Commit Graph

502 Commits

Author SHA1 Message Date
Zackery Spytz aebc049557
closes bpo-41235: Fix the error handling in SSLContext.load_dh_params() (GH-21385) 2020-07-07 23:21:58 -05:00
Christian Heimes a871f692b4
bpo-30008: Fix OpenSSL no-deprecated compilation (GH-20397)
Fix :mod:`ssl`` code to be compatible with OpenSSL 1.1.x builds that use
``no-deprecated`` and ``--api=1.1.0``.

Note: Tests assume full OpenSSL API and fail with limited API.

Signed-off-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Wright <gienah@gentoo.org>
2020-06-01 08:58:14 +02:00
Christian Heimes 6e8cda91d9
bpo-40457: Support OpenSSL without TLS 1.0/1.1 (GH-19862)
OpenSSL can be build without support for TLS 1.0 and 1.1. The ssl module
now correctly adheres to OPENSSL_NO_TLS1 and OPENSSL_NO_TLS1_1 flags.

Also update multissltest to test with latest OpenSSL and LibreSSL
releases.

Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: @tiran
2020-05-15 18:33:05 -07:00
Christian Heimes c087a268a4
bpo-40515: Require OPENSSL_THREADS (GH-19953)
The ``ssl`` and ``hashlib`` modules now actively check that OpenSSL is
build with thread support. Python 3.7.0 made thread support mandatory and no
longer works safely with a no-thread builds.

Signed-off-by: Christian Heimes <christian@python.org>
2020-05-15 11:55:25 -07:00
Victor Stinner 62183b8d6d
bpo-40268: Remove explicit pythread.h includes (#19529)
Remove explicit pythread.h includes: it is always included
by Python.h.
2020-04-15 02:04:42 +02:00
Serhiy Storchaka 8f87eefe7f
bpo-39943: Add the const qualifier to pointers on non-mutable PyBytes data. (GH-19472) 2020-04-12 14:58:27 +03:00
Dong-hee Na 1b55b65638
bpo-39573: Clean up modules and headers to use Py_IS_TYPE() function (GH-18521) 2020-02-17 11:09:15 +01:00
Alex Henrie a1c1be24cb bpo-39272: Remove dead assignment from _ssl__SSLContext_load_verify_locations_impl (GH-17916) 2020-01-09 10:12:12 +01:00
Christian Heimes 2b7de6696b bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190)
test_openssl_version now accepts version 3.0.0.

getpeercert() no longer returns IPv6 addresses with a trailing new line.

Signed-off-by: Christian Heimes <christian@python.org>


https://bugs.python.org/issue38820
2019-12-07 08:59:36 -08:00
Serhiy Storchaka 279f44678c
bpo-37206: Unrepresentable default values no longer represented as None. (GH-13933)
In ArgumentClinic, value "NULL" should now be used only for unrepresentable default values
(like in the optional third parameter of getattr). "None" should be used if None is accepted
as argument and passing None has the same effect as not passing the argument at all.
2019-09-14 12:24:05 +03:00
Christian Heimes 915cd3f069 bpo-35941: Fix performance regression in new code (GH-12610)
Accumulate certificates in a set instead of doing a costly list contain
operation. A Windows cert store can easily contain over hundred
certificates. The old code would result in way over 5,000 comparison
operations

Signed-off-by: Christian Heimes <christian@python.org>
2019-09-09 09:06:55 -07:00
neonene ed70129e15 bpo-37702: Fix SSL's certificate-store leak on Windows (GH-15632)
ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.
2019-09-09 05:33:43 -07:00
Alex Gaynor 40dad9545a Replace usage of the obscure PEM_read_bio_X509_AUX with the more standard PEM_read_bio_X509 (GH-15303)
X509_AUX is an odd, note widely used, OpenSSL extension to the X509 file format. This function doesn't actually use any of the extra metadata that it parses, so just use the standard API.

Automerge-Triggered-By: @tiran
2019-08-15 05:31:28 -07:00
Serhiy Storchaka 18b711c5a7
bpo-37648: Fixed minor inconsistency in some __contains__. (GH-14904)
The collection's item is now always at the left and
the needle is on the right of ==.
2019-08-04 14:12:48 +03:00
Victor Stinner 76611c7c0a bpo-37120: Fix _ssl get_num_tickets() (GH-14668)
Replace PyLong_FromLong() with PyLong_FromSize_t():
SSL_CTX_get_num_tickets() return type is size_t.


https://bugs.python.org/issue37120
2019-07-09 04:30:52 -07:00
Christian Heimes f0f5930ac8 bpo-37428: Don't set PHA verify flag on client side (GH-14421)
SSLContext.post_handshake_auth = True no longer sets
SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the
option is documented as ignored for clients, OpenSSL implicitly enables cert
chain validation when the flag is set.

