl.py with a
> setup.py file, and provide that as an add-on for older Python
> installations.
>
> Does this make sense?

I think that it probably can be done, but beware that older Pythons
(and you're going quite a while back!) may use different APIs for
object creation/deletion, so you may end up having to do some work
still. Also, those older versions may have (client-side) ssl support
in their socket module -- isn't that going to conflict? Finally, some
old Python versions may not like new openssl versions (I don't know if
this is the case, but I wouldn't rule it out without testing).

-- 
--Guido van Rossum (home page: http://www.python.org/~guido/)