Commit Graph

178 Commits

Author SHA1 Message Date
Christian Heimes 9bfcaa6fb3 Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:35 +02:00
Christian Heimes 5962bef8aa Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:18 +02:00
Victor Stinner 11ebff2757 Issue #18203: Replace malloc() with PyMem_Malloc() in _ssl for the password 2013-07-07 17:07:52 +02:00
Victor Stinner b64049183c Issue #18203: Replace malloc() with PyMem_Malloc() in Python modules
Replace malloc() with PyMem_Malloc() when the GIL is held, or with
PyMem_RawMalloc() otherwise.
2013-07-07 16:21:41 +02:00
Victor Stinner 7e00151e1f _ssl.c: strip trailing spaces 2013-06-25 00:44:31 +02:00
Victor Stinner 86073dc3c2 (Merge 3.3) Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if
the input string in longer than 2 gigabytes, and
ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer
than 2 gigabytes. The ssl module does not support partial write.
2013-06-25 00:43:47 +02:00
Victor Stinner 6efa965a27 Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises
a ValueError if the password is longer than 2 gigabytes. The ssl module does
not support partial write.
2013-06-25 00:42:31 +02:00
Victor Stinner 8cfd67cfe7 (Merge 3.3) Issue #18135: Fix a possible integer overflow in
ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and
passwords longer than 2 gigabytes.
2013-06-23 15:09:26 +02:00
Victor Stinner 9ee0203057 Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
and in ssl.SSLContext.load_cert_chain() for strings and passwords longer
than 2 gigabytes.
2013-06-23 15:08:23 +02:00
Victor Stinner 4569cd5eab _ssl.c: strip trailing spaces 2013-06-23 14:58:43 +02:00
Christian Heimes 9a5395ae2b Issue #18147: Add diagnostic functions to ssl.SSLContext().
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
2013-06-17 15:44:12 +02:00
Christian Heimes 200bb1b08c Simplify return value of ssl.get_default_verify_paths
prefix function with PySSL_, too. Other module level functions have a prefix, too.
2013-06-14 15:14:29 +02:00
Christian Heimes 75b8426698 fixd refleak 2013-06-10 10:47:22 +02:00
Christian Heimes 46bebee25f Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store. 2013-06-09 19:03:31 +02:00
Christian Heimes 142ec2c014 get_default_verify_paths doesn't belong inside the ifdef block 2013-06-09 18:29:54 +02:00
Christian Heimes 6d7ad13a45 Issue #18143: Implement ssl.get_default_verify_paths() in order to debug
the default locations for cafile and capath.
2013-06-09 18:02:55 +02:00
Antoine Pitrou 19fef69b75 Fix compilation under MSVC: ssl_set_mode() is a macro, and the MSVC preprocessor doesn't process #ifdef's inside a macro argument list.
(found explanation at http://www.tech-archive.net/Archive/VC/microsoft.public.vc.language/2007-05/msg00385.html)
2013-05-25 13:23:03 +02:00
Antoine Pitrou 3a65ad7f08 Issue #8240: Set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag on SSL sockets. 2013-05-25 13:02:32 +02:00
Antoine Pitrou 50b24d0d7c Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.
Patch by Kazuhiro Yoshida.
(originally issue #8109)
2013-04-11 20:48:42 +02:00
Antoine Pitrou ce852cb8b9 Fix comment about the OpenSSL version in which SNI version was introduced. 2013-03-30 16:45:04 +01:00
Antoine Pitrou edbc18e9d0 Improve set_servername_callback docstring. 2013-03-30 16:40:27 +01:00
Antoine Pitrou a596338bb8 Fix previous fix (the cause was actually a misplaced #endif, or so it seems) 2013-03-30 16:39:00 +01:00
Antoine Pitrou 41f8c4f5e4 Further compiling fixes (issue #17581) 2013-03-30 16:36:54 +01:00
Antoine Pitrou 912fbff105 Issue #17581: try to fix building on old OpenSSL versions 2013-03-30 16:29:32 +01:00
Antoine Pitrou 2463e5fee4 Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù. 2013-03-28 22:24:43 +01:00
Stefan Krah 20d60803d5 Issue #16982: Fix --without-threads build failure. 2013-01-17 17:07:17 +01:00
Antoine Pitrou 1e37e9efa9 SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:44:33 +01:00
Antoine Pitrou 457a2292ca SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:43:45 +01:00
Antoine Pitrou 5dd12a5978 Fix returning uninitialized variable (issue #8109).
Found by Christian with Coverity.
2013-01-06 15:25:36 +01:00
Antoine Pitrou 58ddc9d743 Issue #8109: The ssl module now has support for server-side SNI, thanks to a :meth:`SSLContext.set_servername_callback` method.
Patch by Daniel Black.
2013-01-05 21:20:29 +01:00
Christian Heimes 5cb31c9277 Issue #15977: Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times 2012-09-20 12:42:54 +02:00
Jesus Cea b7a2800831 MERGE: Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:08:48 +02:00
Jesus Cea c8754a13e6 Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:00:58 +02:00
Antoine Pitrou 721738fbee Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly.
Patch by Serhiy Storchaka.
2012-08-15 23:20:39 +02:00
Antoine Pitrou 6f430e4963 Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly.
Patch by Serhiy Storchaka.
2012-08-15 23:18:25 +02:00
Antoine Pitrou 3b36fb1f53 Issue #14837: SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule.
The str() of a SSLError is also enhanced accordingly.

NOTE: this commit creates a reference leak.  The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type.  The leak is on the
type object when it is instantiated:

>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
2012-06-22 21:11:52 +02:00
Antoine Pitrou d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
Antoine Pitrou c135fa424e Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay. 2012-02-19 21:22:39 +01:00
Antoine Pitrou a9bf2ac726 Try to really fix compilation failures of the _ssl module under very old OpenSSLs. 2012-02-17 18:47:54 +01:00
Antoine Pitrou e9fccb360f Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined 2012-02-17 11:53:10 +01:00
Antoine Pitrou 04d4ee4e56 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:28:21 +01:00
Antoine Pitrou 2f5a163dfc Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou 9e2e5329dc Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:53:29 +01:00
Antoine Pitrou 3f366314e8 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:50:45 +01:00
Antoine Pitrou f2bf8a6ac5 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:48:47 +01:00
Antoine Pitrou 0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
Antoine Pitrou 501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
(followup to issue #13627)
2011-12-21 09:27:41 +01:00
Antoine Pitrou 8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou 923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
Antoine Pitrou 6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00