2017-06-01 19:10 GMT+02:00 Nathaniel Smith <n...@pobox.com>: > (...) since pip/requests/everyone else pushing for > this only want to use ssl.MemoryBIO on Linux. Their plan on Windows/MacOS > (IIUC) is to stop using the ssl module entirely in favor of new ctypes > bindings for their respective native TLS libraries.
The long term plan include one Windows implementation, one macOS implementation and one implementation using the stdlib ssl module. But it seems like right now, Cory is working alone and has limited time to implement his PEP 543 (new TLS API). The short term plans is to implement the strict minimum implementation, the one relying on the existing stdlib ssl module. Backporting MemoryBIO makes it possible to get the new TLS API "for free" on Python 2.7. IMHO Python 2.7 support is a requirement to make the PEP popular enough to make it successful. The backport is supposed to fix a chicken-and-egg issue :-) > (And yes, in principle it might be possible to write new ctypes-based > bindings for openssl, but (...)) A C extension can also be considered, but I trust more code in CPython stdlib, since it would be well tested by our big farm of buildbots and have more eyes looking to the code. -- It seems like the PEP 546 (backport MemoryBIO) should make it more explicit that MemoryBIO support will be "optional": it's ok if Jython or PyPy doesn't implement it. It's ok if old Python 2.7 versions don't implement it. I expect anyway to use a fallback for those. It's just that I would prefer to avoid a fallback (likely a C extension) whenever possible, since it would cause various issues, especially for C code using OpenSSL: OpenSSL API changed many times :-/ Victor _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
