Opened 10 years ago
Closed 9 years ago
#4974 enhancement closed fixed (fixed)
Warn if pyOpenSSL <0.10 is used
Reported by: | Jean-Paul Calderone | Owned by: | Jean-Paul Calderone |
---|---|---|---|
Priority: | normal | Milestone: | totally automated release infrastructure |
Component: | core | Keywords: | |
Cc: | Branch: |
branches/deprecate-oldtls-4974
branch-diff, diff-cov, branch-cov, buildbot |
|
Author: | exarkun |
Description
pyOpenSSL introduced memory BIO APIs. These let Twisted do SSL better - faster and with fewer bugs, and with more consistent cross-platform behavior. #4854 switched IReactorSSL
implementations to prefer these APIs, but still fall back to the old socket BIO APIs. Still, we should encourage people to move forward. They will get better behavior and we will be able to drop some gross code.
So, if pyOpenSSL 0.10 or newer is not available on a system, we should indicate our preference for a newer version, probably with a UserWarning
(unless anyone has a suggestion for something better).
Change History (15)
comment:1 Changed 10 years ago by
comment:2 Changed 10 years ago by
Milestone: | → Twisted-11.1 |
---|
comment:3 Changed 10 years ago by
(In [31537]) Merge protocol-ssl-4854-6
Author: exarkun Reviewer: itamar, glyph, thijs Fixes: #4854 Refs: #4974 Refs: #5014 Refs: #4455
Add an implementation of IReactorSSL
and ITLSTransport
which uses the memory
BIO APIs present in pyOpenSSL 0.10 and newer. This implementation will be preferred
by all reactors if the pyOpenSSL dependency is satisfied, otherwise the old
implementation will still be used.
This appears to have slightly better performance than the old implementation and should avoid bugs like #4455.
comment:5 Changed 9 years ago by
Author: | → exarkun |
---|---|
Branch: | → branches/deprecate-oldtls-4974 |
(In [34341]) Branching to 'deprecate-oldtls-4974'
comment:6 Changed 9 years ago by
Keywords: | review added |
---|
Determining the version of a package available in RHEL appears to require a redhat network ID, which seems to cost money, and which I do not have. So RHEL loses out if they're still on an old version of pyOpenSSL, as far as I'm concerned.
comment:8 Changed 9 years ago by
Keywords: | review removed |
---|---|
Owner: | set to Jean-Paul Calderone |
Looks good, please merge.
comment:9 Changed 9 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:10 Changed 9 years ago by
Resolution: | fixed |
---|---|
Status: | closed → reopened |
comment:12 Changed 9 years ago by
Keywords: | review added |
---|---|
Owner: | Jean-Paul Calderone deleted |
Status: | reopened → new |
Handled the two other cases that caused test failures:
- OpenSSL is not present at all and
- an old version of OpenSSL is present causing
_oldtls
to have been loaded already
Build results look better now, though the FreeBSD slave is offline at this time.
comment:13 Changed 9 years ago by
Keywords: | review removed |
---|---|
Owner: | set to Jean-Paul Calderone |
Please (re)merge.
comment:14 Changed 9 years ago by
Milestone: | → regular-releases |
---|
comment:15 Changed 9 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
(In [34370]) Merge deprecate-oldtls-4974 (again)
Author: exarkun Reviewer: itamar Fixes: #4974
Deprecate support for pyOpenSSL versions older than 0.10, which lack support for in-memory operation.
Re-merge fixes shortcomings of the first attempt, which led to test failures when OpenSSL was not installed or when the installed version of OpenSSL was older than 0.10.
See #5014 for what comes after this.