➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2019-10-30 20:39 by Daniel Johnson, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Messages (4) | |||
|---|---|---|---|
| msg355733 - (view) | Author: Daniel Johnson (Daniel Johnson) | Date: 2019-10-30 20:39 | |
WolfSSL is an SSL library targeted at embedded development that focuses on size and speed. It's also FIPS certified which is is important for anyone working with federal agencies. WolfSSL website: https://www.wolfssl.com/ WolfSSL github: https://github.com/wolfSSL/wolfssl I have two ideas currently on how Python could support WolfSSL: 1.) Shim WolfSSL's OpenSSL compatibility layer in. They don't provide a complete shim for OpenSSL and I'm not sure if they provide all the symbols Python would care about. 2.) Provide an optional configuration to use WolfSSL and it's API instead of OpenSSL. Would either options be something the Python maintainers would be interested in? I'm testing the waters to see if this is something anyone is interested in. Thank you for the time! |
|||
| msg355761 - (view) | Author: Brett Cannon (brett.cannon) *  |
Date: 2019-10-31 17:10 | |
My guess is we won't want to take code specific to WolfSSL due to maintenance overhead of trying to support another SSL library. There has been talk about trying to move away from our OpenSSL dependency and switch to using the OS's native secure sockets library which may make this easier to handle for third-parties. But I'm personally going to leave it up to Christian to comment in case I got something wrong. |
|||
| msg356658 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2019-11-15 08:59 | |
Brett is correct. We don't have the capacity to develop, maintain, and test with another TLS library. I'm basically the only person that maintains the ssl module at the moment. I might be inclined to accept patches that improves compatibility with WolfSSL's OpenSSL compatibility layer -- if and only if the patches are minimal and don't make the code harder to read or maintain. |
|||
| msg357186 - (view) | Author: Daniel Johnson (Daniel Johnson) | Date: 2019-11-21 17:39 | |
Thank you for the replied. I understand completely and I don't think it would be simple patches to try and use the compatibility layer. I have discovered that the WolfSSL compatibility layer doesn't support the full OpenSSL API. However, I have found that I can build Python without OpenSSL and then use the Python API that WolfSSL provides and that gets us 90% of the way there. I have decided to pursue that instead of trying to add WolfSSL support directly into Python. I'm going to close this issue for now. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:22 | admin | set | github: 82832 |
| 2019-11-21 17:39:45 | Daniel Johnson | set | status: open -> closed resolution: rejected messages: + msg357186 stage: resolved |
| 2019-11-15 08:59:04 | christian.heimes | set | assignee: christian.heimes -> type: enhancement messages: + msg356658 versions: - Python 3.5, Python 3.6, Python 3.7, Python 3.8 |
| 2019-10-31 17:10:22 | brett.cannon | set | nosy:
+ brett.cannon messages: + msg355761 |
| 2019-10-30 20:39:55 | Daniel Johnson | create | |