> That's somewhat limiting - you should be able to do connection > upgrades (e.g. SMTP STARTTLS, or HTTP Connection: Upgrade); with > that design, such usages would not be possible, no?
Yes, you're right. Of course, STARTTLS is properly regarded as a terrible hack :-). The actual functionality exported from _ssl.c is still the "ssl" wrapper, but with more arguments to control its behavior. So to do STARTTLS, server-side, you'd do something like mooring = socket.socket() mooring.bind() mooring.listen() [... connection request comes in ...] fd = mooring.accept() # normal socket [... read request for TLS upgrade over socket ...] sslobj = socket.ssl(fd, ..., server=True) fd = socket.SSLSocket(..., ssl_protocol=PROTOCOL_TLSv1, _sock=fd, _sslobj=sslobj) and continue on with normal use of the socket. Do you see an easier way to do it? Bill _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
