cfbolz changed the topic of #pypy to: #pypy PyPy, the flexible snake | IRC logs: and | hacking on TLS is fun, way more fun than arguing over petty shit, turns out
slav0nic has joined #pypy
Guest96 has joined #pypy
Guest96 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Guest96 has joined #pypy
Guest96 has quit [Ping timeout: 240 seconds]
otisolsen70 has joined #pypy
_whitelogger has joined #pypy
[Arfrever] has joined #pypy
nanonyme has quit [Ping timeout: 256 seconds]
otisolsen70 has joined #pypy
nanonyme has joined #pypy
lritter has joined #pypy
greedom has joined #pypy
greedom has quit [Remote host closed the connection]
greedom has joined #pypy
* tumbleweed contemplates what to do about OpenSSL 3
<tumbleweed> mattip: I see you didn't even try to support it in pypy 2.7
<tumbleweed> was there technical reasons for that?
<tumbleweed> at the moment in Debian we're keeping cpython 2.7 alive to build pypy 2.7, which we're keeping alive to build pypy 3
greedom has quit [Remote host closed the connection]
<tumbleweed> porting cpython 2.7 to openssl 3 is easy enough, pypy looks trickier
<tumbleweed> don't really want to ship a pypy 2.7 in a stable release, that's using an old openssl. And I'm sure our security team would be strongly against that
<tumbleweed> wondering if we should persue a minimal ssl module that has the hash functions and no more
<mattip> tumbleweed: CPython is not very happy with its OpenSSL3 support, what is wrong with 1.1.1m?
<mattip> debian would drop cpython2.7 if pypy did not need it?
<tumbleweed> Debian & Ubuntu try very hard to have only one version of each thing
<[Arfrever]> Or just disable ssl module in CPython 2.7 and PyPy 2.7?
<tumbleweed> Ubuntu is pushing for OpenSSL 3 in the next release:
<tumbleweed> mattip: yes, pypy is the main thing keeping cpython2.7 around at the moment
<tumbleweed> we could always build with pypy2, but it's useful to be able to bootstrap pypy with cpython. And faster on the non-jit archs
<mattip> hmm. It seems like a lot of added burden to hang on to both pypy2 and cpython2 just in order to build pypy3
<tumbleweed> well, we all look forward to rpython3 :P
<mattip> haha
<tumbleweed> [Arfrever]: that's something I've discussed with doko
<tumbleweed> obviously that breaks hashlib too, I haven't tested to see if that matters for pypy translation
<mattip> so I guess I could try to backport the OpenSSL3 changes to pypy2.7, I didn't realize anyone would care
<mattip> thanks for pointing it out
<tumbleweed> I can try the same thing
<tumbleweed> I was wondering why you jumped to doing it for 3.7
<tumbleweed> I guess because that's what cryptography targets?
<mattip> the stdlib ssl module has diverged between 2.7 and 3.7, and I was worried 2.7's version would need some changes
<tumbleweed> I have a fairly minimal patchset for cpython, that I'm just finishing up
<tumbleweed> there were changes to the ssl module for 3.x that definitely made sense for openssl 3
<tumbleweed> but they aren't necessary for backwards compatibility
<tumbleweed> (at least with the current state of openssl 3. As they remove the deprecated functions, it'll presumably get a lot harder)
<mattip> cool, I could try to merge patches into pypy proper if it would help
<mattip> for testing, maybe we could add an option to the lib_pypy/pypy_tools/ script
<mattip> to use either OpenSSL 1.1.1m or 3.0.1, dependent on a command line option
<mattip> I recently moved back to OpenSSL 1.1.1m on pypy3.7, 3.8, 3.9 because of this thread on python-dev
<tumbleweed> thanks, I'll pass that along
<tumbleweed> none of that is a blocker for using cpython/pypy to build pypy, of course
lritter has quit [Ping timeout: 240 seconds]
<mattip> right, for that indeed disabling the cffi-based _ssl may make sense
<mattip> the RPython hashlib is still sufficient for translation
<mattip> ahh, no, I removed the rpython _hashlib in 85525c43dc44, so we are left with the pure-python one.
otisolsen70 has quit [Quit: Leaving]
<mattip> maybe we should restore _hashlib as an optional alternative module
slav0nic has quit [Ping timeout: 268 seconds]