Signed-off-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue37428
2019-06-30 23:29:17 -07:00
Christian Heimes 78c7d52779
bpo-37120: Add SSLContext.num_tickets (GH-13719)
Signed-off-by: Christian Heimes <christian@python.org>
2019-06-03 21:00:10 +02:00
Christian Heimes c7f7069e77
bpo-34271: Add ssl debugging helpers (GH-10031)
The ssl module now can dump key material to a keylog file and trace TLS
protocol messages with a tracing callback. The default and stdlib
contexts also support SSLKEYLOGFILE env var.

The msg_callback and related enums are private members. The feature
is designed for internal debugging and not for end users.

Signed-off-by: Christian Heimes <christian@python.org>
2019-05-31 11:44:05 +02:00
Serhiy Storchaka 65fb2c08c0
bpo-339827: Do not swallow exceptions in the _ssl module. (GH-12756) 2019-05-31 10:39:15 +03:00
Jeroen Demeyer 530f506ac9 bpo-36974: tp_print -> tp_vectorcall_offset and tp_reserved -> tp_as_async (GH-13464)
Automatically replace
tp_print -> tp_vectorcall_offset
tp_compare -> tp_as_async
tp_reserved -> tp_as_async
2019-05-30 19:13:39 -07:00
Paul Monson fb7e7505ed bpo-35926: Add support for OpenSSL 1.1.1b on Windows (GH-11779) 2019-05-15 15:38:55 -07:00
Inada Naoki 926b0cb5f6
bpo-36641: Add "const" to PyDoc_VAR macro (GH-12854)
It reduces "data" segment in python about 200KB.
2019-04-17 08:39:46 +09:00
kctherookie d93fbbf88e bpo-35941: Fix ssl certificate enumeration for windows (GH-12486)
Add a function to collect certificates from several certificate stores into one certificate collection store that is then enumerated. This ensures we load as many certificates as we can access.
2019-03-28 10:59:06 -07:00
Serhiy Storchaka d53fe5f407
bpo-36254: Fix invalid uses of %d in format strings in C. (GH-12264) 2019-03-13 22:59:55 +02:00
Christian Heimes a37f52436f bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.

Signed-off-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue35746
2019-01-15 14:47:42 -08:00
Zackery Spytz 842acaab13 bpo-35504: Fix segfaults and SystemErrors when deleting certain attrs. (GH-11175) 2018-12-17 16:52:45 +02:00
Zackery Spytz 4c49da0cb7 bpo-35436: Add missing PyErr_NoMemory() calls and other minor bug fixes. (GH-11015)
Set MemoryError when appropriate, add missing failure checks,
and fix some potential leaks.
2018-12-07 12:11:30 +02:00
Victor Stinner b37672daf6
bpo-35059: Cleanup usage of Python macros (GH-10648)
Don't pass complex expressions but regular variables to Python
macros.

* _datetimemodule.c: split single large "if" into two "if"
  in date_new(), time_new() and datetime_new().
* _pickle.c, load_extension(): flatten complex "if" expression into
  more regular C code.
* _ssl.c: addbool() now uses a temporary bool_obj to only evaluate
  the value once.
* weakrefobject.c: replace "Py_INCREF(result = proxy);"
  with "result = proxy; Py_INCREF(result);"
2018-11-22 03:37:50 +01:00
Zackery Spytz 365ad2ead5 bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606)
On failure, _PyBytes_Resize() will deallocate the bytes object and set
"result" to NULL.


https://bugs.python.org/issue34824
2018-10-06 10:41:45 -07:00
Stéphane Wirtel 07fbbfde1b bpo-34906: Doc: Fix typos (GH-9712) 2018-10-05 16:17:18 +02:00
Christian Heimes 9fb051f032 bpo-34670: Add TLS 1.3 post handshake auth (GH-9460)
Add SSLContext.post_handshake_auth and
SSLSocket.verify_client_post_handshake for TLS 1.3 post-handshake
authentication.

Signed-off-by: Christian Heimes <christian@python.org>q


https://bugs.python.org/issue34670
2018-09-22 23:32:31 -07:00
Nathaniel J. Smith c0da582b22 bpo-34759: Fix error handling in ssl 'unwrap()' (GH-9468)
OpenSSL follows the convention that whenever you call a function, it
returns an error indicator value; and if this value is negative, then
you need to go look at the actual error code to see what happened.

