Opened 3 years ago
#7215 task new
Deprecate ContextFactory (and friends)
|Reported by:||Glyph||Owned by:|
twisted.internet.ssl.ContextFactory is a badly-designed implicit interface which nobody should implement themselves. Nobody should have implemented it before either, but after #7098 lands there are actual documented interfaces you can use to live dangerously.
This is also something that should be removed sooner in its deprecation life-cycle than most things.
ContextFactory's insistence that applications should provide their own special verification logic using OpenSSL's minefield of an API is potentially actively harmful to security, so we should get rid of it and force applications written under the old, bad regime to reconsider one of the nice new APIs that have since been added.
It may be good to have a server-side equivalent high-level interface to the client-side one added in #7098 before we pull the trigger on that though.