Commit Graph

68 Commits

Author SHA1 Message Date
Victor Stinner b1241f9619 (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 01:52:03 +02:00
Hirokazu Yamamoto a9b1689a89 Merged revisions 87140 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines

  Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
........
2010-12-09 12:12:42 +00:00
Benjamin Peterson 8e73403284 Merged revisions 85432 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85432 | benjamin.peterson | 2010-10-13 17:06:39 -0500 (Wed, 13 Oct 2010) | 1 line

  constify to appease compiler warnings
........
2010-10-13 22:10:31 +00:00
Mark Dickinson 793c71ce52 Merged revisions 83677 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line

  Fix memory leak in ssl module.
........
2010-08-03 18:34:53 +00:00
Antoine Pitrou 0dddf600d4 Issue #9075: In the ssl module, remove the setting of a `debug` flag
on an OpenSSL structure.
2010-06-25 00:03:21 +00:00
Antoine Pitrou 508a237c97 Clear the OpenSSL error queue each time an error is signalled.
When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
2010-05-16 23:11:46 +00:00
Antoine Pitrou 2e136abd16 Improve _ssl.c formatting 2010-05-12 14:02:34 +00:00
Antoine Pitrou a4c2a5c9a0 Untabify Modules/_ssl.c 2010-05-05 15:53:45 +00:00
Brett Cannon 949476ee58 Remove unneeded variable initialization.
Found using Clang's static analyzer.
2010-05-03 23:41:23 +00:00
Antoine Pitrou 1dc6b08f9e Issue #8549: Fix compiling the _ssl extension under AIX. Patch by
Sridhar Ratnakumar.
2010-04-27 19:09:59 +00:00
Antoine Pitrou 4d3e372ff3 The do_handshake() method of SSL objects now adjusts the blocking mode of
the SSL structure if necessary (as other methods already do).
2010-04-24 19:57:01 +00:00
Antoine Pitrou a5c4b5515f Issue #8108: Fix the unwrap() method of SSL objects when the socket has
a non-infinite timeout.  Also make that method friendlier with applications
wanting to continue using the socket in clear-text mode, by disabling
OpenSSL's internal readahead.  Thanks to Darryl Miles for guidance.

Issue #8108: test_ftplib's non-blocking SSL server now has proper handling
of SSL shutdowns.
2010-04-22 23:33:02 +00:00
Antoine Pitrou c715a9ed08 Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
2010-04-21 19:28:03 +00:00
Antoine Pitrou 0a6373c1a9 Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the
available cipher list.  Helps fix test_ssl with OpenSSL 1.0.0.
2010-04-17 17:10:38 +00:00
Antoine Pitrou 343314a11c Revert r79915 (temporary commit to check for buildbots -> the fix was successful) 2010-04-09 22:41:31 +00:00
Antoine Pitrou 9c6cd56e91 Temporarily commit fix to issue #8108, to check for buildbot response 2010-04-09 21:00:36 +00:00
Antoine Pitrou 92719c546f SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6. Fix compilation
with earlier versions.
2010-04-09 20:38:39 +00:00
Antoine Pitrou f9de534c21 Issue #8321: Give access to OpenSSL version numbers from the `ssl` module,
using the new attributes `ssl.OPENSSL_VERSION`, `ssl.OPENSSL_VERSION_INFO`
and `ssl.OPENSSL_VERSION_NUMBER`.
2010-04-05 21:35:07 +00:00
Antoine Pitrou eee91cda80 Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
reads and writes are always retried by OpenSSL itself.

