| Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 1 | RATIONALE |
| 2 | |
| 3 | The reason this module exists at all is that the SSL support in the socket |
| 4 | module in the Python 2.1 distribution (which is what we used, of course I |
| 5 | cannot speak for later versions) is severely limited. |
| 6 | |
| 7 | <FIXME> Update this list whenever needed! The communications module isn't |
| 8 | written yet, so we don't know exactly how this'll work! </FIXME> |
| 9 | This is a list of things we need from an OpenSSL module: |
| 10 | + Context objects (in OpenSSL called SSL_CTX) that can be manipulated from |
| 11 | Python modules. They must support a number of operations: |
| 12 | - Loading certificates from file and memory, both the client |
| 13 | certificate and the certificates used for the verification chain. |
| 14 | - Loading private keys from file and memory. |
| 15 | - Setting the verification mode (basically VERIFY_NONE and |
| 16 | VERIFY_PEER). |
| 17 | - Callbacks mechanism for prompting for pass phrases and verifying |
| 18 | certificates. The callbacks have to work under a multi-threaded |
| 19 | environment (see the comment in ssl/context.c). Of course the |
| 20 | callbacks will have to be written in Python! |
| 21 | + The Connection objects (in OpenSSL called SSL) have to support a few |
| 22 | things: |
| 23 | - Renegotiation, this is really important, especially for connections |
| 24 | that are up and running for a long time, since renegotiation |
| 25 | generates new encryption keys. |
| 26 | - Server-side SSL must work! As far as I know this doesn't work in |
| 27 | the SSL support of the socket module as of Python 2.1. |
| 28 | - Wrapping the methods of the underlying transport object is nice, so |
| 29 | you don't have to keep track of more than one object per connection. |
| 30 | This could of course be done a lot better than the way it works now, |
| 31 | so more transport layers than sockets are possible! |
| 32 | + A well-organized error system that mimics OpenSSL's error system is |
| 33 | desireable. Specifically there has to be a way to find out wether the |
| 34 | operation was successful, or if it failed, why it failed, so some sort |
| 35 | of interface to OpenSSL's error queue mechanism is needed. |
| 36 | + Certificate objects (X509) and certificate name objects (X509_NAME) are |
| 37 | needed, especially for verification purposes. Certificates will |
| 38 | probably also be generated by the server which is another reason for |
| 39 | them to exist. The same thing goes for key objects (EVP_PKEY) |
| 40 | + Since this is an OpenSSL module, there has to be an interface to the |
| 41 | OpenSSL PRNG, so it can be seeded in a good way. |
| 42 | |
| 43 | When asking about SSL on the comp.lang.python newsgroup (or on |
| 44 | python-list@python.org) people usually pointed you to the M2Crypto package. |
| 45 | The M2Crypto.SSL module does implement a lot of OpenSSL's functionality but |
| 46 | unfortunately its error handling system does not seem to be finished, |
| 47 | especially for non-blocking I/O. I think that much of the reason for this |
| 48 | is that M2Crypto is developed using SWIG. This makes it awkward to create |
| 49 | functions that e.g. can return both an integer and NULL since (as far as I |
| 50 | know) you basically write C functions and SWIG makes wrapper functions that |
| 51 | parses the Python argument list and calls your C function, and finally |
| 52 | transforms your return value to a Python object. |
| 53 | |
| 54 | Finally, a good book on the topic of SSL (that I read and learned a lot |
| 55 | from) is "SSL and TLS - Designing and Building Secure Systems" (ISBN |
| 56 | 0201615983) by Eric Rescorla. A good mailinglist to subscribe to is the |
| 57 | openssl-users@openssl.org list. |
| 58 | |
| 59 | This comment was written July 2001, discussing Python 2.1. Feel free to |
| 60 | modify it as the SSL support in the socket module changes. |
| 61 | |