iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 466: cover OpenSSL compatibility

This commit is contained in:
Nick Coghlan 2014-03-24 23:15:06 +10:00
parent 7d72c4cea2
commit a0068e1e6a
1 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
pep-0466.txt
View File

@ -150,6 +150,30 @@ that make the secure networking infrastructure worthy of special
consideration.
OpenSSL compatibility
---------------------
Under this policy, OpenSSL may be upgraded to more recent feature releases
in Python 2.7 maintenance releases. On Linux and most other POSIX systems,
the specific version of OpenSSL used already varies, as Python dynamically
links to the system provided OpenSSL library by default.
For the Windows binary installers, the ``_ssl`` and ``_hashlib`` modules are
statically linked with OpenSSL and the associated symbols are not exported.
Marc-Andre Lemburg indicates that updating to newer OpenSSL releases in the
``egenix-pyopenssl`` binaries has not resulted in any reported compatibility
issues [3]_
The Mac OS X binary installers historically followed the same policy as
other POSIX installations and dynamically linked to the Apple provided
OpenSSL libraries. However, Apple has now ceased updating these
cross-platform libraries, instead requiring that even cross-platform
developers adopt Mac OS X specific interfaces to access up to date security
infrastructure on their platform. Accordingly, and independently of this
PEP, the Mac OS X binary installers were already going to be switched to
statically linker newer versions of OpenSSL [4]_
Other Considerations
====================
@ -488,12 +512,9 @@ of them are unlikely to do.
Open Questions
==============
* What are the risks associated with allowing OpenSSL to be updated to
new feature versions in the Windows and Mac OS X binary installers for
maintenance releases? Currently we just upgrade to the appropriate
OpenSSL maintenance releases, rather than switching to the latest
feature release. In particular, is it possible Windows C extensions may
be linking against the Python provided OpenSSL module?
* I believe I've addressed all the technical and scope questions I had, or
others raised. That just leaves the question of "If we agree to this plan,
who is actually going to handle all the extra work involved?" :)
Disclosure of Interest
@ -528,6 +549,8 @@ References
.. [1] https://mail.python.org/pipermail/python-dev/2014-March/133334.html
.. [2] https://mail.python.org/pipermail/python-dev/2014-March/133389.html
.. [3] https://mail.python.org/pipermail/python-dev/2014-March/133438.html
.. [4] https://mail.python.org/pipermail/python-dev/2014-March/133347.html
Copyright