Commit c6fd1c1c3a introduced a small mistake in
_ssl__SSLSocket_shutdown_impl: instead of checking whether the error
indicator was negative, it started checking whether the actual error
code was negative, and it turns out that the error codes are never
negative. So the effect was that 'unwrap()' lost the ability to raise
SSL errors.


https://bugs.python.org/issue34759
2018-09-21 21:44:12 -07:00
Steve Dower c6fd1c1c3a
bpo-32533: Fixed thread-safety of error handling in _ssl. (GH-7158) 2018-09-17 11:34:47 -07:00
Alexandru Ardelean b3a271fc0c bpo-34710: fix SSL module build (GH-9347)
Include ``openssl/dh.h`` header file to fix implicit function declaration of ``DH_free()``.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-09-17 04:53:31 -07:00
Ned Deily 4531ec74c4
bpo-31432: Revert unrelated code changes to _ssl.c and test_ssl (GH-7650) 2018-06-11 20:26:28 -04:00
Christian Heimes ef24b6c54d bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530)
The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.
2018-06-11 18:59:45 -04:00
Alex Gaynor 55e53c3093
Remove an unneeded call into OpenSSL (GH-6887) 2018-05-16 13:02:06 -04:00
Christian Heimes 67c4801663 bpo-32257: Add ssl.OP_NO_RENEGOTIATION (GH-5904)
The ssl module now contains OP_NO_RENEGOTIATION constant, available with
OpenSSL 1.1.0h or 1.1.1.

Note, OpenSSL 1.1.0h hasn't been released yet.

Signed-off-by: Christian Heimes <christian@python.org>
2018-05-15 16:25:40 -04:00
Alex Gaynor 00717a46a1
Fixed an unused variable warning introduced in GH-6800 (GH-6816) 2018-05-14 16:48:14 -04:00
Alex Gaynor f04224210d
Remove `ifdef` check for an OpenSSL version (0.9.6) we don't support (GH-6800) 2018-05-14 11:51:45 -04:00
Christian Heimes d02ac25ab0
bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229)
Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.

Signed-off-by: Christian Heimes <christian@python.org>
2018-03-25 12:36:13 +02:00
Christian Heimes 4ca0739c9d
bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210)
LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
LibreSSL < 2.7.

Documentation updates and fixes for failing tests will be provided in
another patch set.

Signed-off-by: Christian Heimes <christian@python.org>
2018-03-24 15:41:37 +01:00
Christian Heimes 698dde16f6
bpo-31453: Add setter for min/max protocol version (#5259)
OpenSSL 1.1 has introduced a new API to set the minimum and maximum
supported protocol version. The API is easier to use than the old
OP_NO_TLS1 option flags, too.

Since OpenSSL has no call to set minimum version to highest supported,
the implementation emulate maximum_version = MINIMUM_SUPPORTED and
minimum_version = MAXIMUM_SUPPORTED by figuring out the minumum and
maximum supported version at compile time.

Signed-off-by: Christian Heimes <christian@python.org>
2018-02-27 11:54:43 +01:00
Christian Heimes 05d9fe32a1
bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (#5663)
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes <christian@python.org>
2018-02-27 08:55:39 +01:00
Christian Heimes 29eab55309
bpo-30622: Fix NPN for OpenSSL 1.1.1-pre1 (#5876)
Signed-off-by: Christian Heimes <christian@python.org>
2018-02-25 12:31:33 +01:00
Christian Heimes 6cdb7954b0
bpo-30622: Improve NPN support detection (#5859)
The ssl module now detects missing NPN support in LibreSSL.

Co-Authored-By: Bernard Spil <brnrd@FreeBSD.org>
Signed-off-by: Christian Heimes <christian@python.org>
2018-02-24 22:12:40 +01:00
Christian Heimes 141c5e8c24
bpo-24334: Cleanup SSLSocket (#5252)
* The SSLSocket is no longer implemented on top of SSLObject to
  avoid an extra level of indirection.
* Owner and session are now handled in the internal constructor.
* _ssl._SSLSocket now uses the same method names as SSLSocket and
  SSLObject.
* Channel binding type check is now handled in C code. Channel binding
  is always available.

