Jeff,

tl;dr - plan to focus on client side SSL sockets first, so as to support pip, requests, and other client libraries.

My expectation is that an example like the following use of ssl.wrap_socket should work:
http://docs.python.org/2/library/ssl.html#client-side-operation

This code snippet, which does *not* work on Jython currently, uses a mode of operation similar to what pip now requires: blocking client sockets, wrapped with SSL. Instead this code snippet fails because of an uninitialized underlying Java socket in Jython's socket module. I'm just trying to get my head around this code, but it seems that the design, so as to support nonblocking sockets, does not expect initializations to be completed; but in this particular case, this is required. So some debugging required.

This bug is almost certainly related to why pip currently fails when it's using SSL, and such client support seems to be the most important target for SSL support. It would also help support requests over SSL. So your use cases should then work. These are also *my* use cases for Jython, so it's important to me to get this to work :)

Digging beyond this set of cases, there's a note by Alan Kennedy on the possibility of other modes of SSL support, such as with server sockets see http://wiki.python.org/jython/NewSocketModule#SSL_Support; note this was written maybe prior to when ssl was added to CPython 2.6. At this point, there's a clear API, just a need to implement it. I'm not certain who would work on this however.

But while client compatibility is important for tools like pip, if I were implementing something high performance in Jython that required SSL server sockets, I would stick with using the underlying Java ecosystem. Maybe use Netty and its SSL support. In particular, a Twisted reactor using that would make more sense, much like other reactors for say libevent.

Hope that helps!

- Jim



On Mon, Jul 15, 2013 at 11:45 AM, Jeff Gaynor <gaynor@illinois.edu> wrote:
I am writing a set of security tools that use  *existing* python projects. This project uses libraries (e.g. requests) that in turn use the built-in SSL and dies when they cannot find it.  I know all about Java and SSL and rewriting the entire requests python module, e.g., is not possible, obviously.

So does anyone have a plan for supporting the built-in python 2.7 SSL APIs or not?

Thanks


On 07/12/2013 04:46 PM, Brandon Pedersen wrote:
What do you mean "There is no SSL support"? SSL sockets should work just fine (although I guess I haven't tested in 2.7, but 2.5 it works)

Also remember that if you do want to just use something like apache commons for sockets that is perfectly fine. Add the jars to the path and import the classes you want to use and you should be set.

But yeah, some extra info on what exactly you are trying to do would be helpful :)

-Brandon


On Fri, Jul 12, 2013 at 2:52 PM, Jeff Gaynor <gaynor@illinois.edu> wrote:
I've hit another snag: There is no SSL support in jython 2.7. Since I do
security work, that is a real show-stopper -- we *only* do SSL/TLS
connections.

Are there plans to enable it? Just even wrapping the apache commons
classes would be fine. I definitely do not want python's badly broken
SSL implementation ported when Java works fine.

Failing that, does anyone have suggestions on how to get around this?

Thanks

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Jython-users mailing list
Jython-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jython-users



------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Jython-users mailing list
Jython-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jython-users