Commit Graph

12 Commits

Author SHA1 Message Date
Christian Heimes b467d9a240
bpo-43522: Fix SSLContext.hostname_checks_common_name (GH-24899)
Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not
copy hostflags from *struct SSL_CTX* to *struct SSL*.

Signed-off-by: Christian Heimes <christian@python.org>
2021-04-17 10:07:19 +02:00
Christian Heimes bfd0c963d8 bpo-38271: encrypt private key test files with AES256 (GH-16385)
The private keys for test_ssl were encrypted with 3DES in traditional
PKCS#5 format. 3DES and the digest algorithm of PKCS#5 are blocked by
some strict crypto policies. Use PKCS#8 format with AES256 encryption
instead.

Signed-off-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue38271



Automerge-Triggered-By: @tiran
2019-09-25 08:55:02 -07:00
Christian Heimes e6dac00779
bpo-34542: Update test certs and keys (GH-8997)
Update all test certs and keys to use future proof crypto settings:

* 3072 bit RSA keys
* SHA-256 signature

Signed-off-by: Christian Heimes <christian@python.org>
2018-08-30 07:25:49 +02:00
Christian Heimes bd5c7d238c
bpo-32602: Test ECDSA certs (#5247)
Add test certs and test for ECDSA cert and EC/RSA dual mode.

I'm also adding certs for IDNA 2003/2008 tests and simplify some test
data handling.

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-20 15:16:30 +01:00
Christian Heimes fe3c9c1ee9 Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. 2016-09-06 23:27:06 +02:00
Christian Heimes 1c03abd026 Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. 2016-09-06 23:25:35 +02:00
Berker Peksag 1e8ee9b380 Issue #23277: Remove unused sys and os imports
Patch by Jon Dufresne.
2016-04-24 07:31:42 +03:00
Antoine Pitrou d2e9fdfbde Issue #22074: Fix Lib/test/make_ssl_certs.py 2014-07-26 11:15:52 -04:00
Christian Heimes 225877917e Issue #8813: Add SSLContext.verify_flags to change the verification flags
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
2013-11-21 23:56:13 +01:00
Antoine Pitrou 58ddc9d743 Issue #8109: The ssl module now has support for server-side SNI, thanks to a :meth:`SSLContext.set_servername_callback` method.
Patch by Daniel Black.
2013-01-05 21:20:29 +01:00
Antoine Pitrou 803e6d670c Issue #9003: http.client.HTTPSConnection, urllib.request.HTTPSHandler and
urllib.request.urlopen now take optional arguments to allow for
server certificate checking, as recommended in public uses of HTTPS.
2010-10-13 10:36:15 +00:00
Antoine Pitrou 81564093a1 Issue #1051: Add a script (Lib/test/make_ssl_certs.py) to generate the
custom certificate and private key files used by SSL-related certs.
2010-10-08 23:06:24 +00:00