Expose some DTLS-related features

[njsmith]

This is enough to make it at least possible to set up a DTLS association and exchange encrypted data, though a high quality implementation still requires a ton of scaffolding code (see python-trio/trio#2010).

Depends on pyca/cryptography#6138

[njsmith]

For now I'm just skipping the new DTLS test when running against older cryptography. I guess the actual plan would be to wait for cryptography to release, bump the minimum cryptography version to the new release, and then drop the skipif? But everything else is good to go AFAICT.

[reaperhulk]

Would you mind shifting the CI changes to a separate PR? We can merge those immediately. Also, is it a hard requirement that we raise our version minimum or can we feature detect here in a sane fashion? (It's okay if the answer to that is no)

Also looks like we have a variety of missing lines of coverage, although that may just be codecov being stupid, I haven't looked.

[njsmith]

Also, is it a hard requirement that we raise our version minimum or can we feature detect here in a sane fashion? (It's okay if the answer to that is no)

Depends on what kind of feature detection you want. Having DTLS_METHOD and friends automagically hide themselves from the SSL namespace seems like maybe more trouble than any of us are motivated to deal with. OTOH the tests still pass just fine with the older cryptography, as long as you skip that one DTLS test.

[njsmith]

Also AFAICT all the missed coverage lines are to handle obscure things that can allegedly happen with libressl/old openssl/etc., so the issue is that pyopenssl doesn't test against these in CI. Do we care? I think the worst case is that people using exotic openssl-like libraries might get the wrong exception.

[njsmith]

The unrelated CI fixes/py 2 dropping/etc. have now all been merged, and I rebased this on top of them. So now this PR is just the DTLS changes, and I guess r4r.

[reaperhulk]

black is angry

[njsmith]

yeah, PR currently contains a bunch of temporary nonsense to try to debug the bionic hangs. I'll clean it up once I figure out a solution.

…

On Sat, Oct 30, 2021 at 10:32 PM Paul Kehrer ***@***.***> wrote: black is angry — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#1026 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAEU42D73ZAAX4ZHDU6ODT3UJTIFNANCNFSM47LE23RA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

-- Nathaniel J. Smith -- https://vorpus.org <http://vorpus.org>

[reaperhulk]

A bit more missing coverage than I'd prefer, but most of that is fixable if we add a 1.1.0 builder to our CI...which I am not volunteering for.