Harry George wrote: > John Nagle <[EMAIL PROTECTED]> writes: > You experience isn't shared by everyone. Some of us find Python the > most functional and portable of the candidates you mention.
The language is fine. It's the bindings to other packages that are the problem. There are three different packages for talking to OpenSSL, and they're all broken in some important way. What's actually needed on the SSL side, I think, is to add bindings to the built-in SSL to export the functionality the M2Crypto C binding module has. Preferably with better attention to reference count problems, and without using SWIG. Then move over the Python portions of M2Crypto. Some problems, all of which are known and logged bugs: - The built in SSL package doesn't actually validate anything, and will happily accept bogus SSL certificates. - The built in SSL package doesn't allow access to most of the fields of an SSL certificate, and the ones you can get are returned in a debug format that's not parseable. - M2Crypto has OpenSSL and SWIG version dependencies beyond what is documented. The latest version of SWIG has a problem which breaks builds with older versions of OpenSSL. - M2Crypto may still have a memory leak associated with contexts. (Check out "close" in "Context".) - M2Crypto doesn't understand SSL certificates which support a list of sites. - M2Crypto and the socket library don't play nice about timeouts. Most of these problems have been known for years. The last person to try to fix this was treated so badly he stopped contributing. Read the bug history for "[1114345] Add SSL certificate validation". It's sad. John Nagle -- http://mail.python.org/mailman/listinfo/python-list