Our future with OpenSSL

Ah, well, that’s the thing:

2020-06-25: With contemporary agreement with one author, and past agreement with another, this PEP is withdrawn due to changes in the APIs of the underlying operating systems.

IIRC what this is referring to is macOS dropping support for wrapping sockets in the platform TLS support. Secure Transport is flexible enough to implement PEP 543, but Apple deprecated it. The new, supported TLS implementation is part of the Network framework, which is an entire new networking API that you have to buy into wholesale – you can’t use the BSD socket API and macOS platform TLS together.

Asyncio’s TLS support also requires use of some lower-level APIs that I’m not sure are available on Windows. (In particular, it wants both “sans IO” TLS where it controls the underlying network transport, and on Windows certificate validation can block, so if using the platform validator it needs to be able to push that off into a thread.)

I can definitely see the appeal of trimming down the stdlib to the point where it only has enough TLS support to run pip, and putting everything else on PyPI. But that’s a long way off. A more achievable goal would be to spin out ssl (and asyncio and everything else that depends on it) into third-party packages that ship with CPython, but can be upgraded from PyPI.

3 Likes