[Python-Dev] ssl improvements and testing question
Christian Heimes
christian at python.org
Fri Jun 7 00:37:01 CEST 2013
Hi,
I'm working on a couple of improvements for the ssl module:
http://bugs.python.org/issue17134
http://bugs.python.org/issue18138
http://bugs.python.org/issue18143
http://bugs.python.org/issue18147
#17134 is going to provide a way to use Window's crypt32.dll to load CA
certs from Window's CA cert storage. I have a working proof of concept
[1] that uses ctypes to interface crypt32.dll. I'll reimplement the code
in C.
#18138 implements the bits and pieces for #17134 in order to add DER and
PEM certs from memory (ASCII unicode or Py_Buffer). Until now the ssl
module can only load files from the file system.
#18143 and #18147 are diagnostic and debugging helpers that I would like
to add. The SSLContext() object is black box. You stuff in some PEM
files and don't know which CA certs have been loaded. The enhancements
implement a function to retrieve a list of CA certs (same format as
getpeercert()) and list of default CA locations for the platform.
I'm also thinking about OCSP support and X509v3 extension support for
_decode_certificate(). Both are a PITB ... Python has an easier and
better documented C API.
Question:
What's the minimum version of OpenSSL Python 3.4 is going to support? Do
we have an easy way to compile and link Python against a custom
installation of OpenSSL or do I have to fiddle around with CPPFLAGS and
CFLAGS?
Christian
[1] https://pypi.python.org/pypi/wincertstore
More information about the Python-Dev
mailing list