Nick Coghlan
513886aabb
Fix #12835 : prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson)
2011-08-28 00:00:27 +10:00
Antoine Pitrou
4fd1e6a3ba
Issue #12803 : SSLContext.load_cert_chain() now accepts a password argument
...
to be used if the private key is encrypted. Patch by Adam Simpkins.
2011-08-25 14:39:44 +02:00
Nick Coghlan
5fab03fd15
Remove the SSLSocket versions of sendmsg/recvmsg due to lack of proper tests and documentation in conjunction with lack of any known use cases (see issue #6560 for details)
2011-08-23 22:26:44 +10:00
Nick Coghlan
96fe56abec
Add support for the send/recvmsg API to the socket module. Patch by David Watson and Heiko Wundram. ( Closes #6560 )
2011-08-22 11:55:57 +10:00
Antoine Pitrou
d649480739
Issue #12551 : Provide a get_channel_binding() method on SSL sockets so as
...
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented). This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.
Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
Antoine Pitrou
7128f95bd2
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:49:07 +02:00
Antoine Pitrou
b9ac25d1c3
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:47:06 +02:00
Victor Stinner
2e2baa9208
Issue #12049 : test_ssl now checks also that RAND_bytes() raises an error if
...
there is not enough entropy.
2011-05-25 11:15:16 +02:00
Victor Stinner
99c8b16143
Issue #12049 : Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
...
module.
2011-05-24 12:05:19 +02:00
Antoine Pitrou
7a616f2fc5
Issue #12065 : connect_ex() on an SSL socket now returns the original errno
...
when the socket's timeout expires (it used to return None).
2011-05-18 18:52:20 +02:00
Antoine Pitrou
b4410dbea6
Issue #12065 : connect_ex() on an SSL socket now returns the original errno
...
when the socket's timeout expires (it used to return None).
2011-05-18 18:51:06 +02:00
Victor Stinner
17ca323e7c
(Merge 3.1) Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
Victor Stinner
ee18b6f2fd
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
Victor Stinner
3de49192aa
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
Antoine Pitrou
ff9bfca482
Issue #12000 : When a SSL certificate has a subjectAltName without any
...
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:20:55 +02:00
Antoine Pitrou
1c86b44506
Issue #12000 : When a SSL certificate has a subjectAltName without any
...
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:19:49 +02:00
Antoine Pitrou
5aefa6637c
Fix whitespace
2011-04-28 19:24:46 +02:00
Antoine Pitrou
15399c3f09
Issue #11811 : ssl.get_server_certificate() is now IPv6-compatible. Patch
...
by Charles-François Natali.
2011-04-28 19:23:55 +02:00
Antoine Pitrou
d1c9845b54
Merged revisions 88671 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r88671 | antoine.pitrou | 2011-02-27 16:44:12 +0100 (dim., 27 févr. 2011) | 3 lines
Follow up to r88664: non-blocking connect-ex() can return EWOULDBLOCK under Windows
........
2011-02-27 15:45:16 +00:00
Antoine Pitrou
8a14a0c88b
Follow up to r88664: non-blocking connect-ex() can return EWOULDBLOCK under Windows
2011-02-27 15:44:12 +00:00
Antoine Pitrou
86cbfec50a
Merged revisions 88664 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines
Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
and make it work for non-blocking connects.
........
2011-02-26 23:25:34 +00:00
Antoine Pitrou
e93bf7aed2
Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
...
and make it work for non-blocking connects.
2011-02-26 23:24:06 +00:00
Victor Stinner
80f75e684e
Issue #10989 : Fix a crash on SSLContext.load_verify_locations(None, True).
...
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
2011-01-29 11:31:20 +00:00
Antoine Pitrou
50778ab4c2
Merged revisions 87861,87863 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87861 | antoine.pitrou | 2011-01-08 11:23:29 +0100 (sam., 08 janv. 2011) | 3 lines
Fix test_ssl after r87849
........
r87863 | antoine.pitrou | 2011-01-08 11:28:11 +0100 (sam., 08 janv. 2011) | 3 lines
Add EHOSTUNREACH ('No route to host') to the errnos trapped by transient_internet().
........
