@@ -100,12 +100,12 @@ these protocol classes wherever possible. There are three goals here:
100100 developers to have an interface that they can target that will work with a
101101 wide range of TLS implementations.
102102
103- 1 . To provide an API that has few or no OpenSSL-specific concepts leak through.
103+ 2 . To provide an API that has few or no OpenSSL-specific concepts leak through.
104104 The :mod: `ssl ` module today has a number of warts caused by leaking OpenSSL
105105 concepts through to the API: the new protocol classes would remove those
106106 specific concepts.
107107
108- 1 . To provide a path for the core development team to make OpenSSL one of many
108+ 3 . To provide a path for the core development team to make OpenSSL one of many
109109 possible TLS implementations, rather than requiring that it be present on a
110110 system in order for Python to have TLS support.
111111
@@ -116,37 +116,37 @@ Interfaces
116116
117117There are several interfaces that require standardization. Those interfaces are:
118118
119- 1. Configuring TLS, currently implemented by the :class: `~ssl.SSLContext ` class
120- in the :mod: `ssl ` module.
119+ 1. Configuring TLS, currently implemented by the :class: `~ssl.SSLContext ` class
120+ in the :mod: `ssl ` module.
121121
122- 1. Providing an in-memory buffer for doing in-memory encryption or decryption
123- with no actual I/O (necessary for asynchronous I/O models), currently
124- implemented by the :class: `~ssl.SSLObject ` class in the :mod: `ssl ` module.
122+ 2. Providing an in-memory buffer for doing in-memory encryption or decryption
123+ with no actual I/O (necessary for asynchronous I/O models), currently
124+ implemented by the :class: `~ssl.SSLObject ` class in the :mod: `ssl ` module.
125125
126- 1. Wrapping a socket object, currently implemented by the
127- :class: `~ssl.SSLSocket ` class in the :mod: `ssl ` module.
126+ 3. Wrapping a socket object, currently implemented by the
127+ :class: `~ssl.SSLSocket ` class in the :mod: `ssl ` module.
128128
129- 1. Applying TLS configuration to the wrapping objects in (2) and (3). Currently
130- this is also implemented by the SSLContext class in the :mod: `ssl ` module.
129+ 4. Applying TLS configuration to the wrapping objects in (2) and (3). Currently
130+ this is also implemented by the SSLContext class in the :mod: `ssl ` module.
131131
132- 1. Specifying TLS cipher suites. There is currently no code for doing this in
133- the standard library: instead, the standard library uses OpenSSL cipher suite
134- strings.
132+ 5. Specifying TLS cipher suites. There is currently no code for doing this in
133+ the standard library: instead, the standard library uses OpenSSL cipher suite
134+ strings.
135135
136- 1. Specifying application-layer protocols that can be negotiated during the TLS
137- handshake.
136+ 6. Specifying application-layer protocols that can be negotiated during the TLS
137+ handshake.
138138
139- 1. Specifying TLS versions.
139+ 7. Specifying TLS versions.
140140
141- 1. Reporting errors to the caller, currently implemented by the
142- :class: `~ssl.SSLError ` class in the :mod: `ssl ` module.
141+ 8. Reporting errors to the caller, currently implemented by the
142+ :class: `~ssl.SSLError ` class in the :mod: `ssl ` module.
143143
144- 1. Specifying certificates to load, either as client or server certificates.
144+ 9. Specifying certificates to load, either as client or server certificates.
145145
146- 1 . Specifying which trust database should be used to validate certificates
147- presented by a remote peer.
146+ 10 . Specifying which trust database should be used to validate certificates
147+ presented by a remote peer.
148148
149- 1 . Finding a way to get hold of these interfaces at run time.
149+ 11 . Finding a way to get hold of these interfaces at run time.
150150
151151For the sake of simplicity, this PEP proposes to remove interfaces (3) and (4),
152152and replace them by a simpler interface that returns a socket which ensures that
@@ -226,7 +226,7 @@ classes are as follows:
2262261. To provide a method of specifying TLS configuration that avoids the risk of
227227 errors in typing (this excludes the use of a simple dictionary).
228228
229- 1 . To provide an object that can be safely compared to other configuration
229+ 2 . To provide an object that can be safely compared to other configuration
230230 objects to detect changes in TLS configuration, for use with the SNI
231231 callback.
232232
0 commit comments