The patch also changes the signature of SSLObject.__init__(). In my
opinion it's fine. A SSLObject is not a user-constructable object.
SSLContext.wrap_bio() is the only valid factory.
2018-02-24 21:10:57 +01:00
Christian Heimes 11a1493bc4 [bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128)
Previously, the ssl module stored international domain names (IDNs)
as U-labels. This is problematic for a number of reasons -- for
example, it made it impossible for users to use a different version
of IDNA than the one built into Python.

After this change, we always convert to A-labels as soon as possible,
and use them for all internal processing. In particular, server_hostname
attribute is now an A-label, and on the server side there's a new
sni_callback that receives the SNI servername as an A-label rather than
a U-label.
2018-02-23 17:35:08 -08:00
Christian Heimes 892d66e422
bpo-31429: Define TLS cipher suite on build time (#3532)
Until now Python used a hard coded white list of default TLS cipher
suites. The old approach has multiple downsides. OpenSSL's default
selection was completely overruled. Python did neither benefit from new
cipher suites (ChaCha20, TLS 1.3 suites) nor blacklisted cipher suites.
For example we used to re-enable 3DES.

Python now defaults to OpenSSL DEFAULT cipher suite selection and black
lists all unwanted ciphers. Downstream vendors can override the default
cipher list with --with-ssl-default-suites.

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-29 14:10:18 +01:00
Christian Heimes 61d478c71c
bpo-31399: Let OpenSSL verify hostname and IP address (#3462)
bpo-31399: Let OpenSSL verify hostname and IP

The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.

* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-27 15:51:38 +01:00
Christian Heimes ff5be6e810
bpo-32598: Use autoconf to detect usable OpenSSL (#5242)
Add https://www.gnu.org/software/autoconf-archive/ax_check_openssl.html
to auto-detect compiler flags, linker flags and libraries to compile
OpenSSL extensions. The M4 macro uses pkg-config and falls back to
manual detection.

Add autoconf magic to detect usable X509_VERIFY_PARAM_set1_host()
and related functions.

Refactor setup.py to use new config vars to compile _ssl and _hashlib
modules.

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-20 13:19:21 +01:00
Semen Zhydenko 1295e11d39 completly -> completely (#3999) (closes bpo-31788) 2017-10-15 12:28:31 -07:00
Christian Heimes e82c034496 bpo-31431: SSLContext.check_hostname auto-sets CERT_REQUIRED (#3531)
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:29:57 +02:00
Victor Stinner 5a61559fb0 _ssl_: Fix compiler warning (#3559)
Cast Py_buffer.len (Py_ssize_t, signed) to size_t (unsigned) to
prevent the following warning:

Modules/_ssl.c:3089:21: warning: comparison between signed and
unsigned integer expressions [-Wsign-compare]
2017-09-14 10:10:30 +02:00
Steve Dower e6eb48c10d bpo-31400: Improve SSL error handling on Windows (#3463)
* bpo-31392: Improve SSL error handling on Windows

* Remove unnecessary Windows mention in NEWS
2017-09-08 15:16:15 -07:00
Christian Heimes 0915360b9e bpo-28182: restore backwards compatibility (#3464)
b3ad0e5 broke backwards compatibility with OpenSSL < 1.0.2.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-08 14:47:58 -07:00
Christian Heimes b3ad0e5127 bpo-28182: Expose OpenSSL verification results (#3412)
The SSL module now raises SSLCertVerificationError when OpenSSL fails to
verify the peer's certificate. The exception contains more information about
the error.

Original patch by Chi Hsuan Yen

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-08 12:00:19 -07:00
Christian Heimes cb5b68abde bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (#1363)
* bpo-29136: Add TLS 1.3 support

TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3
cipher suites don't overlap with cipher suites from TLS 1.2 and earlier.
Since Python sets its own set of permitted ciphers, TLS 1.3 handshake
will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common
AES-GCM and ChaCha20 suites.

Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with
OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3
now.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-07 18:07:00 -07:00
Christian Heimes 17c9ac927b bpo-28958: Improve SSLContext error reporting. (#3414)
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-07 14:14:00 -07:00
Antoine Pitrou a6a4dc816d bpo-31370: Remove support for threads-less builds (#3385)
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
2017-09-07 18:56:24 +02:00
Christian Heimes 6877111648 bpo-29781: Fix SSLObject.version before handshake (#3364)
SSLObject.version() now correctly returns None when handshake over BIO has
not been performed yet.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-05 21:55:40 -07:00
Christian Heimes c941e6238a bpo-30102: Call OPENSSL_add_all_algorithms_noconf (#3112)
The ssl and hashlib modules now call OPENSSL_add_all_algorithms_noconf() on
OpenSSL < 1.1.0. The function detects CPU features and enables optimizations
on some CPU architectures such as POWER8. Patch is based on research from
Gustavo Serra Scalet.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-05 15:47:11 +02:00
Serhiy Storchaka e503ca5288 bpo-30502: Fix handling of long oids in ssl. (#2909) 2017-09-05 00:28:53 +02:00
Melvyn Sopacua b2d096bd2a bpo-30622: Change NPN detection: (#2079)
* Change NPN detection:

