[CherryPy] #774: Migrate from pyOpenSSL to the ssl module

7 views
Skip to first unread message

CherryPy

unread,
Jan 16, 2008, 4:47:22 PM1/16/08
to cherrypy...@googlegroups.com
#774: Migrate from pyOpenSSL to the ssl module
---------------------------+------------------------------------------------
Reporter: lawouach | Owner: lawouach
Type: task | Status: new
Priority: normal | Milestone: 3.2
Component: CherryPy code | Keywords: ssl
---------------------------+------------------------------------------------
The pyOpenSSL has not been updated since 2004 and may be the cause of the
bug in #589. Migrate to the new ssl module that will be built-in in Python
2.- and available via PyPi.

--
Ticket URL: <http://www.cherrypy.org/ticket/774>
CherryPy <http://www.cherrypy.org>
CherryPy - a pythonic, object-oriented HTTP framework

CherryPy

unread,
Feb 25, 2008, 12:36:07 PM2/25/08
to cherrypy...@googlegroups.com
#774: Migrate from pyOpenSSL to the ssl module
---------------------------+------------------------------------------------
Reporter: lawouach | Owner: lawouach
Type: task | Status: new
Priority: normal | Milestone: 3.2
Component: CherryPy code | Resolution:
Keywords: ssl |
---------------------------+------------------------------------------------
Comment (by fumanchu):

Besides the newness of the ssl module and the labor of actually getting it
to work in CP, I'm just waiting for Windows binaries before making the
switch. Assuming those three things happen, I'm all for moving to the ssl
module.

CherryPy

unread,
Apr 10, 2008, 5:20:07 PM4/10/08
to cherrypy...@googlegroups.com
#774: Migrate from pyOpenSSL to the ssl module
---------------------------+------------------------------------------------
Reporter: lawouach | Owner: lawouach
Type: task | Status: new
Priority: normal | Milestone: 3.2
Component: CherryPy code | Resolution:
Keywords: ssl |
---------------------------+------------------------------------------------
Comment (by guest):

It's being updated again.

http://jcalderone.livejournal.com/41131.html

CherryPy

unread,
Jul 6, 2008, 12:28:44 AM7/6/08
to cherrypy...@googlegroups.com
#774: Migrate from pyOpenSSL to the ssl module
------------------------+---------------------------------------------------
Reporter: lawouach | Owner: lawouach
Type: task | Status: new
Priority: normal | Milestone: 3.2
Component: wsgiserver | Resolution:
Keywords: ssl |
------------------------+---------------------------------------------------
Comment (by ni...@nick125.com):

I think that we should use the standard library SSL module rather than
pyOpenSSL, unless there is a very specific reason *not* to. Depending on a
third-party library is a bad idea, especially when a standard library will
work, for two reasons: 1) reducing dependencies; 2) not depending on
libraries with questionable futures (i.e., we don't know when they're
going to be updated). Do I smell a branch?

CherryPy

unread,
Jun 16, 2009, 12:33:54 PM6/16/09
to cherrypy...@googlegroups.com
#774: Migrate from pyOpenSSL to the ssl module
------------------------+---------------------------------------------------
Reporter: lawouach | Owner: fumanchu
Type: task | Status: assigned
Priority: normal | Milestone: 3.2
Component: wsgiserver | Resolution:
Keywords: ssl |
------------------------+---------------------------------------------------
Changes (by fumanchu):

* owner: lawouach => fumanchu
* status: new => assigned

Comment:

Integrated the patch in [2459]. There are a few things left to do,
however:

1. Backport it to trunk. This ''may'' involve supporting both the builtin
ssl module and pyOpenSSL for some time in trunk. The `ssl` module has been
backported to Python 2.3.5 and is available at
http://pypi.python.org/pypi/ssl. Needs tested in Py 2.3, 4, and 5 before
we drop pyOpenSSL.
2. Decide what to do about the lost 'http over https' error message and
broken test.
3. Restore the lost ssl_certificate_chain functionality.
4. Test and/or restore some of the lost ssl_context functionality; for
example, certs which are streams instead of file objects, or need
decryption.
5. Restore the lost SSL_* environ entries.
6. Remove the 'print' in tick() once we've debugged enough.

CherryPy

unread,
Aug 2, 2009, 3:40:46 PM8/2/09
to cherrypy...@googlegroups.com
#774: Migrate from pyOpenSSL to the ssl module
------------------------+---------------------------------------------------
Reporter: lawouach | Owner: fumanchu
Type: task | Status: closed
Priority: normal | Milestone: 3.2
Component: wsgiserver | Resolution: fixed
Keywords: ssl |
------------------------+---------------------------------------------------
Changes (by fumanchu):

* resolution: => fixed
* status: assigned => closed

Comment:

Okay; ssl libs are now pluggable in 3.2 via a new 'server.ssl_module'
attribute. This defaults to 'pyopenssl' in trunk and 'builtin' in python3.
Implemented in [2471] (trunk) and [2473] (python3) and a couple changesets
immediately thereafter.

Fixed the broken 'http over https' error message in [2474].

It would still be good to pursue the ssl_certificate_chain functionality,
plus some of the ssl_context functionality (for example, certs which are
streams instead of file objects, or need decryption) which pyopenssl
provided, in the builtin ssl module. We still are also missing some SSL_*
environ entries when using the builtin ssl.
Reply all
Reply to author
Forward
0 new messages