Preface

In a previous hackweek project (https://github.com/SUSE/hackweek/wiki/osc3%3A-port-osc-to-Python3) I have converted osc code to Python3. This has triggered quite some weirdness regarding plugins, but osc is usable from python3. Or it was, not sure if more recent changes did not break the compatibility.

The task

But usable means, you can run osc if you don't need to bother with ssl. Which you need to, so osc3 is barely usable in a real world. osc interfaces with openssl through M2Crypto, which lacks python3 version. At the same time, python3 got much better support for ssl. So task would be to evaluate the most easy way to switch osc's ssl to python3.

Validation

There were three possible ways I have had analyzed.

  1. Use python.ssl module, which would be the most viable approach.
  2. Check the existence of much better module
  3. Port M2Crypto to python3

Python ssl module does provide a nice HTTPSConnection classes. But it is mostly incompatible with python 2.6.x ssl module, so one would need to use M2Crypto for python2 and ssl for python3, which would means two codepaths. But the ship stopper was the fact M2Crypto allows to work with X509 certificates stored in ~/.config/osc/trusted-certs/, where I did not find an alternative functionality in ssl module. A short attempt to write own X509 handling code using python-cffi showed me that OpenSSL is much more complex library than one would thing. And with almost no documentation or comments in source code.

I was not successful with a looking for much better ssl module. And there are none as far as I know. The most promising project is https://github.com/pyca/cryptography, but not finished and not dealing with X509 certs. An another opinion was https://github.com/alex/opentls, but it seems more like alex's learning project before contributing to cryptography.

So the last remaining option was to port M2Crypto to Python 3.

Result

I have found the related bug report https://bugzilla.osafoundation.org/show_bug.cgi?id=12853 and realized that Matěj Cepl from RedHat made an initial effort. So I have forked his repository https://github.com/mcepl/m2crypto and made some nice progress, which unfortunately means that all low-hanging fruits are now fixed.

https://github.com/mcepl/m2crypto/pull/1

What I learned

  • much much much more details about Python3 internals and how it is different from Python2 (especially IO). I can recommend to take a look at http://www.slideshare.net/dabeaz/mastering-python-3-io
  • some limited ability to write a code in SWIG
  • much much much much more about OpenSSL and how hard is to get into, because of a complexity and lack of docs
  • the fact that in a month when last python 2 interpreter release will appear (Oct 2013), there is no good and powerful OpenSSL binding available

Looking for hackers with the skills:

python3 python openssl c

This project is part of:

Hack Week 10

Activity

  • over 6 years ago: mvyskocil added keyword "python3" to Continue on osc3 porting
  • over 6 years ago: mvyskocil added keyword "python" to Continue on osc3 porting
  • over 6 years ago: mvyskocil added keyword "openssl" to Continue on osc3 porting
  • over 6 years ago: mvyskocil added keyword "c" to Continue on osc3 porting
  • over 6 years ago: mvyskocil started Continue on osc3 porting
  • over 6 years ago: mvyskocil originated Continue on osc3 porting

  • Comments

    Be the first to comment!

    Similar Projects

    Port Salt virt modules to idem by cbosdonnat

    Salt is moving towards a plugable architecture ...


    Fix terracumber, add some python unit tests, try to extend it and publish it by juliogonzalezgil

    Last year I developed [Terracumber](https://hac...


    Modernize Mash deployment by seanmarlow

    Mash is a Python based CI/CD pipeline for aut...


    Improve the supportconfig database tool by leonardocf

    The tool, developed in previous HackWeeks, is...


    Home assistant that doesn't spy on you - developer's edition by DKarakasilis

    There are various home assistant solutions out ...


    Write a commandline client for the geekos by dheidler

    There used to be a tool called tel that would...


    Home assistant that doesn't spy on you - developer's edition by DKarakasilis

    There are various home assistant solutions out ...


    Try to write simple rope-base Python language-server for LSP protocol by mcepl

    Future of tools supporting editors in dealing w...


    openSUSE Leap release process improvements by lkocman

    Goal:

    I'd like to have the release proce...


    Improving picotm by tdz

    Picotm is a system-level transaction manager. I...


    make "predictable network interface names" more predictable by mkubecek

    Since the so-called "predictable names" for net...


    dmidecode: no more open-coded printfs by jdelvare

    There's a long standing request to extend the o...


    ethtool ops for netdevsim by mkubecek

    This can be seen as a subproject of [ethtool ne...


    netlink interface for ethtool by mkubecek

    There seems to be an overall consensus that the...