Grant Edwards <grant.b.edwa...@gmail.com>: > On 2018-01-20, Marko Rauhamaa <ma...@pacujo.net> wrote: >> OpenSSL isn't the easiest beast to deal with, but I have been able to >> abstract it (in C) so it behaves very close to TCP. The one blemish >> is in the fact that the TLS protocol does not support a half-duplex >> connection. Shame. >> >> The WANT_READ/WANT_WRITE silliness should be abstracted out of the >> non-blocking TLS library so the application doesn't need to know >> anything about it. > > I won't argue with that. I think that non-blocking ssl-wrapped > sockets _should_ have the same select/poll/send/recv API/semantics > that normal sockets do. I thought about writing my own > wrapped-ssl-socket class that does that, but using stunnel was just so > much easier. If you _did_ want to wrap sockets like that, I think > you'd need to actually run a thread to deal with the SSL socket and > provide a "proxy" socket or pipe for use with select/poll. > > Basically you'd be doing what stunnel does only doing it in-process.
Stunnel is fine for many applications but not for our needs. Also, a subsidiary thread is not necessary. Everything can be done within an async framework (in C anyway). Marko -- https://mail.python.org/mailman/listinfo/python-list
