Paul Kehrer

@njsmith Do we need to expose more than one interface to do this here or is one sufficient? If one, which one?

OpenSSL directly supports TLS-SRP with a set of bindings: https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_srp_password.html Of course, these are all deprecated as of 3.0 with no replacements, but that's likely because TLS-SRP only exists in...

If you're able to replicate the pyOpenSSL test failures in a clean virtualenv on macOS with an up-to-date `cryptography` please open a new issue. There's something odd going on there...

Unfortunately pyOpenSSL's PKCS12 support is not very good and doesn't support what you want (an iterable to get everything out of the PKCS12 bag). I'm not sure what alternatives are...

We would accept a PR here to expand support (without breaking current API). We'd also be happy to discuss it over on cryptography, but to my knowledge no one is...

You see this even with latest cryptography right? I ask because there was a memory leak they fixed in openssl 3.0.3, which we shipped in 37.0.2.

Never the easy answer 😅

Hmm, that is indeed an issue. Can the socket in a `Connection` be queried for blocking/non-blocking status? Would that even be safe here?

Yes, this library predates `from_buffer` in `cffi`, but it should use it. `pyca/cryptography` switched long ago but no one has done the work on `pynacl` yet.

Are you passing a string instead of bytes?