Opened 2 years ago

#7215 task new

Deprecate ContextFactory (and friends)

Reported by: glyph Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: Branch:
Author:

Description

twisted.internet.ssl.ContextFactory is a badly-designed implicit interface which nobody should implement themselves. Nobody should have implemented it before either, but after #7098 lands there are actual documented interfaces you can use to live dangerously.

This is also something that should be removed sooner in its deprecation life-cycle than most things. ContextFactory's insistence that applications should provide their own special verification logic using OpenSSL's minefield of an API is potentially actively harmful to security, so we should get rid of it and force applications written under the old, bad regime to reconsider one of the nice new APIs that have since been added.

It may be good to have a server-side equivalent high-level interface to the client-side one added in #7098 before we pull the trigger on that though.

Change History (0)

Note: See TracTickets for help on using tickets.