Version breakdown, support disabled (pre-patch/post-patch):
- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined ->
False/False
- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
OPENSSL_NO_NEXTPROTONEG will be defined -> True/False

Version breakdown support enabled (pre-patch/post-patch):
- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and
OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True

* Refine NPN guard:

- If NPN is disabled, but ALPN is available we need our callback
- Make clinic's ssl behave the same way

This created a working ssl module for me, with NPN disabled and ALPN
enabled for OpenSSL 1.1.0f.

Concerns to address:
The initial commit for NPN support into OpenSSL [1], had the
OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG
guard. The question is if that ever made it into a release.
This would need an ugly hack, something like:

	#if defined(OPENSSL_NO_NEXTPROTONEG) && \
		!defined(OPENSSL_NPN_NEGOTIATED)
	#	define OPENSSL_NPN_UNSUPPORTED 0
	#	define OPENSSL_NPN_NEGOTIATED 1
	#	define OPENSSL_NPN_NO_OVERLAP 2
	#endif

[1] https://github.com/openssl/openssl/commit/68b33cc5c7
2017-09-04 23:35:15 +02:00
INADA Naoki a6296d34a4 bpo-31095: fix potential crash during GC (GH-2974) 2017-08-24 14:55:17 +09:00
Segev Finer 5cff637979 bpo-9566: Fixed _ssl module warnings (#2495)
* bpo-9566: Fixed some _ssl warnings

* bpo-9566: _ssl: Fixup the fixes and also fix the remainings warnings

* Add a comment about the downcast
2017-07-26 15:19:17 -07:00
Steve Dower 68d663cf85 [bpo-30916] Pre-build OpenSSL and Tcl/Tk for Windows (#2688)
Updates ssl and tkinter projects to use pre-built externals
2017-07-17 11:15:48 +02:00
Serhiy Storchaka 5f31d5cf6e Regenerate Argument Clinic code for bpo-19180. (#2073) 2017-06-10 13:13:51 +03:00
Chandan Kumar 63c2c8ac17 bpo-19180: Updated references for RFC 1750, RFC 3280 & RFC 4366 (GH-148)
* RFC 1750 has been been obsoleted by RFC 4086.
* RFC 3280 has been obsoleted by RFC 5280.
* RFC 4366 has been obsoleted by RFC 6066.
2017-06-09 19:43:58 +10:00
Nathaniel J. Smith 65ece7ca23 bpo-30594: Fixed refcounting in newPySSLSocket (#1992)
If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults.
2017-06-08 09:30:43 +03:00
Alex Gaynor b87c0dfe90 Simplify X.509 extension handling code (#1855)
* Simplify X.509 extension handling code

The previous implementation had grown organically over time, as OpenSSL's API evolved.

* Delete even more code
2017-06-06 07:53:11 -04:00
Christian Heimes 66dc33b682 bpo-29334: Fix ssl.getpeercert for auto-handshake (#1769)
Drop handshake_done and peer_cert members from PySSLSocket struct. The
peer certificate can be acquired from *SSL directly.
SSL_get_peer_certificate() does not trigger any network activity.
Instead of manually tracking the handshake state, simply use
SSL_is_init_finished().

In combination these changes fix auto-handshake for non-blocking
MemoryBIO connections.

Signed-off-by: Christian Heimes <christian@python.org>
2017-05-23 16:02:02 -07:00
Serhiy Storchaka 55fe1ae970 bpo-30022: Get rid of using EnvironmentError and IOError (except test… (#1051) 2017-04-16 10:46:38 +03:00
Olivier Vielpeau 2849cc34a8 bpo-29738: Fix memory leak in _get_crl_dp (GH-526)
* Remove conditional on free of `dps`, since `dps` is now allocated for
all versions of OpenSSL
* Remove call to `x509_check_ca` since it was only used to cache
the `crldp` field of the certificate
CRL_DIST_POINTS_free is available in all supported versions of OpenSSL
(recent 0.9.8+) and LibreSSL.
2017-04-14 18:06:07 -07:00
Serhiy Storchaka aefa7ebf0f bpo-6532: Make the thread id an unsigned integer. (#781)
* bpo-6532: Make the thread id an unsigned integer.

