[Python-Dev] ssl improvements and testing question (original) (raw)
Christian Heimes christian at python.org
Fri Jun 7 00:37:01 CEST 2013
- Previous message: [Python-Dev] HAVE_FSTAT?
- Next message: [Python-Dev] ssl improvements and testing question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I'm working on a couple of improvements for the ssl module:
http://bugs.python.org/issue17134 http://bugs.python.org/issue18138 http://bugs.python.org/issue18143 http://bugs.python.org/issue18147
#17134 is going to provide a way to use Window's crypt32.dll to load CA certs from Window's CA cert storage. I have a working proof of concept [1] that uses ctypes to interface crypt32.dll. I'll reimplement the code in C.
#18138 implements the bits and pieces for #17134 in order to add DER and PEM certs from memory (ASCII unicode or Py_Buffer). Until now the ssl module can only load files from the file system.
#18143 and #18147 are diagnostic and debugging helpers that I would like to add. The SSLContext() object is black box. You stuff in some PEM files and don't know which CA certs have been loaded. The enhancements implement a function to retrieve a list of CA certs (same format as getpeercert()) and list of default CA locations for the platform.
I'm also thinking about OCSP support and X509v3 extension support for _decode_certificate(). Both are a PITB ... Python has an easier and better documented C API.
Question: What's the minimum version of OpenSSL Python 3.4 is going to support? Do we have an easy way to compile and link Python against a custom installation of OpenSSL or do I have to fiddle around with CPPFLAGS and CFLAGS?
Christian
[1] https://pypi.python.org/pypi/wincertstore
- Previous message: [Python-Dev] HAVE_FSTAT?
- Next message: [Python-Dev] ssl improvements and testing question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]