[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 (original) (raw)

Steve Dower steve.dower at python.org
Tue Jan 16 16:44:59 EST 2018

• Previous message (by thread): [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
• Next message (by thread): [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Honestly, I’d rather plug into the WinHTTP API and just not even bother with sockets :)

Certificate validation is about the only thing broken in OpenSSL on Windows (as far as not working well with system config), and it’s relatively easy to replace with a couple of API calls. Now that we don’t statically link OpenSSL anymore, it can be done easily with ctypes, so I’ll probably put out a package for it sometime soon.

Top-posted from my Windows phone

From: Christian Heimes Sent: Tuesday, January 16, 2018 22:52 To: python-dev at python.org Subject: Re: [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >=2.5.3

On 2018-01-16 12:28, Wes Turner wrote:

On Tuesday, January 16, 2018, Steve Dower <steve.dower at python.org_ _<mailto:steve.dower at python.org>> wrote: From my perspective, we can’t keep an OpenSSL-like API and use Windows platform libraries (we could do a requests-like API easily enough, but even urllib3 is painfully low-level).__ Support for Windows SChannel and Apple SecureTransport is part of the TLS module. IDK how far along that work is (whether it'll be ready for 3.7 beta 1)? Or where those volunteering to help with the TLS module can send PRs?

You are misunderstanding the goal of PEP 543. It's not about providing implementations of various backends. The PEP merely defines an minimal abstraction layer. Neither the PEP nor the API are finalized or complete yet, too Some parts of the PEP must be changed before it can be finalized. Cory and I are discussion the matter.

Python 3.7's ssl module won't be compatible with PEP 543. For 3.8 it might be possible to provide a 543 compatible implementation on top of the ssl module.

I will not work on SChannel or SecureTransport, since I have neither expertise, knowledge, interest or resources to work on other implementations. AFAIK Steve would rather plug in Windows' cert validation API into OpenSSL than to provide another TLS implementation. For Apple ... no clue. How about you contact Apple support?

Regards, Christian

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/steve.dower%40python.org

-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20180117/86c0bd10/attachment.html>

• Previous message (by thread): [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
• Next message (by thread): [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list