(this is a followup to issue #3890)
2010-03-26 19:27:16 +00:00
Victor Stinner 3f75cc5cb5 Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and
method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel
Black.
2010-03-02 22:44:42 +00:00
Antoine Pitrou 5ba84910ae Issue #7133: SSL objects now support the new buffer API.
This fixes the test_ssl failure.
2009-10-19 17:59:07 +00:00
Jeffrey Yasskin 7937d939b1 Fix nearly all compilation warnings under Apple gcc-4.0. Tested with OPT="-g
-Wall -Wstrict-prototypes -Werror" in both --with-pydebug mode and --without.
There's still a batch of non-prototype warnings in Xlib.h that I don't know how
to fix.
2009-05-29 03:44:31 +00:00
Raymond Hettinger 354cfc1330 Fix signed/unsigned mismatch. 2009-01-26 16:52:22 +00:00
Bill Janssen 934b16d0c2 various SSL fixes; issues 1251, 3162, 3212 2008-06-28 22:19:33 +00:00
Gregory P. Smith dd96db63f6 This reverts r63675 based on the discussion in this thread:
http://mail.python.org/pipermail/python-dev/2008-June/079988.html

Python 2.6 should stick with PyString_* in its codebase.  The PyBytes_* names
in the spirit of 3.0 are available via a #define only.  See the email thread.
2008-06-09 04:58:54 +00:00
Christian Heimes 593daf545b Renamed PyString to PyBytes 2008-05-26 12:51:38 +00:00
Neal Norwitz 5802bb2319 Fix compiler warnings 2008-03-27 05:03:11 +00:00
Neal Norwitz e9057ff1a9 Initialize variable to prevent warning on some platform/config. 2008-01-27 17:10:35 +00:00
Christian Heimes e93237dfcc #1629: Renamed Py_Size, Py_Type and Py_Refcnt to Py_SIZE, Py_TYPE and Py_REFCNT. Macros for b/w compatibility are available. 2007-12-19 02:37:44 +00:00
Christian Heimes a63f268351 Fixed warning in ssl module 2007-12-14 04:38:13 +00:00
Bill Janssen 296a59d3be Add support for asyncore server-side SSL support. This requires
adding the 'makefile' method to ssl.SSLSocket, and importing the
requisite fakefile class from socket.py, and making the appropriate
changes to it to make it use the SSL connection.

Added sample HTTPS server to test_ssl.py, and test that uses it.

Change SSL tests to use https://svn.python.org/, instead of
www.sf.net and pop.gmail.com.

Added utility function to ssl module, get_server_certificate,
to wrap up the several things to be done to pull a certificate
from a remote server.
2007-09-16 22:06:00 +00:00
Bill Janssen 98d19dafd9 More work on SSL support.
* Much expanded test suite:

  All protocols tested against all other protocols.
  All protocols tested with all certificate options.
  Tests for bad key and bad cert.
  Test of STARTTLS functionality.
  Test of RAND_* functions.

* Fixes for threading/malloc bug.

* Issue 1065 fixed:

  sslsocket class renamed to SSLSocket.
  sslerror class renamed to SSLError.
  Function "wrap_socket" now used to wrap an existing socket.

* Issue 1583946 finally fixed:

  Support for subjectAltName added.
  Subject name now returned as proper DN list of RDNs.

* SSLError exported from socket as "sslerror".

* RAND_* functions properly exported from ssl.py.

* Documentation improved:

  Example of how to create a self-signed certificate.
  Better indexing.
2007-09-10 21:51:02 +00:00
Bill Janssen ffe576dc78 SSL certificate distinguished names should be represented by tuples 2007-09-05 00:46:27 +00:00
Guido van Rossum 780b80dc08 > Some of the code sets the error string in this directly before
> returning NULL, and other pieces of the code call PySSL_SetError,
> which creates the error string.  I think some of the places which set
> the string directly probably shouldn't; instead, they should call
> PySSL_SetError to cons up the error name directly from the err code.
> However, PySSL_SetError only works after the construction of an ssl
> object, which means it can't be used there...  I'll take a longer look
> at it and see if there's a reasonable fix.

Here's a patch which addresses this.  It also fixes the indentation in
PySSL_SetError, bringing it into line with PEP 7, fixes a compile warning
about one of the OpenSSL macros, and makes the namespace a bit more
consistent.  I've tested it on FC 7 and OS X 10.4.

