9ee0203057
Issue #18135 : Fix a possible integer overflow in ssl.SSLSocket.write()
...
and in ssl.SSLContext.load_cert_chain() for strings and passwords longer
than 2 gigabytes.
2013-06-23 15:08:23 +02:00
4569cd5eab
_ssl.c: strip trailing spaces
2013-06-23 14:58:43 +02:00
457a2292ca
SSLContext.load_dh_params() now properly closes the input file.
2013-01-12 21:43:45 +01:00
5cb31c9277
Issue #15977 : Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times
2012-09-20 12:42:54 +02:00
b7a2800831
MERGE: Closes #15793 : Stack corruption in ssl.RAND_egd()
2012-09-11 02:08:48 +02:00
c8754a13e6
Closes #15793 : Stack corruption in ssl.RAND_egd()
2012-09-11 02:00:58 +02:00
721738fbee
Issue #15604 : Update uses of PyObject_IsTrue() to check for and handle errors correctly.
...
Patch by Serhiy Storchaka.
2012-08-15 23:20:39 +02:00
6f430e4963
Issue #15604 : Update uses of PyObject_IsTrue() to check for and handle errors correctly.
...
Patch by Serhiy Storchaka.
2012-08-15 23:18:25 +02:00
3b36fb1f53
Issue #14837 : SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule.
...
The str() of a SSLError is also enhanced accordingly.
NOTE: this commit creates a reference leak. The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type. The leak is on the
type object when it is instantiated:
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
2012-06-22 21:11:52 +02:00
d5d17eb653
Issue #14204 : The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
...
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
c135fa424e
Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay.
2012-02-19 21:22:39 +01:00
a9bf2ac726
Try to really fix compilation failures of the _ssl module under very old OpenSSLs.
2012-02-17 18:47:54 +01:00
e9fccb360f
Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined
2012-02-17 11:53:10 +01:00
04d4ee4e56
Issue #13014 : Fix a possible reference leak in SSLSocket.getpeercert().
2012-02-15 22:28:21 +01:00
2f5a163dfc
Issue #13014 : Fix a possible reference leak in SSLSocket.getpeercert().
2012-02-15 22:25:27 +01:00
9e2e5329dc
Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
2012-01-27 09:53:29 +01:00
3f366314e8
Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
2012-01-27 09:50:45 +01:00
f2bf8a6ac5
Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
2012-01-27 09:48:47 +01:00
0e576f1f50
Issue #13626 : Add support for SSL Diffie-Hellman key exchange, through the
...
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
501da61671
Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
...
(followup to issue #13627 )
2011-12-21 09:27:41 +01:00
8abdb8abd8
Issue #13634 : Add support for querying and disabling SSL compression.
2011-12-20 10:13:40 +01:00
923df6f22a
Issue #13627 : Add support for SSL Elliptic Curve-based Diffie-Hellman
...
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
6db4944cc5
Issue #13635 : Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
...
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
bc53032408
Issue #13458 : Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
...
Patch by Robert Xiao.
2011-11-23 01:42:52 +01:00
116d6b98bf
Issue #13458 : Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
...
Patch by Robert Xiao.
2011-11-23 01:39:19 +01:00
41032a69c1
Issue #11183 : Add finer-grained exceptions to the ssl module, so that
...
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
a0e0e23299
Add a docstring to SSLError
2011-10-22 23:41:52 +02:00
b7705b7792
Use PyExc_OSError directly instead of grabbing it from the socket module API
2011-10-22 23:37:51 +02:00
a02a12c517
Issue #13034 : When decoding some SSL certificates, the subjectAltName extension could be unreported.
2011-10-01 19:22:30 +02:00
d8c347a8de
Issue #13034 : When decoding some SSL certificates, the subjectAltName extension could be unreported.
2011-10-01 19:20:25 +02:00
ac7e9e058d
Issue #12287 : Fix a stack corruption in ossaudiodev module when the FD is
...
greater than FD_SETSIZE.
2011-08-28 18:10:27 +02:00
aa26b27503
Issue #12287 : Fix a stack corruption in ossaudiodev module when the FD is
...
greater than FD_SETSIZE.
2011-08-28 17:51:43 +02:00
4fd1e6a3ba
Issue #12803 : SSLContext.load_cert_chain() now accepts a password argument
...
to be used if the private key is encrypted. Patch by Adam Simpkins.
2011-08-25 14:39:44 +02:00
d649480739
Issue #12551 : Provide a get_channel_binding() method on SSL sockets so as
...
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented). This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.
Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
7128f95bd2
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:49:07 +02:00
b9ac25d1c3
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:47:06 +02:00
99c8b16143
Issue #12049 : Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
...
module.
2011-05-24 12:05:19 +02:00
17ca323e7c
(Merge 3.1) Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
ee18b6f2fd
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
3de49192aa
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
a7caec74aa
Merge fix for issue #11746
2011-04-03 18:16:50 +02:00
9c25486093
Issue #11746 : Fix SSLContext.load_cert_chain() to accept elliptic curve private keys.
2011-04-03 18:15:34 +02:00
b94767ff44
Issue #8914 : fix various warnings from the Clang static analyzer v254.
2011-02-22 20:15:44 +00:00
80f75e684e
Issue #10989 : Fix a crash on SSLContext.load_verify_locations(None, True).
...
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
2011-01-29 11:31:20 +00:00
8e63c687ef
Merged revisions 87140 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines
Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
........
2010-12-09 12:30:05 +00:00
524f10359b
Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
2010-12-09 10:49:00 +00:00
c4df784514
Issue #10272 : The ssl module now raises socket.timeout instead of a generic
...
SSLError on socket timeouts.
2010-12-03 19:59:41 +00:00
664c2d1fc0
Issue #10443 : Add the SSLContext.set_default_verify_paths() method.
2010-11-17 20:29:42 +00:00
fb0469112f
Issue #10022 : The dictionary returned by the `getpeercert()` method
...
of SSL sockets now has additional items such as `issuer` and `notBefore`.
2010-11-09 20:21:19 +00:00
d532321f7b
Issue #5639 : Add a *server_hostname* argument to `SSLContext.wrap_socket`
...
in order to support the TLS SNI extension. `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
2010-10-22 18:19:07 +00:00
Victor Stinner
Antoine Pitrou
Christian Heimes
Jesus Cea
Charles-François Natali
Victor Stinner
Brett Cannon
Hirokazu Yamamoto