How to use asyncore with SSL?
Marko Rauhamaa
marko at pacujo.net
Sat Jan 20 16:10:08 EST 2018
Grant Edwards <grant.b.edwards at gmail.com>:
> On 2018-01-20, Marko Rauhamaa <marko at pacujo.net> wrote:
>> OpenSSL isn't the easiest beast to deal with, but I have been able to
>> abstract it (in C) so it behaves very close to TCP. The one blemish
>> is in the fact that the TLS protocol does not support a half-duplex
>> connection. Shame.
>>
>> The WANT_READ/WANT_WRITE silliness should be abstracted out of the
>> non-blocking TLS library so the application doesn't need to know
>> anything about it.
>
> I won't argue with that. I think that non-blocking ssl-wrapped
> sockets _should_ have the same select/poll/send/recv API/semantics
> that normal sockets do. I thought about writing my own
> wrapped-ssl-socket class that does that, but using stunnel was just so
> much easier. If you _did_ want to wrap sockets like that, I think
> you'd need to actually run a thread to deal with the SSL socket and
> provide a "proxy" socket or pipe for use with select/poll.
>
> Basically you'd be doing what stunnel does only doing it in-process.
Stunnel is fine for many applications but not for our needs. Also, a
subsidiary thread is not necessary. Everything can be done within an
async framework (in C anyway).
Marko
More information about the Python-list
mailing list