New submission from Nathaniel Smith <n...@pobox.com>: Suppose you're writing a library that allows users to make or accept SSL/TLS connections. You use the 'ssl' module, because that's convenient. You need to let your users configure your SSL/TLS connections, and there really isn't any generic abstract way to do that -- SSL/TLS configuration is pretty complicated -- so you let your users set up an ssl.SSLContext and pass it into your API.
Later, you hit a limit in the ssl module and want to switch to PyOpenSSL, or perhaps eventually PEP 543. No problem: just switch what you're doing internally, and use some shim code to take the ssl.SSLContext objects that your users are passing in, and convert that to whatever your new library wants. Except... ssl.SSLContext objects are almost entirely opaque. You can't read off the ciphers, or the ALPN protocols, or the servername_callback... so you're sunk. Once you expose ssl.SSLContext in your public API, you're stuck using the ssl module forever. It would be nice if ssl.SSLContext provided getters that let you read off all the different configuration it holds. ---------- assignee: christian.heimes components: SSL messages: 308533 nosy: alex, christian.heimes, dstufft, janssen, njs priority: normal severity: normal status: open title: Add getters for all SSLContext internal configuration _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32359> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
