[issue22559] [backport] ssl.MemoryBIO

Geert Jansen added the comment: Glyph, if this is just for Twisted you could ship the "sslcompat" module that I'm shipping with Gruvi. It backports the async IO stuff and a few other pieces through an extension module. https://github.com/geertj/gruvi/blob/master/src/sslcompa

[issue24334] SSLSocket extra level of indirection

Geert Jansen added the comment: Apologies for the late reply. I made SSLSocket go through SSLObject so that the test suite that is primarily testing SSLSocket will test both. Also, this layering allows us to define some non-networked operations (such as SSL certificate checking and channel

[issue22564] ssl: post-commit review of the new memory BIO API

Geert Jansen added the comment: > newPySSLSocket() expects a char* string and use PyUnicode_Decode() to decode > bytes. Yup, and this value is available as SSLSocket._sslobj.server_hostname. But SSLSocket.server_hostname is not this, it is what was passed to the constructor which ca

[issue22564] ssl: post-commit review of the new memory BIO API

Geert Jansen added the comment: > +.. attribute:: SSLSocket.server_hostname > + > + A ``bytes`` instance (...) > > Ah, this is a mistake. It's actually always a str instance (on SSLObject as > well). It is indeed, I stand corrected. I was confused by the decode -&

[issue22564] ssl: post-commit review of the new memory BIO API

Geert Jansen added the comment: Hi Victor, see below my comments: * SSLSocket.read(), SSLOBject.read() and _ssl._SSLSocket.read() taking a buffer as the second positional argument. Both SSLSocket.read() and _SSLSocket.read() already accepted two arguments so I went for consistency. The

[issue22559] [backport] ssl.MemoryBIO

Geert Jansen added the comment: > In Python2 socket._socketobject composes with _socket.socket, so we pass > "self._sock", that way it has teh right C-level fields. Unfortunately taking > a weakref of _socket.socket is not allowed. I see, and agree that making it weakref-

[issue22559] [backport] ssl.MemoryBIO

Geert Jansen added the comment: > Right, socket._socketobject mearly nulls out the reference to _socket.socket, > and lets reference counting take care of the rest. Ugh this is bad... I thought close() was exactly there when you don't want to depend on refcounting for cleanup

[issue22559] [backport] ssl.MemoryBIO

Geert Jansen added the comment: It seems that SSLSocket.close() doesn't actually close the socket, and that's why the server side read() blocks. It's a bit of a mystery to me how socket.close(), which is called by SSLSocket to do the actual close, is supposed to work. I don

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Thanks Antoine for merge! > SSLPipe looks interesting. I wonder if it can be used to reimplement > _SelectorSslTransport in asyncio.selector_events (at least as an experiment). Yes, it could be done quite easily. SslPipe has no dependency on other pa

[issue22559] [backport] ssl.MemoryBIO

Changes by Geert Jansen : -- nosy: +geertj ___ Python tracker <http://bugs.python.org/issue22559> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Maybe an example is useful on how the Memory BIO stuff can be used to implement SSL on top of a proactor event loop. I just added support for this to my Gruvi project in the branch "feat-memory-bio": An "SslPipe" utility class that uses the

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Addded the comment about owner being a weakref, and added a new consolidated patch (ssl-memory-bio-5). -- Added file: http://bugs.python.org/file36806/ssl-memory-bio-5.patch ___ Python tracker <http://bugs.python.

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: > One issue with the "owner" is that there is now a reference cycle between > SSLSocket and SSLObject (something which the original design is careful to > avoid by using weakrefs in the _ssl module). Note that owner is a weakref :) Did y

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: > Well... I would have expected this approach to yield a bigger reduction in > code size. If it doesn't shrink the code, then I'm not sure it's worthwhile. > What do you think? I think the improved test coverage might still make it wo

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: New patch attached. This patch makes SSLSocket use SSLObject. The big benefit here is obviously test coverage. I decided against using SSLObject as a mixin, because all methods need to be reimplemented anyway because for SSLSocket they need to handle the non

