Opened 10 years ago
Closed 9 years ago
#4974 enhancement closed fixed (fixed)
Warn if pyOpenSSL <0.10 is used
| Reported by: | Jean-Paul Calderone | Owned by: | Jean-Paul Calderone |
|---|---|---|---|
| Priority: | normal | Milestone: | totally automated release infrastructure |
| Component: | core | Keywords: | |
| Cc: | Branch: |
branches/deprecate-oldtls-4974
branch-diff, diff-cov, branch-cov, buildbot |
|
| Author: | exarkun |
Description
pyOpenSSL introduced memory BIO APIs. These let Twisted do SSL better - faster and with fewer bugs, and with more consistent cross-platform behavior. #4854 switched IReactorSSL implementations to prefer these APIs, but still fall back to the old socket BIO APIs. Still, we should encourage people to move forward. They will get better behavior and we will be able to drop some gross code.
So, if pyOpenSSL 0.10 or newer is not available on a system, we should indicate our preference for a newer version, probably with a UserWarning (unless anyone has a suggestion for something better).
Change History (15)
comment:1 Changed 10 years ago by
comment:2 Changed 10 years ago by
| Milestone: | → Twisted-11.1 |
|---|
comment:3 Changed 10 years ago by
(In [31537]) Merge protocol-ssl-4854-6
Author: exarkun Reviewer: itamar, glyph, thijs Fixes: #4854 Refs: #4974 Refs: #5014 Refs: #4455
Add an implementation of IReactorSSL and ITLSTransport which uses the memory
BIO APIs present in pyOpenSSL 0.10 and newer. This implementation will be preferred
by all reactors if the pyOpenSSL dependency is satisfied, otherwise the old
implementation will still be used.
This appears to have slightly better performance than the old implementation and should avoid bugs like #4455.
comment:5 Changed 9 years ago by
| Author: | → exarkun |
|---|---|
| Branch: | → branches/deprecate-oldtls-4974 |
(In [34341]) Branching to 'deprecate-oldtls-4974'
comment:6 Changed 9 years ago by
| Keywords: | review added |
|---|
Determining the version of a package available in RHEL appears to require a redhat network ID, which seems to cost money, and which I do not have. So RHEL loses out if they're still on an old version of pyOpenSSL, as far as I'm concerned.
comment:8 Changed 9 years ago by
| Keywords: | review removed |
|---|---|
| Owner: | set to Jean-Paul Calderone |
Looks good, please merge.
comment:9 Changed 9 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:10 Changed 9 years ago by
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
comment:12 Changed 9 years ago by
| Keywords: | review added |
|---|---|
| Owner: | Jean-Paul Calderone deleted |
| Status: | reopened → new |
Handled the two other cases that caused test failures:
- OpenSSL is not present at all and
- an old version of OpenSSL is present causing
_oldtlsto have been loaded already
Build results look better now, though the FreeBSD slave is offline at this time.
comment:13 Changed 9 years ago by
| Keywords: | review removed |
|---|---|
| Owner: | set to Jean-Paul Calderone |
Please (re)merge.
comment:14 Changed 9 years ago by
| Milestone: | → regular-releases |
|---|
comment:15 Changed 9 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
(In [34370]) Merge deprecate-oldtls-4974 (again)
Author: exarkun Reviewer: itamar Fixes: #4974
Deprecate support for pyOpenSSL versions older than 0.10, which lack support for in-memory operation.
Re-merge fixes shortcomings of the first attempt, which led to test failures when OpenSSL was not installed or when the installed version of OpenSSL was older than 0.10.
See #5014 for what comes after this.