Replace the C-based OpenSSL bindings in pyOpenSSL with cffi-based bindings
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pyOpenSSL |
New
|
Undecided
|
Unassigned |
Bug Description
There is a relatively new project available for using C APIs from Python, cffi: http://
The project seems well developed and is informed by a number of previous attempts which did not meet with fabulous success (ctypes as well as perhaps half a dozen PyPy-internal attempts).
cffi has many very desirable attributes, including but not limited to:
* It is compatible with PyPy
* It allows development against the C API *or* the C ABI (important because much of the OpenSSL API does not exist as a coherent ABI)
* It supports binary distributions so OpenSSL development files (ie header files) are not required at runtime
Using an FFI library instead of writing C also has several desirable attributes, including but not limited to:
* C is simply harder to write. It is more verbose, it has a very low-level, minimally functional standard library. Python APIs are not easily usable in C.
* Python code is more easily understood by most Python programmers. Some understanding of C is still required to make sense of and maintain cffi-based bindings, but this is less than is currently necessary.
* The Python objects created by writing Python are more "normal" objects - for example, they are automatically introspectable, whereas Python objects created using the Python/C API have to have introspection implemented for them explicitly.
As much of the C code in pyOpenSSL as possible - ideally all of it - should be removed and cffi-using Python code should replace it.
This will introduce conflicts with every single outstanding pyOpenSSL branch, which is unfortunate. However, I am not overly concerned by that since I think that all of these branches will be *more* easily completed after this change, even though that will require re-implementing their changes in Python using cffi, due to the inherent ease involved in writing that Python code as compared to completing those features in C instead.
The linked branch implements most of the proposed change. It introduces a dependency on https:/ /github. com/exarkun/ opentls where all of the actual cffi-using code is currently located.