2011-01-08 10:31:09 +00:00
Antoine Pitrou
160fd938ed
Fix test_ssl after r87849
2011-01-08 10:23:29 +00:00
Victor Stinner
f332abbf15
test_ssl: test SHA256 using sha256.tbs-internet.com instead of sha2.hboeck.de
2011-01-08 03:16:05 +00:00
Antoine Pitrou
c4df784514
Issue #10272 : The ssl module now raises socket.timeout instead of a generic
...
SSLError on socket timeouts.
2010-12-03 19:59:41 +00:00
Ezio Melotti
ed3a7d2d60
#10273 : Rename assertRegexpMatches and assertRaisesRegexp to assertRegex and assertRaisesRegex.
2010-12-01 02:32:32 +00:00
Georg Brandl
f55aa80b37
Merged revisions 85820,85823,85825,85840,85843-85845,85849-85851,85855,85867,85875,85907-85908,85911,85914 via svnmerge from
...
svn+ssh://svn.python.org/python/branches/py3k
........
r85820 | georg.brandl | 2010-10-24 16:20:22 +0200 (So, 24 Okt 2010) | 1 line
Remove usage of exception indexing.
........
r85823 | georg.brandl | 2010-10-24 16:32:45 +0200 (So, 24 Okt 2010) | 1 line
Fix style.
........
r85825 | georg.brandl | 2010-10-24 17:16:02 +0200 (So, 24 Okt 2010) | 1 line
Add documentation about the default warnings filters.
........
r85840 | georg.brandl | 2010-10-25 19:50:20 +0200 (Mo, 25 Okt 2010) | 1 line
#3018 : tkinter demo fixes for py3k.
........
r85843 | georg.brandl | 2010-10-26 08:59:23 +0200 (Di, 26 Okt 2010) | 1 line
Markup fix.
........
r85844 | georg.brandl | 2010-10-26 12:39:14 +0200 (Di, 26 Okt 2010) | 1 line
Work a bit more on tkinter demos.
........
r85845 | georg.brandl | 2010-10-26 12:42:16 +0200 (Di, 26 Okt 2010) | 1 line
faqwiz is removed.
........
r85849 | georg.brandl | 2010-10-26 21:31:06 +0200 (Di, 26 Okt 2010) | 1 line
#10200 : typo.
........
r85850 | georg.brandl | 2010-10-26 21:58:11 +0200 (Di, 26 Okt 2010) | 1 line
#10200 : typo.
........
r85851 | georg.brandl | 2010-10-26 22:12:37 +0200 (Di, 26 Okt 2010) | 1 line
Fix import.
........
r85855 | georg.brandl | 2010-10-27 09:21:54 +0200 (Mi, 27 Okt 2010) | 1 line
Encoding fix.
........
r85867 | georg.brandl | 2010-10-27 22:01:51 +0200 (Mi, 27 Okt 2010) | 1 line
Add David.
........
r85875 | georg.brandl | 2010-10-28 10:38:30 +0200 (Do, 28 Okt 2010) | 1 line
Fix bytes/str issues in get-remote-certificate.py.
........
r85907 | georg.brandl | 2010-10-29 06:54:13 +0200 (Fr, 29 Okt 2010) | 1 line
#10222 : fix for overzealous AIX compiler.
........
r85908 | georg.brandl | 2010-10-29 07:22:17 +0200 (Fr, 29 Okt 2010) | 1 line
send_bytes obviously needs bytes...
........
r85911 | georg.brandl | 2010-10-29 07:36:28 +0200 (Fr, 29 Okt 2010) | 1 line
Fix markup error and update false positive entries from "make suspicious".
........
r85914 | georg.brandl | 2010-10-29 08:17:38 +0200 (Fr, 29 Okt 2010) | 1 line
(?:...) is a non-capturing, but still grouping construct.
........
2010-11-26 08:59:40 +00:00
Antoine Pitrou
664c2d1fc0
Issue #10443 : Add the SSLContext.set_default_verify_paths() method.
2010-11-17 20:29:42 +00:00
Antoine Pitrou
fb0469112f
Issue #10022 : The dictionary returned by the `getpeercert()` method
...
of SSL sockets now has additional items such as `issuer` and `notBefore`.
2010-11-09 20:21:19 +00:00
Antoine Pitrou
d2eca37cc5
Clean up socket closing in test_ssl and test.ssl_servers
2010-10-29 23:41:37 +00:00
Georg Brandl
b75b639a8b
Remove usage of exception indexing.