% ./python ./Lib/test/regrtest.py -R :1: -u all test_ssl
test_ssl
beginning 6 repetitions
123456
......
1 test OK.
[29244 refs]
%

[GvR: slightly edited to enforce 79-char line length, even if it required
 violating the style guide.]
2007-08-27 18:42:23 +00:00
Neal Norwitz dc988119b5 Fix a few more variables to try to get this to compile with Visual Studio. 2007-08-25 16:58:09 +00:00
Neal Norwitz 049da9e1cf Try to get this to build with Visual Studio by moving all the variable
declarations to the beginning of a scope.
2007-08-25 16:41:36 +00:00
Guido van Rossum 4f2c3ddca4 Server-side SSL and certificate validation, by Bill Janssen.
While cleaning up Bill's C style, I may have cleaned up some code
he didn't touch as well (in _ssl.c).
2007-08-25 15:08:43 +00:00
Martin v. Löwis 6819210b9e PEP 3123: Provide forward compatibility with Python 3.0, while keeping
backwards compatibility. Add Py_Refcnt, Py_Type, Py_Size, and
PyVarObject_HEAD_INIT.
2007-07-21 06:55:02 +00:00
Martin v. Löwis a811c38d8e Fix various minor errors in passing arguments to
PyArg_ParseTuple.
2006-10-19 11:00:37 +00:00
Anthony Baxter 93ab5fa191 #1494314: Fix a regression with high-numbered sockets in 2.4.3. This
means that select() on sockets > FD_SETSIZE (typically 1024) work again.
The patch makes sockets use poll() internally where available.
2006-07-11 02:04:09 +00:00
Neal Norwitz 38e3b7d2d3 Don't mask a no memory error with a less meaningful one as discussed on python-checkins 2006-05-11 07:51:59 +00:00
Neal Norwitz c6a989ac3a Fix problems found by Coverity.
longobject.c: also fix an ssize_t problem
  <a> could have been NULL, so hoist the size calc to not use <a>.

_ssl.c: under fail: self is DECREF'd, but it would have been NULL.

_elementtree.c: delete self if there was an error.

_csv.c: I'm not sure if lineterminator could have been anything other than
a string.  However, other string method calls are checked, so check this
one too.
2006-05-10 06:57:58 +00:00
Neal Norwitz c859b5c04e Remove unused field 2006-04-17 01:49:28 +00:00
Georg Brandl 43f08a85e4 Patch #1380952: fix SSL objects timing out on consecutive read()s 2006-03-31 18:01:16 +00:00
Neal Norwitz 389cea8efc Try to improve name based on discussion on python-checkins with Jim Jewett 2006-02-13 00:35:21 +00:00
Martin v. Löwis f84d1b9375 Introduce Py_SOCKET_FD_CAN_BE_GE_FD_SETSIZE.
Proposed by Tim Peters.
2006-02-11 09:27:05 +00:00
Neal Norwitz 082b2df33f Bug #876637, prevent stack corruption when socket descriptor
is larger than FD_SETSIZE.

This can only be acheived with ulimit -n SOME_NUMBER_BIGGER_THAN_FD_SETSIZE
which is typically only available to root.  Since this wouldn't normally
be run in a test (ie, run as root), it doesn't seem too worthwhile to
add a normal test.  The bug report has one version of a test.  I've
written another.  Not sure what the best thing to do is.

Do the check before calling internal_select() because we can't set
an error in between Py_BEGIN_ALLOW_THREADS and Py_END_ALLOW_THREADS.
This seemed the clearest solution, ie handle before calling internal_select()
rather than inside.  Plus there is at least one place outside
of internal_select() that needed to be handled.

Will backport.
2006-02-07 07:04:46 +00:00
Neal Norwitz 19cbcad20e Fix indentation (whitespace only). 2006-02-07 06:59:20 +00:00
Neal Norwitz 1ac754fa10 Check return result from Py_InitModule*(). This API can fail.
Probably should be backported.
2006-01-19 06:09:39 +00:00
Michael W. Hudson 5910d81c97 Add a missing decref -- PyErr_SetObject increfs the 'object'! 2004-08-04 14:59:00 +00:00