[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

No because existence of this attribute is dynamic On Fri, Jun 25, 2021, 3:44 PM Guido van Rossum wrote: > Would a static type checker have found this? > > On Fri, Jun 25, 2021 at 02:07 Thomas Grainger wrote: > >> I was debugging some code that was using TLSv1.2 when I expected it to >> only sup

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

urllib3 was also burned by this problem https://github.com/urllib3/urllib3/issues/2636 On Fri, Jul 9, 2021, 5:39 PM Thomas Grainger wrote: > > if we find time to implement it for 3.11. > > https://www.python.org/dev/peps/pep-0543/#configuration > was Withdrawn > > would this need a new PEP? > _

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

> if we find time to implement it for 3.11. https://www.python.org/dev/peps/pep-0543/#configuration was Withdrawn would this need a new PEP? ___ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@pyt

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On 28/06/2021 20.36, Brendan Barnwell wrote: > On 2021-06-28 07:03, Thomas Grainger wrote: >>> >but in this case the object is security sensitive, and security >>> should be much more rigorous in ensuring correctness. >> It looks like there's a consensus being reached, should I create a bpo? > >  

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

Another problem with the assignment API is that the order the attributes are assigned is important: Eg check_hostname needs to be assigned before verify_mode or a warning is raised: https://github.com/encode/httpx/pull/1687/commits/ed9aabfeff6c18652db918bd0628c94d2513487a On Mon, 28 Jun 2021, 19

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On 2021-06-28 07:03, Thomas Grainger wrote: >but in this case the object is security sensitive, and security should be much more rigorous in ensuring correctness. It looks like there's a consensus being reached, should I create a bpo? If we're going to make backwards-incompatible changes to

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

httpx.create_ssl_context() is one such utility function python -m pip install httpx python >>> import httpx >>> ctx = httpx.create_ssl_context() Ironically the context returned doesn't support ctx.minimum_version assignment due to another hangnail in the ssl.SSLContext API! This is fixed i

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

Thomas Grainger wrote: It looks like there's a consensus being reached, should I create a bpo? > Perhaps first state what seems to be the consensus and invite further comments before going to bpo. Disclaimer: I'd like to see both: 1. Something on PyPi to help persons who are using ssl on curren

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

> but in this case the object is security sensitive, and security should be > much more rigorous in ensuring correctness. It looks like there's a consensus being reached, should I create a bpo? Thomas Grainger On Sat, 26 Jun 2021 at 23:03, Ethan Furman wrote: > > On 6/26/21 1:55 PM, Marc-Andre

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On 6/26/21 1:55 PM, Marc-Andre Lemburg wrote: > On 26.06.2021 21:32, Ethan Furman wrote: >> In most cases I would agree with you, but in this case the object is security >> sensitive, and security should be much more rigorous in ensuring correctness. > > Isn't this more an issue of API design rat

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

I'd prefer a frozen dataclass with an explicit replace method On Sat, 26 Jun 2021, 21:56 Marc-Andre Lemburg, wrote: > On 26.06.2021 21:32, Ethan Furman wrote: > > On 6/25/21 5:20 PM, Eric V. Smith wrote: > > > >> It seems like many of the suggestions are SSLContext specific. I don't > think > >

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On 26.06.2021 21:32, Ethan Furman wrote: > On 6/25/21 5:20 PM, Eric V. Smith wrote: > >> It seems like many of the suggestions are SSLContext specific. I don't think > we should be adding >> __slots__ or otherwise redefining the interface to that object. Isn't this a > general "problem" in >> pyth

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

> On Jun 26, 2021, at 3:35 PM, Ethan Furman wrote: > > [oops, hit Send too soon] > > On 6/25/21 5:20 PM, Eric V. Smith wrote: > > > It seems like many of the suggestions are SSLContext specific. I don't > > think we should be adding > > __slots__ or otherwise redefining the interface to that

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

[oops, hit Send too soon] On 6/25/21 5:20 PM, Eric V. Smith wrote: > It seems like many of the suggestions are SSLContext specific. I don't think we should be adding > __slots__ or otherwise redefining the interface to that object. Isn't this a general "problem" in > python... In most cases I

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On 6/25/21 5:20 PM, Eric V. Smith wrote: > It seems like many of the suggestions are SSLContext specific. I don't think we should be adding > __slots__ or otherwise redefining the interface to that object. Isn't this a general "problem" in > python... ___

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

As has been said, allowing arbitrary attribute assignments is standard Python. But given the security implications, it does make sense to have more validation in this case. If backward incompatibility is not an option how about raising a Warning? -CHB On Fri, Jun 25, 2021 at 6:30 PM Oscar Ben

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On Sat, 26 Jun 2021 at 01:23, Eric V. Smith wrote: > > On 6/25/2021 8:09 PM, Steven D'Aprano wrote: > > Hi Thomas, > > > > On Fri, Jun 25, 2021 at 09:06:58AM -, Thomas Grainger wrote: > > > >> I'd like invalid attribute assignment to be prevented at runtime > > Are you making a specific reques

