xmlrpc, httplib and SSL
Roger Binns
rogerb at rogerbinns.com
Fri Mar 26 23:03:18 EST 2004
I have just spent several weeks mashing xmlrpc, httplib and SSL (from
M2Crypto) to work together. The current standard library has several
problems:
- Builtin SSL is pretty much useless if you actually care
about security
- Poor HTTP authentication support
- No server side stuff (SSL, HTTP authentication etc)
- Pathological coding to ensure that at most one request is
sent on a connection, rather than reusing an already open
connection (http/1.1 keepalives)
- Pathological coding to ensure that connections are closed
from as many different places as possible
- A broken model for dealing with who owns a connection socket.
It all started when someone added a 'makefile' method that
returned a dup'ed file descriptor since all there are
all those close calls everywhere, so the reference counting
sort of works on UNIX (where dup is a normal operation).
This leads to even more heroic coding to work around the
explicitly coded close's everywhere, and implement yet
another layer of reference counting and encapsulation.
- No real possibility of dealing with things like automatically
reopening connections (eg if you have an HTTP/1.1 connection,
make a request, stay idle for so long the other end closes the
connection, and then try to send a new one)
I now have code that works for me and my project. However it
wouldn't really be appropriate for going back into the standard
library because it spends most of its time having to subvert the
design and implementation of the existing classes.
However I was wondering if anyone was working on fixing the
(IMHO horrible) mess and wants any moral support?
Roger
More information about the Python-list
mailing list