Message 135164 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	sqs
Recipients	debatem1, jcea, orsenthil, pitrou, sqs
Date	2011-05-04.23:57:20
SpamBayes Score	3.5244582e-08
Marked as misclassified	No
Message-id	<1304553441.72.0.957716968847.issue11943@psf.upfronthosting.co.za>
In-reply-to

Content
I have updated the patch in hg to address the sections marked "TODO" (after I submitted a patch to OpenSSL that they depended on). I'll resubmit a patch here in a ~week addressing that issue and those below, to continue pushing this issue along. pitrou: Thanks for your feedback. > - the OpenSSL functions you are using (SSL_get_srp_username etc.) don't seem documented on openssl.org; this makes it harder to do a proper review Yes...I'll submit some docs to OpenSSL on these functions. > - what is an "SRP vbase"? is it something standardized, or OpenSSL-specific? > - if server-side support needs a callback, I think it would be better to let users write their callback in Python, rather than force a hardwired implementation An SRP "vbase" is OpenSSL's name for the SRP password (verifier) database. I will generalize this interface so that Python callbacks can be provided (in addition to using an OpenSSL verifier database). > - no need to fill Misc/ACKS and Misc/NEWS by yourself, we can take care of that > - ssl.wrap_socket() is the legacy API, I would rather add new features only to the SSLContext API Got it.

I have updated the patch in hg to address the sections marked "TODO" (after I submitted a patch to OpenSSL that they depended on). I'll resubmit a patch here in a ~week addressing that issue and those below, to continue pushing this issue along.

pitrou: Thanks for your feedback.

> - the OpenSSL functions you are using (SSL_get_srp_username etc.) don't seem documented on openssl.org; this makes it harder to do a proper review

Yes...I'll submit some docs to OpenSSL on these functions.

> - what is an "SRP vbase"? is it something standardized, or OpenSSL-specific?
> - if server-side support needs a callback, I think it would be better to let users write their callback in Python, rather than force a hardwired implementation

An SRP "vbase" is OpenSSL's name for the SRP password (verifier) database. I will generalize this interface so that Python callbacks can be provided (in addition to using an OpenSSL verifier database).

> - no need to fill Misc/ACKS and Misc/NEWS by yourself, we can take care of that
> - ssl.wrap_socket() is the legacy API, I would rather add new features only to the SSLContext API

Got it.

History
Date	User	Action	Args
2011-05-04 23:57:21	sqs	set	recipients: + sqs, jcea, orsenthil, pitrou, debatem1
2011-05-04 23:57:21	sqs	set	messageid: <1304553441.72.0.957716968847.issue11943@psf.upfronthosting.co.za>
2011-05-04 23:57:21	sqs	link	issue11943 messages
2011-05-04 23:57:20	sqs	create