[Python-Dev] PEP 543-conform TLS library
Brett Cannon
brett at python.org
Fri Nov 2 18:24:20 EDT 2018
In case you never received a reply, you can try emailing Christian and Cory
directly for an answer.
On Fri, 26 Oct 2018 at 13:20, Mathias Laurin <mathias.laurin at gmail.com>
wrote:
> Hello Python Dev,
>
>
> I posted the following to python-ideas but here may be
> a more suitable place. I apologize if cross posting
> bothers anyone.
>
>
> I have implemented an (I believe) PEP 543-conform TLS library
> and released TLS support in the latest version yesterday:
>
> https://github.com/Synss/python-mbedtls/tree/0.13.0
> https://pypi.org/project/python-mbedtls/0.13.0/
>
>
> As far as I know, I am the first one to follow PEP 543. So one
> point is that the API works. However, I have a couple of
> questions regarding the PEP:
>
> - I do not know what to do in `TLSWrappedBuffer.do_handshake()`.
> The full TLS handshake requires writing to the server, reading
> back, etc., (ClientHello, ServerHello, KeyExchange, etc.),
> which cannot be accomplished in a single buffer.
>
> For now, I am doing the handshake in
> `TLSWrappedSocket.do_handshake()`: I set the BIO to using the
> socket directly, then perform the handshake on the socket thus
> entirely bypassing the TLSWrappedBuffer. Once this is done, I
> swap the BIO to using the buffer and go on encrypting and
> decrypting from the buffer. That is, the encrypted
> communication is buffered.
>
> - The PEP sometimes mentions an "input buffer" and an "output
> buffer", and some other times just "the buffer". I believe
> that both implementations are possible. That is, with two
> different buffers for input and output, or a single one.
>
> I have implemented it with a single circular buffer (that is a
> stream after all). What the PEP is expecting is nonetheless
> not clear to me.
>
>
> So, can anybody clarify these two points from the PEP?
>
>
> Or should I just address Cory Benfield (who does not seem very
> active anymore lately) and Christian Heimes directly?
>
>
> Cheers,
> Mathias
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/options/python-dev/brett%40python.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20181102/315b7850/attachment.html>
More information about the Python-Dev
mailing list