Opened at 2007-04-27T04:47:31Z
Last modified at 2008-10-31T15:33:21Z
#11 closed defect
I don't like pyopenssl — at Version 2
| Reported by: | zooko | Owned by: | nobody |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | code | Version: | 0.6.1 |
| Keywords: | Cc: | heikki | |
| Launchpad Bug: |
Description (last modified by zooko)
There is no known way (to me) way to get pyopenssl running on Windows without finding a binary that somebody has uploaded somewhere (i.e., not an actual supported package on an official project's web site or anything). For example, right now the best way for our Windows users to get pyOpenSSL is to get this binary:
http://allmydata.org/source/pyOpenSSL-0.6.win32-py2.5
Which I copied from webcleaner.sf.net.
I wouldn't know how to rebuild this if we needed to, for example if someone discovered a critical security hole in it.
Also, pyopenssl's web site hasn't been updated since 2004.
Also, it apparently uses lots of memory for secure connections, although Brian might want to add more accurate and precise notes about that issue.
All in all, I would be really happy to find a well maintained, easy to compile alternative.
Change History (2)
comment:1 Changed at 2007-04-28T19:18:23Z by warner
- Component changed from component1 to unknown
- Owner changed from somebody to nobody
comment:2 Changed at 2007-04-29T16:30:14Z by zooko
- Description modified (diff)
The guy who made the tracdarcs plugin work is K. S. Sreeram. I was idly looking for alternate python crypto modules when I found ncrypt by K. S. Sreeram. Then I saw that ncrypt is sponsored by a p2p company, tachyon.in, which also makes a secure decentralized (?) instant messaging protocol:
It has a very nice straightforward explanation up front:
http://cspace.in/
I was thinking that it might be a nice optional underlay protocol for Foolscap.
Unfortunately it is GPL'ed, so it is a non-starter for Allmydata unless tachyon.in wants to give us a more permissive licence.
But the OpenSSL Python wrappers that they wrote are permissively licensed:
http://tachyon.in/ncrypt/
And it works well on Windows:
http://tachyon.in/pipermail/ncrypt-users/2007-February/000016.html
Here's K. S. Sreeram's page:
http://sreeram.cc/
So all Python crypto libraries that I know of that do TLS and that have compatible licences:
I vaguely remember that Brian Warner investigated tlslite and had trouble with it. I've heard bad things about M2Crypto. I would be interested in trying ncrypt.
By the way, I was reminded while doing this browsing that we need to add "the OpenSSL+GPL exception" to our licence.
http://en.wikipedia.org/wiki/OpenSSL#The_exception