[Python-Dev] Backport ssl.MemoryBIO on Python 2.7? (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Thu May 25 07:24:00 EDT 2017
- Previous message (by thread): [Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
- Next message (by thread): [Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 23 May 2017 23:09:31 -0500 Victor Stinner <victor.stinner at gmail.com> wrote:
Le 23 mai 2017 20:43, "David Wilson" <dw+python-dev at hmmz.org> a écrit : In which case, what is to prevent Requests from just depending on
pyOpenSSL as usual?
From what I heard, pyOpenSSL development is slowing down, so I'm not sure that it's really safe and future-proof (TLS 1.3 anyone?).
So what? Python 2.7 isn't future-proof either...
I'm still writing 2.7 code every day and would love to see it live a little longer, but accepting every feature request seems the wrong way to go - and MemoryBIO is a hard sell as a security enhancement, it's new functionality.
Agreed with this.
You are true that they are new features. I disagree on the "accepting every feature" part: we are talking about two classes and it's restricted to security.
The new TLS API wouldn't significantly improve security. It's just a different API.
I also understood that getting access to system CA allows admins to register their company CA and so avoid that users ignore the TLS warning (unknown CA).
System admins can add the company CA at the system level in the system's CA cert store, they have no need for a Python API. Actually, they certainly don't want to modify every Python application to add a company CA.
Regards
Antoine.
- Previous message (by thread): [Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
- Next message (by thread): [Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]