OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] PEP 543-conform TLS library


Hello Python Dev,


I posted the following to python-ideas but here may be
a more suitable place.  I apologize if cross posting
bothers anyone.


I have implemented an (I believe) PEP 543-conform TLS library
and released TLS support in the latest version yesterday:

https://github.com/Synss/python-mbedtls/tree/0.13.0
https://pypi.org/project/python-mbedtls/0.13.0/


As far as I know, I am the first one to follow PEP 543.  So one
point is that the API works.  However, I have a couple of
questions regarding the PEP:

- I do not know what to do in `TLSWrappedBuffer.do_handshake()`.
 The full TLS handshake requires writing to the server, reading
 back, etc., (ClientHello, ServerHello, KeyExchange, etc.),
 which cannot be accomplished in a single buffer.

 For now, I am doing the handshake in
 `TLSWrappedSocket.do_handshake()`: I set the BIO to using the
 socket directly, then perform the handshake on the socket thus
 entirely bypassing the TLSWrappedBuffer.  Once this is done, I
 swap the BIO to using the buffer and go on encrypting and
 decrypting from the buffer.  That is, the encrypted
 communication is buffered.

- The PEP sometimes mentions an "input buffer" and an "output
 buffer", and some other times just "the buffer".  I believe
 that both implementations are possible.  That is, with two
 different buffers for input and output, or a single one.

 I have implemented it with a single circular buffer (that is a
 stream after all).  What the PEP is expecting is nonetheless
 not clear to me.


So, can anybody clarify these two points from the PEP?


Or should I just address Cory Benfield (who does not seem very
active anymore lately) and Christian Heimes directly?


Cheers,
Mathias