On 08:34 am, krist...@ccpgames.com wrote:
Hello there.
I wanted to do some work on the ssl module, but I was a bit daunted at
the prerequisites. Is there anywhere that I can get at precompiled
libs for the openssl that we use?
In general, gettin all those "external" projects seem to be complex to
build. Is there a fast way?
I take it the challenge is that you want to do development on Windows?
If so, this might help:
http://www.slproweb.com/products/Win32OpenSSL.html
It's what I use for any Windows pyOpenSSL development I need to do.
What I want to do, is to implement a separate BIO for OpenSSL, one that
calls back into python for writes and reads. This is so that I can use
my own sockets implementation for the actual IO, in particular, I want
to funnel the encrypted data through our IOCompletion-based stackless
sockets.
For what it's worth, Twisted's IOCP SSL support is implemented using
pyOpenSSL's support of OpenSSL memory BIOs. This is a little different
from your idea: memory BIOs are a built-in part of OpenSSL, and just
give you a buffer from which you can pull whatever bytes OpenSSL wanted
to write (or a buffer into which to put bytes for OpenSSL to read).
I suspect this would work well enough for your use case. Being able to
implement an actual BIO in Python would be pretty cool, though.
If successful, I think this would be a useful addition to ssl.
You would do something like:
class BIO():
def write(): pass
def read(): pass
from ssl.import
bio = BIO()
ssl_socket = ssl.wrap_bio(bio, ca_certs=...)
Hopefully this would integrate more nicely with the recent work Antoine
has done with SSL contexts. The preferred API for creating an SSL
connection is now more like this:
import ssl
ctx = ssl.SSLContext(...)
conn = ctx.wrap_socket(...)
So perhaps you want to add a wrap_bio method to SSLContext. In fact,
this would be the more general API, and could supercede wrap_socket:
after all, socket support is just implemented with the socket BIOs.
wrap_socket would become a simple wrapper around something like
wrap_bio(SocketBIO(socket)).
I am new to OpenSSL, I haven't even looked at what a BIO looks like,
but I read this: http://marc.info/?l=openssl-
users&m=99909952822335&w=2
which indicates that this ought to be possible. And before I start
experimenting, I need to get my OpenSSL external ready.
Any thoughts?
It should be possible. One thing that's pretty tricky is getting
threading right, though. Python doesn't have to deal with this problem
yet, as far as I know, because it never does something that causes
OpenSSL to call back into Python code. Once you have a Python BIO
implementation, this will clearly be necessary, and you'll have to solve
this. It's certainly possible, but quite fiddly.
Jean-Paul
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
