> On Sep 19, 2014, at 2:26 PM, Chmouel Boudjnah <chmo...@enovance.com> wrote:
> On Fri, Sep 19, 2014 at 6:58 PM, Donald Stufft <don...@stufft.io 
> <mailto:don...@stufft.io>> wrote:
> So you can remove all that code and just let requests/urllib3 handle it on 
> 3.2+, 2.7.9+ and for anything less than that either use conditional 
> dependencies to have glance client depend on pyOpenSSL, ndg-httpsclient, and 
> pyasn1 on Python 2.x, or let them be optional and if people want to disable 
> TLS compression in those versions they can install those versions themselves.
> we have that issue as well for swiftclient, see the great write-up from 
> stuart here :
> https://answers.launchpad.net/swift/+question/196920 
> <https://answers.launchpad.net/swift/+question/196920>
> just removing it this and let hope that users uses bleeding edge python 
> (which they don't) is not going to work for us. and the pyOpenSSL way is very 
> unfriendly to the end-user as well.

Unfortunately those are the only options besides using a different TLS 
implementation besides pyOpenSSL all together.

Python 2.x standard library did not include the requisite nobs for configuring 
this, it wasn’t until Python 3.2+ that the ssl module in the standard library 
gained the ability to have these kinds of things applied to it. Python 2.7.9 
contains a back port of the 3.x ssl module to Python 2.7, so that’s the first 
time in the 2.x line that the standard library has the knobs to change these 

The alternative to 3.2+ or 2.7.9+ is using an alternative TLS implementation, 
of which pyOpenSSL is by far the most popular (and it’s what glanceclient is 
using right now).

Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

OpenStack-dev mailing list

Reply via email to