Home Original page

[Python-Dev] Backport ssl.MemoryBIO on Python 2.7?

Victor Stinner victor.stinner at gmail.com
Wed May 24 00:09:31 EDT 2017 
Le 23 mai 2017 20:43, "David Wilson" <dw+python-dev at hmmz.org> a écrit :
In which case, what is to prevent Requests from just depending on

pyOpenSSL as usual?


>From what I heard, pyOpenSSL development is slowing down, so I'm not sure
that it's really safe and future-proof (TLS 1.3 anyone?).

I'm still writing 2.7 code every day and would love to see it live a
little longer, but accepting every feature request seems the wrong way
to go - and MemoryBIO is a hard sell as a security enhancement, it's new
functionality.


You are true that they are new features. I disagree on the "accepting every
feature" part: we are talking about two classes and it's restricted to
security. Security matters for me and for practical reasons explained in
thid thread, we need the two classes.

Cory's PEP adds long awaited features (bugfixes?) to TLS, like getting
access to root certificates on macOS and Windows. Not having to provide our
own set of root certificates would make applications hlobally more secure.
It's ttricky to update certificates. It happens that root CA are revoked
after aa break-in or because the CA is no more trusted.

I also understood that getting access to system CA allows admins to
register their company CA and so avoid that users ignore the TLS warning
(unknown CA).

Victor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170523/c5d47efb/attachment.html>
More information about the Python-Dev mailing list