On 2018-01-20, Marko Rauhamaa <ma...@pacujo.net> wrote: > Grant Edwards <grant.b.edwa...@gmail.com>: > >> Asyncore seems to be based on fundamental assumptions that aren't true >> for non-blocking ssl sockets. > > Pot calling kettle black. > > OpenSSL isn't the easiest beast to deal with, but I have been able to > abstract it (in C) so it behaves very close to TCP. The one blemish is > in the fact that the TLS protocol does not support a half-duplex > connection. Shame. > > The WANT_READ/WANT_WRITE silliness should be abstracted out of the > non-blocking TLS library so the application doesn't need to know > anything about it.
I won't argue with that. I think that non-blocking ssl-wrapped sockets _should_ have the same select/poll/send/recv API/semantics that normal sockets do. I thought about writing my own wrapped-ssl-socket class that does that, but using stunnel was just so much easier. If you _did_ want to wrap sockets like that, I think you'd need to actually run a thread to deal with the SSL socket and provide a "proxy" socket or pipe for use with select/poll. Basically you'd be doing what stunnel does only doing it in-process. -- Grant -- https://mail.python.org/mailman/listinfo/python-list
