On 07/17/2013 12:05 PM, Alan Kennedy wrote:
> So does anyone have a plan for supporting the built-in python 2.7 SSL APIs or not?

I have the beginnings of an implementation of the SSL module on my disk.

But it's not going to be ready soon. Certainly not within a month.

But if you're a security researcher, I think you should be using native java crypto support anyway, like BouncyCastle, etc, which is far superior to anything on offer in the python world.
We would like to take an Open ID Connect implementation (pyoidc) that is under development and use that since there is no really useful Java version available. This would also simplify our python support. As such, we have to deal with dependency issues in this library and that means SSL must work for requests. I am writing a wrapper to partially replace M2Crypto and yes I will back it with java crypto and BC classes.

Lastly, you mention that you're using requests. Have you tried it with jython 2.5? It should work, or be very close to working, since jython's 2.5 client side SSL support is complete.

Pyoidc is written for 2.7 and is not, therefore installable under 2.5.

Thanks for your reply! I'm thrilled with any suggestions I get.