[Python-Dev] evolving the SSL module API (original) (raw)

Devin Cook devin.c.cook at gmail.com
Thu Sep 10 23:00:58 CEST 2009

Yes, my patch implements hostname checking in httplib (although I haven't had time to do much testing). I also made the documentation changes, but have not yet created any test cases since there really aren't any HTTPS test cases in the test_httplib.py file (which is probably another issue that needs attention).

We had talked a month or two back about including hostname checking in the ssl module, but the consensus seemed to be that it doesn't belong there.

Personally, I would like to see it make it into the ssl module, as that would mean all the modules that use the ssl module (httplib, etc.) wouldn't have to write their own (and it isn't very straightforward... lots of different RFCs involved). Just my 2 cents.

-Devin

On Thu, Sep 10, 2009 at 3:17 PM, Jesse Noller <jnoller at gmail.com> wrote:

There's also the patch to httplib that Devin Cook has been working on for SSL enhancements, some of which do name checking. He's got most of a patch completed.

On Thu, Sep 10, 2009 at 3:01 PM, Bill Janssen <janssen at parc.com> wrote: Heikki, I'm OK with this, too.  would you like to propose an extended API for the SSL module?  That would give us a starting point to talk about.

This should probably be a PEP, just for the sake of writing things down. As you say, the hostname checking feature seems to me possibly appropriate for some application protocols, though it's made the use of HTTPS as a transport-level protocol unnecessarily confusing and buggy. I don't see putting that into the SSL module as a default, but perhaps a utility function in that module, to check a server-side cert against a hostname, is a good idea. Bill

More information about the Python-Dev mailing list