From C API side the type of results of PyThread_start_new_thread() and
PyThread_get_thread_ident(), the id parameter of
PyThreadState_SetAsyncExc(), and the thread_id field of PyThreadState
changed from "long" to "unsigned long".

* Restore a check in thread_get_ident().
2017-03-23 14:48:39 +01:00
Donald Stufft 8ae264ce6d bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-395) 2017-03-02 11:45:29 -05:00
Serhiy Storchaka 228b12edcc Issue #28999: Use Py_RETURN_NONE, Py_RETURN_TRUE and Py_RETURN_FALSE wherever
possible.  Patch is writen with Coccinelle.
2017-01-23 09:47:21 +02:00
Victor Stinner f17c3de263 Use _PyObject_CallNoArg()
Replace:
    PyObject_CallFunctionObjArgs(callable, NULL)
with:
    _PyObject_CallNoArg(callable)
2016-12-06 18:46:19 +01:00
Victor Stinner de4ae3d486 Backed out changeset b9c9691c72c5
Issue #28858: The change b9c9691c72c5 introduced a regression. It seems like
_PyObject_CallArg1() uses more stack memory than
PyObject_CallFunctionObjArgs().
2016-12-04 22:59:09 +01:00
Victor Stinner 27580c1fb5 Replace PyObject_CallFunctionObjArgs() with fastcall
* PyObject_CallFunctionObjArgs(func, NULL) => _PyObject_CallNoArg(func)
* PyObject_CallFunctionObjArgs(func, arg, NULL) => _PyObject_CallArg1(func, arg)

PyObject_CallFunctionObjArgs() allocates 40 bytes on the C stack and requires
extra work to "parse" C arguments to build a C array of PyObject*.

_PyObject_CallNoArg() and _PyObject_CallArg1() are simpler and don't allocate
memory on the C stack.

This change is part of the fastcall project. The change on listsort() is
related to the issue #23507.
2016-12-01 14:43:22 +01:00
Christian Heimes 1a63b9f288 Typo 2016-09-24 12:07:21 +02:00
Christian Heimes a5d0765990 Finish GC code for SSLSession and increase test coverage 2016-09-24 10:48:05 +02:00
Christian Heimes f6365e3816 Issue #28188: Use PyMem_Calloc() to get rid of a type-limits warning and an extra memset() call in _ssl.c. 2016-09-13 20:48:13 +02:00
Victor Stinner 410b9887e1 Issue #27866: Fix refleak in cipher_to_dict() 2016-09-12 12:00:23 +02:00
Christian Heimes 5fe668c672 Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContext 2016-09-12 00:01:11 +02:00
Christian Heimes 99a6570295 Issue #19500: Add client-side SSL session resumption to the ssl module. 2016-09-10 23:44:53 +02:00
Christian Heimes 358cfd426c Issue 28043: SSLContext has improved default settings
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
2016-09-10 22:43:48 +02:00
Christian Heimes fe3c9c1ee9 Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. 2016-09-06 23:27:06 +02:00
Christian Heimes 1c03abd026 Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. 2016-09-06 23:25:35 +02:00
Christian Heimes 0061bf5892 Issue #26470: Use short name rather than name for compression name to fix #27958. 2016-09-06 01:14:34 +02:00
Christian Heimes 281e5f8839 Issue #26470: Use short name rather than name for compression name to fix #27958. 2016-09-06 01:10:39 +02:00
Christian Heimes 25bfcd5d9e Issue #27866: Add SSLContext.get_ciphers() method to get a list of all enabled ciphers. 2016-09-06 00:04:45 +02:00
Christian Heimes 01113faef9 Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. 2016-09-05 23:23:24 +02:00
Christian Heimes 598894ff48 Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. 2016-09-05 23:19:05 +02:00
Benjamin Peterson a853c479ee merge 3.5 (#27773) 2016-08-15 21:56:11 -07:00
Benjamin Peterson 81b9ecd2a3 fix corner cases in the management of server_hostname (closes #27773) 2016-08-15 21:55:37 -07:00
Victor Stinner d3afb62b8f Merge 3.5 (INVALID_SOCKET) 2016-07-22 17:47:09 +02:00
Victor Stinner 524714eeda socket: use INVALID_SOCKET
* Replace "fd = -1" with "fd = INVALID_SOCKET"
* Replace "fd < 0" with "fd == INVALID_SOCKET": SOCKET_T is unsigned on Windows

