Florencio Cano Gabarda wrote:
> I would like to do the new SSL module as good as possible. A piece of
> art and efficiency if possible and obviusly having in mind all
> programming standards.
Guido and much of the community would certainly be appreciative of a new
SSL module, especially if you can overcome the problems that plague
M2Crypto.
http://www.artima.com/weblogs/viewpost.jsp?thread=95863
I would say that the criteria for success would be:
1) A module, expected to be included in the standard library, that makes
it easy to create both client and server SSL sockets.
2) No leaks or segfaults.
3) An API that any programmer can use without knowing much about
cryptography.
I want to be able to write code that's as simple as this:
import socket
import ssl
def open_ssl_socket(address):
base = socket.socket()
base.connect(address)
sock = ssl.client(base)
return sock
def run_server(port, handler, pki_files):
keys = ssl.load_keys(pki_files)
s = socket.socket()
s.bind(('', port))
s.listen(5)
while True:
base, address = s.accept()
sock = ssl.server(base, keys)
handler(sock)
sock.close()
"pki_filenames" in the example is a list of key files, certificate
files, certificiate signing requests, and perhaps other PKI files. I
want the ssl module to figure out for itself what each file means, so
that I as a mere human can forget about those details. :-) However, if
there's any ambiguity in the set of files provided, the SSL module
should throw an exception rather than try to guess the intent.
If you're ambitious, you could also figure out how to make this work
with non-blocking sockets. I believe Twisted has made progress there.
Shane
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4