> On 26 Jan 2017, at 07:49, Nick Coghlan <ncogh...@gmail.com> wrote:
>
> Option 4: tls.TLSError, tls.WantReadError, tls.WantWriteError are
> defined as inheriting from ssl.SSLError, ssl.SSLWantReadError, and
> ssl.SSLWantWriteError *if* the latter are defined
>
> Option 5: as with Option 4, but the "ssl" module is also changed such
> that it *always* defines at least ssl.SSLError, ssl.SSLWantReadError,
> and ssl.SSLWantWriteError (and perhaps some of the other APIs that can
> be emulated atop the new tls abstraction), even if OpenSSL itself is
> unavailable
Here’s my problem with this:
try:
socket.recv(8192)
except tls.WantWriteError:
socket.write(some_buffer)
This code does not work with the legacy ssl module, because
isinstance(ssl.SSLWantWriteError, tls.WantWriteError) is false. This means that
we need to write a shim over the legacy ssl module that wraps *all* API calls,
catches all exceptions and then translates them into subclasses of the tls
error classes. That seems entirely batty to me.
Cory
_______________________________________________
Security-SIG mailing list
Security-SIG@python.org
https://mail.python.org/mailman/listinfo/security-sig
