[Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
Antoine Pitrou
solipsis at pitrou.net
Thu May 25 07:24:00 EDT 2017
More information about the Python-Dev mailing list
Thu May 25 07:24:00 EDT 2017
- Previous message (by thread): [Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
- Next message (by thread): [Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 23 May 2017 23:09:31 -0500 Victor Stinner <victor.stinner at gmail.com> wrote: > Le 23 mai 2017 20:43, "David Wilson" <dw+python-dev at hmmz.org> a écrit : > In which case, what is to prevent Requests from just depending on > > pyOpenSSL as usual? > > > From what I heard, pyOpenSSL development is slowing down, so I'm not sure > that it's really safe and future-proof (TLS 1.3 anyone?). So what? Python 2.7 isn't future-proof either... > I'm still writing 2.7 code every day and would love to see it live a > little longer, but accepting every feature request seems the wrong way > to go - and MemoryBIO is a hard sell as a security enhancement, it's new > functionality. Agreed with this. > You are true that they are new features. I disagree on the "accepting every > feature" part: we are talking about two classes and it's restricted to > security. The new TLS API wouldn't significantly improve security. It's just a different API. > I also understood that getting access to system CA allows admins to > register their company CA and so avoid that users ignore the TLS warning > (unknown CA). System admins can add the company CA at the system level in the system's CA cert store, they have no need for a Python API. Actually, they certainly don't want to modify every Python application to add a company CA. Regards Antoine.
- Previous message (by thread): [Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
- Next message (by thread): [Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list