Message 356683 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Lukas.Vacek
Recipients	Lukas.Vacek, christian.heimes
Date	2019-11-15.15:41:47
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1573832508.14.0.96970637269.issue38794@roundup.psfhosted.org>
In-reply-to

Content
In ideal world OpenSSL would provide stable ABI just like the other libraries Python depends on. That would be, unarguably, the best way to achieve that goal. Agreed. Aferall frequent OpenSSL ABI breakages are the reason why apple switched to their own cryptography ABI (https://developer.apple.com/library/archive/documentation/Security/Conceptual/cryptoservices/SecureNetworkCommunicationAPIs/SecureNetworkCommunicationAPIs.html): """ Although OpenSSL is commonly used in the open source community, it doesn’t provide a stable API from version to version. For this reason, the programmatic interface to OpenSSL is deprecated in macOS and is not provided in iOS. Use of the Apple-provided OpenSSL libraries by apps is strongly discouraged. To ensure compatibility, if your app depends on OpenSSL, you should compile it yourself and statically link a known version of OpenSSL into your app. Such use works on both iOS and macOS. """ However, OpenSSL does not provide stable ABI and Python should deal with that as nicely as possible. If you can think of a better real world solution than static linking OpenSSL please share and let's do it!

In ideal world OpenSSL would provide stable ABI just like the other libraries Python depends on. That would be, unarguably, the best way to achieve that goal. Agreed.

Aferall frequent OpenSSL ABI breakages are the reason why apple switched to their own cryptography ABI (https://developer.apple.com/library/archive/documentation/Security/Conceptual/cryptoservices/SecureNetworkCommunicationAPIs/SecureNetworkCommunicationAPIs.html):

"""
Although OpenSSL is commonly used in the open source community, it doesn’t provide a stable API from version to version. For this reason, the programmatic interface to OpenSSL is deprecated in macOS and is not provided in iOS. Use of the Apple-provided OpenSSL libraries by apps is strongly discouraged.

To ensure compatibility, if your app depends on OpenSSL, you should compile it yourself and statically link a known version of OpenSSL into your app. Such use works on both iOS and macOS.
"""

However, OpenSSL does not provide stable ABI and Python should deal with that as nicely as possible. If you can think of a better real world solution than static linking OpenSSL please share and let's do it!

History
Date	User	Action	Args
2019-11-15 15:41:48	Lukas.Vacek	set	recipients: + Lukas.Vacek, christian.heimes
2019-11-15 15:41:48	Lukas.Vacek	set	messageid: <1573832508.14.0.96970637269.issue38794@roundup.psfhosted.org>
2019-11-15 15:41:48	Lukas.Vacek	link	issue38794 messages
2019-11-15 15:41:47	Lukas.Vacek	create