Bug found by Pavel Belikov ("Fragment N1"):
http://www.viva64.com/en/b/0414/#ID0ECDAE
2016-07-22 17:43:59 +02:00
Martin Panter 7386268ffd Issue #23804: Merge SSL recv() fix from 3.5 2016-07-11 01:32:09 +00:00
Martin Panter bed7f1a512 Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOF 2016-07-11 00:17:13 +00:00
Serhiy Storchaka 2954f83999 - Issue #27332: Fixed the type of the first argument of module-level functions
generated by Argument Clinic.  Patch by Petr Viktorin.
2016-07-07 18:20:03 +03:00
Serhiy Storchaka 1a2b24f02d Issue #27332: Fixed the type of the first argument of module-level functions
generated by Argument Clinic.  Patch by Petr Viktorin.
2016-07-07 17:35:15 +03:00
Benjamin Peterson 50600a78cb merge 3.5 (#24557) 2016-07-06 23:58:16 -07:00
Benjamin Peterson b8a2f51ceb assume egd unless OPENSSL_NO_EGD is defined—remove configure check (closes #24557) 2016-07-06 23:55:15 -07:00
Berker Peksag 2c164b738d Fix unused variable 'libver' warning in Modules/_ssl.c
It can be seen on various buildbots like 3.x.cea-indiana-amd64
and 3.x.murray-snowleopard:

/export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver'

/Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
2016-04-14 16:49:21 +03:00
Berker Peksag dfcb041195 Fix unused variable 'libver' warning in Modules/_ssl.c
It can be seen on various buildbots like 3.x.cea-indiana-amd64
and 3.x.murray-snowleopard:

/export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver'

/Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
2016-04-14 16:48:48 +03:00
Serhiy Storchaka f01e408c16 Issue #26200: Added Py_SETREF and replaced Py_XSETREF with Py_SETREF
in places where Py_DECREF was used.
2016-04-10 18:12:01 +03:00
Serhiy Storchaka 57a01d3a0e Issue #26200: Added Py_SETREF and replaced Py_XSETREF with Py_SETREF
in places where Py_DECREF was used.
2016-04-10 18:05:40 +03:00
Serhiy Storchaka ec39756960 Issue #22570: Renamed Py_SETREF to Py_XSETREF. 2016-04-06 09:50:03 +03:00
Serhiy Storchaka 48842714b9 Issue #22570: Renamed Py_SETREF to Py_XSETREF. 2016-04-06 09:45:48 +03:00
Martin Panter afd465d497 Issue #26644: Merge SSL negative read fix from 3.5 2016-03-27 10:40:22 +00:00
Martin Panter 5503d4731e Issue #26644: Raise ValueError for negative SSLSocket.recv() and read() 2016-03-27 05:35:19 +00:00
Benjamin Peterson 4a180a693f merge 3.5 (closes #25939) 2016-02-17 22:18:35 -08:00
Benjamin Peterson 1378f7ca68 merge 3.4 (closes #25939) 2016-02-17 22:18:20 -08:00
Benjamin Peterson 9491272751 open the cert store readonly
Patch from Chi Hsuan Yen.
2016-02-17 22:13:19 -08:00
Benjamin Peterson 5db60aa84e merge 3.5 (closes #25672) 2016-01-07 21:38:51 -08:00
Benjamin Peterson 3b1a8b3bbe enable SSL_MODE_RELEASE_BUFFERS
Patch by Cory Benfield.
2016-01-07 21:37:37 -08:00
Serhiy Storchaka ef1585eb9a Issue #25923: Added more const qualifiers to signatures of static and private functions. 2015-12-25 20:01:53 +02:00
Serhiy Storchaka 5a57ade58e Issue #20440: Massive replacing unsafe attribute setting code with special
macro Py_SETREF.
2015-12-24 10:35:59 +02:00
Benjamin Peterson fcc2e71e99 merge 3.4 (#25578) 2015-11-14 15:14:42 -08:00
Benjamin Peterson 025a1fd990 rm trailing ws 2015-11-14 15:12:38 -08:00
Benjamin Peterson f0c9038a36 fix possible memory lea k in _get_aia_uri (closes #25578) 2015-11-14 15:12:18 -08:00
Benjamin Peterson 2463001a15 merge 3.4 (#25569) 2015-11-14 00:11:09 -08:00
Benjamin Peterson 806fb25405 fix build with older openssl (#25569) 2015-11-14 00:09:22 -08:00
Benjamin Peterson 45bde5d2ee merge 3.4 (#25530) 2015-11-11 22:45:22 -08:00
Benjamin Peterson a9dcdabccb always set OP_NO_SSLv3 by default (closes #25530) 2015-11-11 22:38:41 -08:00
Benjamin Peterson 86429bd174 merge 3.5 (#25569) 2015-11-11 22:14:08 -08:00
Benjamin Peterson eda06c8f5e fix memory leak in _get_crl_dp (closes #25569)
Patch started by Stéphane Wirtel.
2015-11-11 22:07:38 -08:00
Serhiy Storchaka f51d715845 Issue #25523: Further a-to-an corrections new in 3.5. 2015-11-02 14:40:41 +02:00
Serhiy Storchaka a84f6c3dd3 Issue #25523: Merge a-to-an corrections from 3.4. 2015-11-02 14:39:05 +02:00
Serhiy Storchaka d65c9496da Issue #25523: Further a-to-an corrections. 2015-11-02 14:10:23 +02:00
Benjamin Peterson d330822c12 detect alpn by feature flag not openssl version (closes #23329) 2015-09-27 00:09:02 -07:00
Benjamin Peterson d113c967b4 improve style of the convert macro (#24655)
Patch by Brian Cain.
2015-07-18 10:59:13 -07:00
Benjamin Peterson 0544cf0eb9 merge 3.4 (#24655) 2015-07-18 11:00:00 -07:00
Larry Hastings dbfdc380df Issue #24001: Argument Clinic converters now use accept={type}
instead of types={'type'} to specify the types the converter accepts.
2015-05-04 06:59:46 -07:00
Serhiy Storchaka 4b7b82f133 Issue #20179: Converted the _ssl module to Argument Clinic. 2015-05-03 16:14:08 +03:00
Victor Stinner 146907081c Issue #23853: Methods of SSL socket don't reset the socket timeout anymore each
time bytes are received or sent. The socket timeout is now the maximum total
duration of the method.

