This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author njs
Recipients alex, christian.heimes, dstufft, janssen, njs
Date 2017-12-18.09:41:45
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1513590105.76.0.213398074469.issue32359@psf.upfronthosting.co.za>
In-reply-to
Content 
Suppose you're writing a library that allows users to make or accept SSL/TLS connections. You use the 'ssl' module, because that's convenient. You need to let your users configure your SSL/TLS connections, and there really isn't any generic abstract way to do that -- SSL/TLS configuration is pretty complicated -- so you let your users set up an ssl.SSLContext and pass it into your API.

Later, you hit a limit in the ssl module and want to switch to PyOpenSSL, or perhaps eventually PEP 543. No problem: just switch what you're doing internally, and use some shim code to take the ssl.SSLContext objects that your users are passing in, and convert that to whatever your new library wants.

Except... ssl.SSLContext objects are almost entirely opaque. You can't read off the ciphers, or the ALPN protocols, or the servername_callback... so you're sunk. Once you expose ssl.SSLContext in your public API, you're stuck using the ssl module forever.

It would be nice if ssl.SSLContext provided getters that let you read off all the different configuration it holds.
History
Date User Action Args
2017-12-18 09:41:45njssetrecipients: + njs, janssen, christian.heimes, alex, dstufft
2017-12-18 09:41:45njssetmessageid: <1513590105.76.0.213398074469.issue32359@psf.upfronthosting.co.za>
2017-12-18 09:41:45njslinkissue32359 messages
2017-12-18 09:41:45njscreate