Python does not play well with others
John Nagle
nagle at animats.com
Thu Jan 25 15:51:51 EST 2007
Paul Rubin wrote:
> "sjdevnull at yahoo.com" <sjdevnull at yahoo.com> writes:
>
>>I haven't had a need to do anything with OpenSSL from Python; all
>>that takes place in the Apache server
>
>
> That's a reasonable approach for a typical server-side web
> application, but there are other types of Python apps that can also
> want to use SSL. It's a pain to have to deal with OpenSSL at all, and
> I hope that TLSLite (a very incomplete SSL implementation written in
> pure Python) one day becomes complete and does all the stuff that JSSE
> does.
That's the problem. We now have four SSL implementations for
Python, none of which let you do all the things OpenSSL can do.
The fact that people keep writing new ones, instead of fixing the
existing ones, indicates a problem with the development process.
Can you build the built-in SSL package without building all of
Python? That in itself would be useful. Then the thing could
be worked on without too much pain. The built-in SSL package
basically works, although it doesn't check anything. It just
doesn't get at enough OpenSSL functionality.
I think the right way out of this mess is to 1) break
out the SSL module so it can be built separately by the
usual "python setup.py build" process, 2) add more
access functions to the built-in SSL C glue module, 3) bring over
such Python parts of M2Crypto as are useful and make them
work with the built-in SSL module, and 4) get rid of SWIG.
If somebody will do 1), I'll take a look at 2).
John Nagle
More information about the Python-list
mailing list