On Nov 10, 2004, at 1:38 PM, Josiah Carlson wrote: > False. ESMTP has /optional/ support for STARTTLS, as defined in RFC > 3207. Neither SMTP nor ESMTP compliant mail servers need to implement > STARTTLS, regardless of their compliance to SMTP or ESMTP. That is irrelevant. My point was, there is no need to make a subclass for STARTTLS. There is no architectural reason that it couldn't be in the same place as the other supported ESMTP commands. However, the original comment, and my response, and your response are all besides the main point, which is about SSL vs non-SSL sockets, not about whether you should have a separate class for SMTP and SMTP+some optional extensions. >> But, the real point is that you can use the same class for SMTP and >> SMTP-over-ssl, which is fortunate, because you need to switch to the >> over-ssl implementation half way through the connection. > > You statement is a no-op. One could implement the greater part of most > any application in a single class, the question is about how much can > be > shared. > > At the minimal level, self.send() and self.recv() need to have > different > implementations for the different with/without SSL variants (assuming > one would merely wrap the bare socket). No surprise there. The point is that the above assumption is a poor one. The protocol should not be wrapping the bare socket. With an architecture like Twisted, your protocol class doesn't have implementations of send and recv. Those belong to the transport, which you call. So, you do not have to derive from a different base class for SMTP-over-SSL and SMTP-over-TCP, and then do yucky things like switching your class halfway through the connection. > At a higher > level, because SSL-ifying a socket is a blocking operation (requires at > least one round-trip if I remember correctly), discussion about async > SMTP+TLS is pretty moot at this point (unless one uses/abuses tlslite). That is completely incorrect. OpenSSL works perfectly well in async mode. Twisted implements async SSL __right now__. Again, I do not think this is the appropriate place to be giving SSL lessons, but, yes, at least one roundtrip is required to setup an SSL session. But, this does __not__ mean your code has to block waiting for the roundtrip to complete. OpenSSL returns with an error code if it needs more read/write data to complete an operation. You get to take that information and feed it to select to wait for the condition to be fulfilled, and call OpenSSL again. This works. James
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4