classification
Title: Rename ssl.Purpose.{CLIENT,SERVER}_AUTH
Type: Stage:
Components: Versions:
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: alex, christian.heimes, dstufft, janssen
Priority: normal Keywords:

Created on 2017-03-14 16:17 by alex, last changed 2017-03-14 16:48 by alex.

Messages (5)
msg289601 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2017-03-14 16:17
The names are super misleading. First, they're written in a way that's the opposite of how people think about these things (CLIENT_AUTH -> server socket; SERVER_AUTH -> client socket). Second, they're misleading, you can have TLS which is *mutually* authenticated. Third, CLIENT_AUTH is very frequently used for a server socket where the client isn't authenticated (at the TLS layer) at all!

A simple fix would be to add: Purpose.{CLIENT,SERVER}_SOCKET and alias the old names to those values.
msg289604 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-03-14 16:38
For 3.7 I'm planning to move to protocols instead of purpose oids (PROTOCOL_TLS_CLIENT, PROTOCOL_TLS_SERVER).
msg289605 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2017-03-14 16:40
Ah, so instead of PROTOCOL_SSLv23 using PROTOCOL_TLS_CLIENT and deprecating the Purpose bits entirely? That sounds good to me!
msg289606 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-03-14 16:48
Yes, I'm planning a PEP to make the SSL module a bit more sane:

1) deprecate all protocols except for PROTOCOL_TLS_CLIENT / PROTOCOL_TLS_SERVER
2) deprecate purpose in favor of PROTOCOL_TLS_*
3) PROTOCOL_TLS_CLIENT defaults to CERT_REQUIRED, match_hostname=True
msg289607 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2017-03-14 16:48
Sounds good to me!
History
Date User Action Args
2017-03-14 16:48:50alexsetmessages: + msg289607
2017-03-14 16:48:30christian.heimessetmessages: + msg289606
2017-03-14 16:40:50alexsetmessages: + msg289605
2017-03-14 16:38:30christian.heimessetmessages: + msg289604
2017-03-14 16:17:55alexsetnosy: + janssen, christian.heimes, dstufft
2017-03-14 16:17:49alexcreate