[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7 (original) (raw)

Steve Dower steve.dower at python.org
Fri Jun 9 13:07:21 EDT 2017

On 09Jun2017 0343, Nick Coghlan wrote:

So honestly, I'd be +1 for either approach:

- stdlib backport to make dual-stack maintenance easier for the current volunteers, and we'll see how things work out on the ease-of-adoption front - PyPI backport to make 2.7 adoption easier, and we'll continue pestering redistributors to actually fund maintenance of Python 2.7's SSL stack properly (and encourage customers of those redistributors to do the same)

My draft reply to Donald sat overnight, so I abandoned it in favour of agreeing with Nick.

I'm in principle in favour of anything that makes 2.7 less of a burden to maintain (up to and including EOL :) ), so if backporting parts of ssl/_ssl makes that easier then I'm +0.

However, I do prefer the PyPI backport with some tool bundled in order to obtain it. In fact, given the nature of OpenSSL, I'd be in favour of that approach for all versions of Python (at least on Windows it would likely work well - probably less so on other platforms where we couldn't include a prebuilt fallback easily, though those tend to include compilers...).

That hypothetical "_ensuressl" module in my mind really doesn't have to do much other than determine which file to download and then download and extract it, which can be done with OS level tools rather than needing our own stack. It may also be the necessary mechanism to make ssl pip-updateable, since we have the locking problem that prevents it being possible normally.

Cheers, Steve

More information about the Python-Dev mailing list