[issue43902] ssl module: add getter for SSL_CTX* and SSL*
Nathaniel Smith
report at bugs.python.org
Wed Apr 21 13:36:59 EDT 2021
Nathaniel Smith <njs at pobox.com> added the comment:
Funny, I was actually looking at this a bit last week, because I was trying to figure out if I could trick `ssl` into doing DTLS...
The two big problems I ran into are:
- for DTLS you need to instantiate the SSLContext with PROTOCOL_DTLS, and idk how you create a Python ssl._SSLMethod object for a random pointer.
- You need to somehow find the libssl symbols, and it's not clear how to do that in a safe and portable way.
The second issue seems like the big blocker. Your example does `ctypes.CDLL("libssl.so.1.1")`, but there's no guarantee that this will find the same libssl that the `ssl` module is linked against. (And if you get the wrong one then everything will probably explode.)
And like you say, `ctypes.CDLL(ssl._ssl.__file__)` also works, by taking advantage of how ELF shared libraries tend to reexport all the symbols they import, but... this is an ELF-specific thing. It doesn't work on Windows or macOS.
So to me the first question would be: is it possible to offer a utility function that reliably gives users a handle to the right libssl, on all systems and build configurations? If not then I don't see how this could work.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue43902>
_______________________________________
More information about the Python-bugs-list
mailing list