homepage

It might be useful to make public the SSL support for asyncore which is currently implemented in various tests.

(I'm posting this issue after having read this message:
http://mail.python.org/pipermail/python-list/2010-October/1257689.html
where the poster is clearly confused about SSL support for asyncore)

Problem with SSL dispatcher subclasses used in tests is that they are all similar to pyftpdlib's SSLConnection class ( http://code.google.com/p/pyftpdlib/source/browse/trunk/pyftpdlib/contrib/handlers.py?spec=svn743&r=729#73 ) and I'm not sure it's API is suitable for a general use case. 
It fits well for pyftpdlib, servers in general and stdlib tests but I'm not sure about other uses cases.
In details I'm thinking about clients, secure connections reverted back to clear-text (e.g FTP might need this) and recent issues about certificates validation.
Before writing anything we should agree on an API and make sure it is able to cover all use cases.

Initial draft of a patch including tests and a new ssl_dispatcher subclass.
asynchat needs to be changed as well, probably by using a mixin class.

First comments:
- secure_connection() should be named ssl_something() like other
methods. ssl_start() perhaps?
- in ssl_shutdown():
+ elif err.args[0] == ssl.SSL_ERROR_SSL:
+ pass
SSL_ERROR_SSL doesn't exist. Perhaps you mean ssl.SSL_ERROR_EOF?
- in send(), you should handle SSL_ERROR_WANT_READ and
SSL_ERROR_WANT_WRITE as in recv(). Also:
+ if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
+ return 0
lacks a self.handle_close()?
- in recv(), you have "return ''" where it should be "return b''"
- in test_ssl_established(), I think it would be nice if you used e.g.
getpeercert() to check that we really are in SSL mode. Also, you could
make certificate checking mandatory using e.g.:
 ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
 ssl_context.verify_mode = ssl.CERT_REQUIRED
 cert_path = os.path.join(os.path.dirname(__file__), "keycert.pem")
 ssl_context.load_cert_chain(cert_path)
 ssl_context.load_verify_locations(cert_path)
- in addition to test_handle_read() and test_handle_write(), there
should be a test where a server and a client really send data to each
other, and receive at all
(also, I'm not sure why these tests can't be shared with non-SSL test
classes)
- test_create_socket() and test_bind() don't seem to test anything
SSL-related

asyncore module has been deprecated as per https://docs.python.org/3/library/asyncore.html:
<<This module exists for backwards compatibility only. For new code we recommend using asyncio.>>
Closing this out as won't fix.