Geert Jansen added the comment:
Glyph, if this is just for Twisted you could ship the "sslcompat" module that
I'm shipping with Gruvi. It backports the async IO stuff and a few other pieces
through an extension module.
https://github.com/geertj/gruvi/blob/master/src/sslcompa
Geert Jansen added the comment:
Apologies for the late reply.
I made SSLSocket go through SSLObject so that the test suite that is primarily
testing SSLSocket will test both.
Also, this layering allows us to define some non-networked operations (such as
SSL certificate checking and channel
Geert Jansen added the comment:
> newPySSLSocket() expects a char* string and use PyUnicode_Decode() to decode
> bytes.
Yup, and this value is available as SSLSocket._sslobj.server_hostname. But
SSLSocket.server_hostname is not this, it is what was passed to the constructor
which ca
Geert Jansen added the comment:
> +.. attribute:: SSLSocket.server_hostname
> +
> + A ``bytes`` instance (...)
>
> Ah, this is a mistake. It's actually always a str instance (on SSLObject as
> well).
It is indeed, I stand corrected. I was confused by the decode -&
Geert Jansen added the comment:
Hi Victor,
see below my comments:
* SSLSocket.read(), SSLOBject.read() and _ssl._SSLSocket.read() taking a buffer
as the second positional argument.
Both SSLSocket.read() and _SSLSocket.read() already accepted two arguments so I
went for consistency. The
Geert Jansen added the comment:
> In Python2 socket._socketobject composes with _socket.socket, so we pass
> "self._sock", that way it has teh right C-level fields. Unfortunately taking
> a weakref of _socket.socket is not allowed.
I see, and agree that making it weakref-
Geert Jansen added the comment:
> Right, socket._socketobject mearly nulls out the reference to _socket.socket,
> and lets reference counting take care of the rest.
Ugh this is bad... I thought close() was exactly there when you don't want to
depend on refcounting for cleanup
Geert Jansen added the comment:
It seems that SSLSocket.close() doesn't actually close the socket, and that's
why the server side read() blocks.
It's a bit of a mystery to me how socket.close(), which is called by SSLSocket
to do the actual close, is supposed to work. I don
Geert Jansen added the comment:
Thanks Antoine for merge!
> SSLPipe looks interesting. I wonder if it can be used to reimplement
> _SelectorSslTransport in asyncio.selector_events (at least as an experiment).
Yes, it could be done quite easily. SslPipe has no dependency on other pa
Changes by Geert Jansen :
--
nosy: +geertj
___
Python tracker
<http://bugs.python.org/issue22559>
___
___
Python-bugs-list mailing list
Unsubscribe:
Geert Jansen added the comment:
Maybe an example is useful on how the Memory BIO stuff can be used to implement
SSL on top of a proactor event loop. I just added support for this to my Gruvi
project in the branch "feat-memory-bio":
An "SslPipe" utility class that uses the
Geert Jansen added the comment:
Addded the comment about owner being a weakref, and added a new consolidated
patch (ssl-memory-bio-5).
--
Added file: http://bugs.python.org/file36806/ssl-memory-bio-5.patch
___
Python tracker
<http://bugs.python.
Geert Jansen added the comment:
> One issue with the "owner" is that there is now a reference cycle between
> SSLSocket and SSLObject (something which the original design is careful to
> avoid by using weakrefs in the _ssl module).
Note that owner is a weakref :) Did y
Geert Jansen added the comment:
> Well... I would have expected this approach to yield a bigger reduction in
> code size. If it doesn't shrink the code, then I'm not sure it's worthwhile.
> What do you think?
I think the improved test coverage might still make it wo
Geert Jansen added the comment:
New patch attached. This patch makes SSLSocket use SSLObject. The big benefit
here is obviously test coverage.