2010-10-24 14:20:22 +00:00
Antoine Pitrou
eb585adbde
Fix test_ssl on Ubuntu buildbot with patched OpenSSL
2010-10-22 18:24:20 +00:00
Antoine Pitrou
d532321f7b
Issue #5639 : Add a *server_hostname* argument to `SSLContext.wrap_socket`
...
in order to support the TLS SNI extension. `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
2010-10-22 18:19:07 +00:00
Antoine Pitrou
05d936d2ce
Let test_ssl fail gracefully if ssl support is not available
2010-10-13 11:38:36 +00:00
Antoine Pitrou
803e6d670c
Issue #9003 : http.client.HTTPSConnection, urllib.request.HTTPSHandler and
...
urllib.request.urlopen now take optional arguments to allow for
server certificate checking, as recommended in public uses of HTTPS.
2010-10-13 10:36:15 +00:00
Antoine Pitrou
b0182c8ca5
Issue #10075 : Add a session_stats() method to SSLContext objects.
2010-10-12 20:09:02 +00:00
Antoine Pitrou
81564093a1
Issue #1051 : Add a script (Lib/test/make_ssl_certs.py) to generate the
...
custom certificate and private key files used by SSL-related certs.
2010-10-08 23:06:24 +00:00
Antoine Pitrou
59fdd6736b
Issue #1589 : Add ssl.match_hostname(), to help implement server identity
...
verification for higher-level protocols.
2010-10-08 10:37:08 +00:00
Giampaolo Rodolà
977c707b42
Fix issue 6706: adds new handle_accepted() method to asyncore.dispatcher
2010-10-04 21:08:36 +00:00
Antoine Pitrou
5974cdd5f5
Merged revisions 84807 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r84807 | antoine.pitrou | 2010-09-14 16:43:44 +0200 (mar., 14 sept. 2010) | 4 lines
Issue #9853 : Fix the signature of SSLSocket.recvfrom() and
SSLSocket.sendto() to match the corresponding socket methods.
........
2010-09-14 14:47:08 +00:00
Antoine Pitrou
a468adc76d
Issue #9853 : Fix the signature of SSLSocket.recvfrom() and
...
SSLSocket.sendto() to match the corresponding socket methods.
2010-09-14 14:43:44 +00:00
Antoine Pitrou
78d8946d19
Merged revisions 84650 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r84650 | antoine.pitrou | 2010-09-09 15:31:46 +0200 (jeu., 09 sept. 2010) | 4 lines
Use transient_internet() where appropriate in test_ssl
(svn.python.org is sometimes unavailable)
........
2010-09-09 13:33:33 +00:00
Antoine Pitrou
350c7229be
Use transient_internet() where appropriate in test_ssl
...
(svn.python.org is sometimes unavailable)
2010-09-09 13:31:46 +00:00
Antoine Pitrou
4d7979be72
Merged revisions 84597-84599 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r84597 | antoine.pitrou | 2010-09-07 22:42:19 +0200 (mar., 07 sept. 2010) | 5 lines
Issue #8574 : better implementation of test.support.transient_internet().
Original patch by Victor.
........
r84598 | antoine.pitrou | 2010-09-07 23:05:49 +0200 (mar., 07 sept. 2010) | 6 lines
Issue #9792 : In case of connection failure, socket.create_connection()
would swallow the exception and raise a new one, making it impossible
to fetch the original errno, or to filter timeout errors. Now the
original error is re-raised.
........
r84599 | antoine.pitrou | 2010-09-07 23:09:09 +0200 (mar., 07 sept. 2010) | 4 lines
Improve transient_internet() again to detect more network errors,
and use it in test_robotparser. Fixes #8574 .
........
2010-09-07 21:22:56 +00:00
Antoine Pitrou
a88c83cbab
Issue #8574 : better implementation of test.support.transient_internet().
...
Original patch by Victor.
2010-09-07 20:42:19 +00:00
Giampaolo Rodolà
8b7da623ce
Fix issue #9711 : raise ValueError is SSLConnection constructor is invoked with keyfile and not certfile.
2010-08-30 18:28:05 +00:00
Giampaolo Rodolà
4a656ebe05
dedent some lines in test_ssl so that they are actually executed
2010-08-29 22:50:39 +00:00
Giampaolo Rodolà
cd9dfb919a
in ssl tests rely on IOError.errno rather thanf IOError.strerror for better compatibility across platforms.
2010-08-29 20:56:56 +00:00