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Antoine, sorry for the delay, we just had a new kid and I changed jobs :) Let me try if I can create an updated patch that where SSLObject is a mixin for SSLSocket. I think the argument about writing tests once is important. Be back in a few days

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Thanks Antoine. See my comments below: > - is it necessary to start exposing server_hostname, server_side and > pending()? At the C level I need server_hostname and server_side exposed because they are needed to implement the cert check in do_han

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Adding small patch (incremental to patch #4) to fix a test failure. -- Added file: http://bugs.python.org/file36483/ssl-memory-bio-4-incr1.patch ___ Python tracker <http://bugs.python.org/issue21

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Updated patch. Contains: * An "owner" attribute on a _ssl.SSLSocket that is used as the first argument to the SNI servername callback (implemented as a weakref). * Documentation I think this covers all outstanding issues that were identified. Antoin

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Antoine, yes, I just got back from holiday. I will have an updated patch tomorrow. -- ___ Python tracker <http://bugs.python.org/issue21

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Thanks to Ben and Glyph for their feedback. The memory BIO should allow ProactorEventLoop to support SSL. I say "should" because I have not looked at it myself. However, my Gruvi project is proactor (libuv) based and I have a private branch where SSL

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: > A question though: does it support server-side SNI? AFAIR server-side SNI > requires you to be able to change a SSL object's context. Yes, it does. See the following comment in _servername_callback(): /* Pass a PySSLSocket instance when using

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: New patch with a Python-level API (option #3). This needs some more tests, and docs. -- Added file: http://bugs.python.org/file36248/ssl-memory-bio-3.patch ___ Python tracker <http://bugs.python.org/issue21

[issue21965] Add support for Memory BIO to _ssl

Changes by Geert Jansen : Removed file: http://bugs.python.org/file36190/bio_python_options.py ___ Python tracker <http://bugs.python.org/issue21965> ___ ___ Python-bug

[issue21965] Add support for Memory BIO to _ssl

Changes by Geert Jansen : Added file: http://bugs.python.org/file36191/bio_python_options.py ___ Python tracker <http://bugs.python.org/issue21965> ___ ___ Python-bug

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: I've explored a few options for the Python-level API in the attachment "bio_python_options.py". Me personally I prefer the more light weight option #3. This is both out of selfish interest (less work for me), but also I believe that memory BIOs a

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: I added a new patch that addresses the comments. -- ___ Python tracker <http://bugs.python.org/issue21965> ___ ___ Python-bug

[issue21965] Add support for Memory BIO to _ssl

Changes by Geert Jansen : Added file: http://bugs.python.org/file36189/ssl-memory-bio-2.patch ___ Python tracker <http://bugs.python.org/issue21965> ___ ___ Python-bug

[issue21965] Add support for Memory BIO to _ssl

Geert Jansen added the comment: Hi all (pitrou, haypo and all others) can I get some feedback on this patch? Thanks! -- ___ Python tracker <http://bugs.python.org/issue21

[issue21965] Add support for Memory BIO to _ssl

New submission from Geert Jansen: The attached patch adds a _MemoryBIO type to _ssl, and a _wrap_bio() method to _SSLContext. The patch also includes tests. For now I kept _wrap_bio() and _MemoryBIO semi-private. The reason is that it returns an _SSLSocket instead of an SSLSocket and this

[issue12641] Remove -mno-cygwin from distutils

Geert Jansen added the comment: *bump*. This is a critical bugfix that prevents I bet 90%+ of Python users on Windows compiling C extensions. It has been open for 2 years and it's a great disservice to people having to compile stuff on Windows. Oscar has been doing a terrific j

[issue12641] Remove -mno-cygwin from distutils

Geert Jansen added the comment: *bump* I just installed MinGW 2.6.2 32-bit on Windows XP. It doesn't accept -mnocygwin and there is no binary "i686-pc-mingw32-gcc" either. It would be great if you could agree on an approach and get this fixed. This impacts a lot of users tha