This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author njs
Recipients christian.heimes, njs, steve.dower
Date 2021-04-21.17:36:59
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1619026619.95.0.321040239273.issue43902@roundup.psfhosted.org>
In-reply-to
Content
Funny, I was actually looking at this a bit last week, because I was trying to figure out if I could trick `ssl` into doing DTLS...

The two big problems I ran into are:

- for DTLS you need to instantiate the SSLContext with PROTOCOL_DTLS, and idk how you create a Python ssl._SSLMethod object for a random pointer.

- You need to somehow find the libssl symbols, and it's not clear how to do that in a safe and portable way.

The second issue seems like the big blocker. Your example does `ctypes.CDLL("libssl.so.1.1")`, but there's no guarantee that this will find the same libssl that the `ssl` module is linked against. (And if you get the wrong one then everything will probably explode.)

And like you say, `ctypes.CDLL(ssl._ssl.__file__)` also works, by taking advantage of how ELF shared libraries tend to reexport all the symbols they import, but... this is an ELF-specific thing. It doesn't work on Windows or macOS.

So to me the first question would be: is it possible to offer a utility function that reliably gives users a handle to the right libssl, on all systems and build configurations? If not then I don't see how this could work.
History
Date User Action Args
2021-04-21 17:36:59njssetrecipients: + njs, christian.heimes, steve.dower
2021-04-21 17:36:59njssetmessageid: <1619026619.95.0.321040239273.issue43902@roundup.psfhosted.org>
2021-04-21 17:36:59njslinkissue43902 messages
2021-04-21 17:36:59njscreate