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On Fri, Jun 25, 2021 at 12:48:51PM -0700, Guido van Rossum wrote: > > I agree, it is a backwards incompatible change. Also __slots__ won't > > work. The class has class attributes that can be modified in instances. > > > > Oh, I see. There are two class attributes, sslsocket_class and > sslobject

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On Fri, Jun 25, 2021 at 11:17:09AM -0700, Guido van Rossum wrote: > On Fri, Jun 25, 2021 at 8:22 AM Bluenix wrote: > > > I am not fully aware of how ssl.SSLContext is used, but adding __slots__ > > would prevent this. You would see an error similar to: AttributeError: > > 'MyClass' object has no

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On 6/25/2021 8:09 PM, Steven D'Aprano wrote: Hi Thomas, On Fri, Jun 25, 2021 at 09:06:58AM -, Thomas Grainger wrote: I'd like invalid attribute assignment to be prevented at runtime Are you making a specific request for ssl context objects, or a general language-wide request that applies

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

Hi Thomas, On Fri, Jun 25, 2021 at 09:06:58AM -, Thomas Grainger wrote: > I'd like invalid attribute assignment to be prevented at runtime Are you making a specific request for ssl context objects, or a general language-wide request that applies to all objects? -- Steve _

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

It may help to think separately about existing code using ssl, and about new code. However, I'm not a user of ssl, so please doubt my opinions below. EXISTING CODE Those maintaining existing code might welcome an easy way of checking that the code doesn't have a misleading assignment. They might a

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

How about an alternative frozen dataclass with a explicit replace, configure and create methods? @dataclasses.dataclass(frozen=True) class SSLContextFactory: minimum_version: TLSVersion = TLSVersion.TLSv1_2 options: ... replace = dataclasses.replace def configure(self, ctx: SSLCo

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On Fri, Jun 25, 2021 at 12:17 PM Christian Heimes wrote: > On 25/06/2021 20.17, Guido van Rossum wrote: > > On Fri, Jun 25, 2021 at 8:22 AM Bluenix > > wrote: > > > > I am not fully aware of how ssl.SSLContext is used, but adding > > __slots__ would prevent t

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On 25/06/2021 20.17, Guido van Rossum wrote: > On Fri, Jun 25, 2021 at 8:22 AM Bluenix > wrote: > > I am not fully aware of how ssl.SSLContext is used, but adding > __slots__ would prevent this. You would see an error similar to: > AttributeError: 'MyClass

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On Sat, Jun 26, 2021 at 5:09 AM Guido van Rossum wrote: > > On Fri, Jun 25, 2021 at 11:42 AM Chris Angelico wrote: >> >> On Sat, Jun 26, 2021 at 4:20 AM Guido van Rossum wrote: >> > >> > On Fri, Jun 25, 2021 at 8:22 AM Bluenix wrote: >> >> >> >> I am not fully aware of how ssl.SSLContext is use

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On Fri, Jun 25, 2021 at 11:42 AM Chris Angelico wrote: > On Sat, Jun 26, 2021 at 4:20 AM Guido van Rossum wrote: > > > > On Fri, Jun 25, 2021 at 8:22 AM Bluenix wrote: > >> > >> I am not fully aware of how ssl.SSLContext is used, but adding > __slots__ would prevent this. You would see an error

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On Sat, Jun 26, 2021 at 4:20 AM Guido van Rossum wrote: > > On Fri, Jun 25, 2021 at 8:22 AM Bluenix wrote: >> >> I am not fully aware of how ssl.SSLContext is used, but adding __slots__ >> would prevent this. You would see an error similar to: AttributeError: >> 'MyClass' object has no attribut

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

On Fri, Jun 25, 2021 at 8:22 AM Bluenix wrote: > I am not fully aware of how ssl.SSLContext is used, but adding __slots__ > would prevent this. You would see an error similar to: AttributeError: > 'MyClass' object has no attribute 'my_attribute' > That's a reasonable solution, except that it's n

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

I am not fully aware of how ssl.SSLContext is used, but adding __slots__ would prevent this. You would see an error similar to: AttributeError: 'MyClass' object has no attribute 'my_attribute' ___ Python-ideas mailing list -- python-ideas@python.org To

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

Would a static type checker have found this? On Fri, Jun 25, 2021 at 02:07 Thomas Grainger wrote: > I was debugging some code that was using TLSv1.2 when I expected it to > only support TLSv1.3, I tracked it down to a call to: > > context.miunimum_version = ssl.TLSVersion.TLSv1_3 > > it should h

[Python-ideas] Re: disallow assignment to unknown ssl.SSLContext attributes

Thank you Thomas for concisely and fairly reporting your experience, and based on that suggesting a way to improve Python. Thank you for taking the time to do this. Here's a typo that caused a bug (which inconvenienced the original poster): context.miunimum_version = ssl.TLSVersion.TLSv1_3 > cont