This change fixes a denial of service if the application is regulary
interrupted by a signal and the signal handler does not raise an exception.
2015-04-06 22:46:13 +02:00
Benjamin Peterson 7d71c97ec3 merge 3.4 (#23875) 2015-04-06 13:06:21 -04:00
Benjamin Peterson 43b842775f remove extra arguments in arg parsing format codes (closes #23875) 2015-04-06 13:05:22 -04:00
Victor Stinner 4e3cfa46dc Issue #23853: Cleanup _ssl.c
* Rename check_socket_and_wait_for_timeout() to PySSL_select()
* PySSL_select() is now clearly splitted betwen poll() and select()
* Add empty lines for readability
2015-04-02 21:28:28 +02:00
Victor Stinner 869e1778c0 Issue #22117: Replace usage of _PyTime_ROUND_UP with _PyTime_ROUND_CEILING
All these functions only accept positive timeouts, so this change has no effect
in practice.
2015-03-30 03:49:14 +02:00
Victor Stinner ea9c0dd2c2 Issue #22117: Fix usage of _PyTime_AsTimeval()
Add _PyTime_AsTimeval_noraise() function. Call it when it's not possible (or
not useful) to raise a Python exception on overflow.
2015-03-30 02:51:13 +02:00
Victor Stinner e245231fab Issue #22117: Fix ssl to use _PyTime_t API on sock_timeout
I didn't notice that the ssl module uses private attributes of socket objects.
2015-03-28 03:00:46 +01:00
Serhiy Storchaka 8490f5acfe Issue #23001: Few functions in modules mmap, ossaudiodev, socket, ssl, and
codecs, that accepted only read-only bytes-like object now accept writable
bytes-like object too.
2015-03-20 09:00:36 +02:00
Victor Stinner e42ccd2bfd Issue #23694: Enhance _Py_fopen(), it now raises an exception on error
* If fopen() fails, OSError is raised with the original filename object.
* The GIL is now released while calling fopen()
2015-03-18 01:39:23 +01:00
Benjamin Peterson de8eca4638 merge 3.4 2015-03-04 22:50:25 -05:00
Benjamin Peterson 990fcaac3c expose X509_V_FLAG_TRUSTED_FIRST 2015-03-04 22:49:41 -05:00
Benjamin Peterson b64ae7bf2d merge 3.4 (#23476) 2015-03-04 22:11:48 -05:00
Benjamin Peterson fdb1971587 enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476) 2015-03-04 22:11:12 -05:00
Antoine Pitrou 0bfd0a4048 Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed. 2015-03-04 20:54:57 +01:00