On Jan 24, 2014, at 8:25 AM, Armin Rigo <ar...@tunes.org> wrote: > Hi, > > On Thu, Jan 23, 2014 at 5:28 PM, Maciej Fijalkowski <fij...@gmail.com> wrote: >> Since I have absolutely no idea what you're talking about, let's start with: > > Same for me. Also, using another SSL library like PyOpenSSL is a good > idea anyway --- on both CPython and PyPy. > > If I had a choice I'd prefer to scrap the _ssl module from PyPy, but > we can't because CPython has it too. I wouldn't mind if using _ssl > produced warnings on PyPy. The alternative, which is coming up with > better security features in the _ssl module, seems like a lot of work, > of questionable use and safety (just use PyOpenSSL), and bound to > break CPython compatibility. > > > A bientôt, > > Armin.
Sorry for the delay in responding to this. Currently what I would like to do is backport the SSL hostname verification from CPython 3.x to PyPy. Currently on CPython 2.x and PyPy if you wish to verify the hostname of SSL connections you need to manually copy this backport into your code and use that. I think that this is a sad state of affairs and would prefer to have it back ported to both CPython and PyPy. The code I’ve seen in the wild tends to check for the existence of the functions that enable this and fall back if they don’t exist. So this should just silently work for people. The benefit of doing it in PyPy instead of each individual project is that it gives PyPy users a central location to update if changes are needed to be made instead of needing to do this in each project that does it. The compatibly implications of this are: 1) Software written for CPython will continue to work out of the box with PyPy 2) Someone could write software that only worked on PyPy and CPython 3.x but not CPython 2.x The CPython developers have thus far decided that back porting hostname verification to CPython 2.x is not worth breaking the policy of no new features in 2.7. I disagree with this conclusion fwiw. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ pypy-dev mailing list pypy-dev@python.org https://mail.python.org/mailman/listinfo/pypy-dev