I decided against using SSLObject as a mixin, because all methods need to be
reimplemented anyway because for SSLSocket they need to handle the non
Geert Jansen added the comment:
Antoine, sorry for the delay, we just had a new kid and I changed jobs :)
Let me try if I can create an updated patch that where SSLObject is a mixin for
SSLSocket. I think the argument about writing tests once is important. Be back
in a few days
Geert Jansen added the comment:
Thanks Antoine. See my comments below:
> - is it necessary to start exposing server_hostname, server_side and
> pending()?
At the C level I need server_hostname and server_side exposed because they are
needed to implement the cert check in do_han
Geert Jansen added the comment:
Adding small patch (incremental to patch #4) to fix a test failure.
--
Added file: http://bugs.python.org/file36483/ssl-memory-bio-4-incr1.patch
___
Python tracker
<http://bugs.python.org/issue21
Geert Jansen added the comment:
Updated patch. Contains:
* An "owner" attribute on a _ssl.SSLSocket that is used as the first argument
to the SNI servername callback (implemented as a weakref).
* Documentation
I think this covers all outstanding issues that were identified. Antoin
Geert Jansen added the comment:
Antoine, yes, I just got back from holiday. I will have an updated patch
tomorrow.
--
___
Python tracker
<http://bugs.python.org/issue21
Geert Jansen added the comment:
Thanks to Ben and Glyph for their feedback. The memory BIO should allow
ProactorEventLoop to support SSL. I say "should" because I have not looked at
it myself. However, my Gruvi project is proactor (libuv) based and I have a
private branch where SSL
Geert Jansen added the comment:
> A question though: does it support server-side SNI? AFAIR server-side SNI
> requires you to be able to change a SSL object's context.
Yes, it does. See the following comment in _servername_callback():
/* Pass a PySSLSocket instance when using
Geert Jansen added the comment:
New patch with a Python-level API (option #3).
This needs some more tests, and docs.
--
Added file: http://bugs.python.org/file36248/ssl-memory-bio-3.patch
___
Python tracker
<http://bugs.python.org/issue21
Changes by Geert Jansen :
Removed file: http://bugs.python.org/file36190/bio_python_options.py
___
Python tracker
<http://bugs.python.org/issue21965>
___
___
Python-bug
Changes by Geert Jansen :
Added file: http://bugs.python.org/file36191/bio_python_options.py
___
Python tracker
<http://bugs.python.org/issue21965>
___
___
Python-bug
Geert Jansen added the comment:
I've explored a few options for the Python-level API in the attachment
"bio_python_options.py".
Me personally I prefer the more light weight option #3. This is both out of
selfish interest (less work for me), but also I believe that memory BIOs a
Geert Jansen added the comment:
I added a new patch that addresses the comments.
--
___
Python tracker
<http://bugs.python.org/issue21965>
___
___
Python-bug
Changes by Geert Jansen :
Added file: http://bugs.python.org/file36189/ssl-memory-bio-2.patch
___
Python tracker
<http://bugs.python.org/issue21965>
___
___
Python-bug
Geert Jansen added the comment:
Hi all (pitrou, haypo and all others) can I get some feedback on this patch?
Thanks!
--
___
Python tracker
<http://bugs.python.org/issue21
New submission from Geert Jansen:
The attached patch adds a _MemoryBIO type to _ssl, and a _wrap_bio() method to
_SSLContext. The patch also includes tests.
For now I kept _wrap_bio() and _MemoryBIO semi-private. The reason is that it
returns an _SSLSocket instead of an SSLSocket and this
Geert Jansen added the comment:
*bump*.
This is a critical bugfix that prevents I bet 90%+ of Python users on Windows
compiling C extensions. It has been open for 2 years and it's a great
disservice to people having to compile stuff on Windows.
Oscar has been doing a terrific j
Geert Jansen added the comment:
*bump*
I just installed MinGW 2.6.2 32-bit on Windows XP. It doesn't accept -mnocygwin
and there is no binary "i686-pc-mingw32-gcc" either.
It would be great if you could agree on an approach and get this fixed. This
impacts a lot of users tha
32 matches
Mail list logo