Re: [Python-Dev] LibreSSL support

2018-01-20 Thread Christian Heimes
On 2018-01-19 15:42, Christian Heimes wrote: > On 2018-01-19 10:43, Steve Holden wrote: >> On Fri, Jan 19, 2018 at 12:09 AM, Nathaniel Smith > > wrote: >> >> On Jan 18, 2018 07:34, "Christian Heimes" > > wrote: >> >> On 2018-01-16

Re: [Python-Dev] LibreSSL support

2018-01-19 Thread Christian Heimes
On 2018-01-19 10:43, Steve Holden wrote: > On Fri, Jan 19, 2018 at 12:09 AM, Nathaniel Smith > wrote: > > On Jan 18, 2018 07:34, "Christian Heimes" > wrote: > > On 2018-01-16 21:17, Christian Heimes wrote: > > FYI, mast

Re: [Python-Dev] LibreSSL support

2018-01-19 Thread Steve Holden
On Fri, Jan 19, 2018 at 12:09 AM, Nathaniel Smith wrote: > On Jan 18, 2018 07:34, "Christian Heimes" wrote: > > On 2018-01-16 21:17, Christian Heimes wrote: > > FYI, master on Travis CI now builds and uses OpenSSL 1.1.0g [1]. I have > > created a daily cronjob to populate Travis' cache with Open

Re: [Python-Dev] LibreSSL support

2018-01-18 Thread Nathaniel Smith
On Jan 18, 2018 07:34, "Christian Heimes" wrote: On 2018-01-16 21:17, Christian Heimes wrote: > FYI, master on Travis CI now builds and uses OpenSSL 1.1.0g [1]. I have > created a daily cronjob to populate Travis' cache with OpenSSL builds. > Until the cache is filled, Linux CI will take an extra

Re: [Python-Dev] LibreSSL support

2018-01-18 Thread Christian Heimes
On 2018-01-18 21:49, Chris Jerdonek wrote: > > On Thu, Jan 18, 2018 at 7:34 AM Christian Heimes > wrote: > > On 2018-01-16 21:17, Christian Heimes wrote: > We have two options until LibreSSL has addressed the issue: > > 1) Make the SSL module more secure

Re: [Python-Dev] LibreSSL support

2018-01-18 Thread Chris Jerdonek
On Thu, Jan 18, 2018 at 7:34 AM Christian Heimes wrote: > On 2018-01-16 21:17, Christian Heimes wrote: > We have two options until LibreSSL has addressed the issue: > > 1) Make the SSL module more secure, simpler and standard conform > 2) Support LibreSSL > > I started a vote on Twitter [4]. So f

Re: [Python-Dev] LibreSSL support

2018-01-18 Thread Christian Heimes
On 2018-01-18 20:54, Wes Turner wrote: > LibreSSL is not a pressing need for me; but fallback to the existing > insecure check if LibreSSL is present shouldn't be too difficult? Please give it a try and report back. Patches welcome :) Christian ___ Pyt

Re: [Python-Dev] LibreSSL support

2018-01-18 Thread Wes Turner
LibreSSL is not a pressing need for me; but fallback to the existing insecure check if LibreSSL is present shouldn't be too difficult? On Thursday, January 18, 2018, Christian Heimes wrote: > On 2018-01-18 19:42, Wes Turner wrote: > > Is there a build flag or a ./configure-time autodetection tha

Re: [Python-Dev] LibreSSL support

2018-01-18 Thread Christian Heimes
On 2018-01-18 19:42, Wes Turner wrote: > Is there a build flag or a ./configure-time autodetection that would > allow for supporting LibreSSL while they port X509_VERIFY_PARAM_set1_host? X509_VERIFY_PARAM_set1_host() is a fundamental and essential piece in the new hostname verification code. I can

Re: [Python-Dev] LibreSSL support

2018-01-18 Thread Wes Turner
Is there a build flag or a ./configure-time autodetection that would allow for supporting LibreSSL while they port X509_VERIFY_PARAM_set1_host? On Thursday, January 18, 2018, Christian Heimes wrote: > On 2018-01-16 21:17, Christian Heimes wrote: > > FYI, master on Travis CI now builds and uses O

[Python-Dev] LibreSSL support

2018-01-18 Thread Christian Heimes
On 2018-01-16 21:17, Christian Heimes wrote: > FYI, master on Travis CI now builds and uses OpenSSL 1.1.0g [1]. I have > created a daily cronjob to populate Travis' cache with OpenSSL builds. > Until the cache is filled, Linux CI will take an extra 5 minute. I have messed up my initial research. :