Issue452110
Created on 2001年08月17日 15:10 by jhatala, last changed 2022年04月10日 16:04 by admin. This issue is now closed.
| Messages (8) |
|---|
|
msg37346 - (view) |
Author: Jozef Hatala (jhatala) |
Date: 2001年08月17日 15:10 |
Simple enhancement to the SSL support in module socket
:
- support for writing SSL servers (as well as clients)
- Py_*_ALLOW_THREADS arround blocking calls to openssl
- rsa temp key to work with older export netscape
- renamed attribute server to peer
This patch allows for powerfull application servers
like the following one to be accessed with "netscape
https://localhost:1443/"
from socket import *
p=socket(AF_INET,SOCK_STREAM)
p.bind(('localhost',1443))
p.listen(1)
while 1 :
s,a = p.accept()
c = sslserver(s,'server.key','server.crt')
print "They said:", c.read()
c.write('HTTP/1.0 200 OK\r\n')
c.write('Content-Type: text/plain\r\n\r\n** Hi!
**')
c.close()
TODO: a kind of makefile() on the ssl object like on a
socket would be welcome.
Have fun,
jh
|
|
msg37347 - (view) |
Author: Guido van Rossum (gvanrossum) * (Python committer) |
Date: 2001年08月19日 06:17 |
Logged In: YES
user_id=6380
Nice, but where's the documentation? (Thanks for the
docstrings though!) And the test suite?
|
|
msg37348 - (view) |
Author: Jeremy Hylton (jhylton) (Python triager) |
Date: 2001年10月11日 16:13 |
Logged In: YES
user_id=31392
Jozef-- are you going to contribute tests and documentation?
|
|
msg37349 - (view) |
Author: Jozef Hatala (jhatala) |
Date: 2001年10月16日 10:21 |
Logged In: YES
user_id=300564
I'll submit a simple test with certificates and an enhanced
patch for 2.2a2 (does not patch cleanly any more) soon (this
week) [time and inet access issues].
I haven't written any doc. There was none for ssl. I know
that is no excuse...
Does some-one volonotere?
|
|
msg37350 - (view) |
Author: Jeremy Hylton (jhylton) (Python triager) |
Date: 2001年10月16日 16:05 |
Logged In: YES
user_id=31392
If you can provide test cases, I'll provide documentation.
But hurry, if we don't get this done this week, we may miss
Python 2.2.
|
|
msg37351 - (view) |
Author: Jozef Hatala (jhatala) |
Date: 2001年10月17日 14:43 |
Logged In: YES
user_id=300564
This patch now against Python 2.2a3 contains:
SSL server support (SSL_accept) [as before]
additionally:
allow threads around getaddrinfo &Co.
more verbose exc messages (for failures in ssl() and sslserver())
methods recv and send on ssl object as equivalents of read and write.
methods makefile on ssl object (a look-alike and does no dup!)
a client/server test (depends on os.fork())
|
|
msg37352 - (view) |
Author: Guido van Rossum (gvanrossum) * (Python committer) |
Date: 2001年10月19日 02:10 |
Logged In: YES
user_id=6380
Time to look at this again?
|
|
msg37353 - (view) |
Author: Gerhard Häring (ghaering) * (Python committer) |
Date: 2001年10月22日 13:51 |
Logged In: YES
user_id=163326
I don't think it is a good idea to add this. Python's
builtin client-side SSL support is already pretty weak. This
patch would add a minimal SSL server implementation, but it
shares some of the same weaknesses, like missing the ability
to set the SSL method (version 2, version 3, version 2 or
3). I'd recommend not adding any more SSL features at this
point, but for Python 2.2 only keeping the existing
client-side functionality and fixing any remaining bugs there.
I'm working on something that would hopefully be better in
the longrun: an SSL API that the various Python SSL modules
(m2crypto, POW, pyOpenSSL) can implement and Python will
then use one of these third-party modules for https,
smtp/tls etc. Sort of a plugin ability for an SSL module.
If you add stuff to the broken SSL API now, you'll either
have to carry it around for a long time or, if my proposal
get implemented and accepted, the workarounds will be clunkier.
|
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2022年04月10日 16:04:20 | admin | set | github: 34987 |
| 2001年08月17日 15:10:01 | jhatala | create |