Add type annotations for the SSL module by jlaine · Pull Request #1308 · pyca/pyopenssl (original) (raw)

I have rebased on top of main, let's see if CI is happy.

I also added int annotations to our constants, like types-OpenSSL does.

Some questions:

• Do we only support passing a socket.socket to Connection, or is something that quacks like a socket OK too?
• Related to the above : Connection.connect and Connection.sock_shutdown say they return "what the socket returns". If the socket is garanteed to be a socket.socket, that would be None, and there is no need to return anything. But as we might be supporting weird socket-like things, I'd rather not touch it.
• Guidance on typing the first argument of Connection.recv_into would be welcome!
• Do we want to ship a py.typed marker so that our typings take precedence over types-OpenSSL? => YES

As a stretch goal I was wondering whether we can get a clean mypy run on SSL.py. A couple of aspects of the code make this moderately hard:

• _ffi.string returns bytes but mypy does know this. Do we want to add: _ffi_string: Callable[[Any], bytes] = _ffi.string ?
• _raise_ssl_error is sometimes used in context where we know it will raise .. and sometimes not. This results in mypy complaining there is no return statement on some codepaths.
• A number of functions are just thin wrapper around return _lib.SSL_SOMETHING(..), and mypy rightly complains.