It can be seen on various buildbots like 3.x.cea-indiana-amd64
and 3.x.murray-snowleopard:
/export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver'
/Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
time bytes are received or sent. The socket timeout is now the maximum total
duration of the method.
This change fixes a denial of service if the application is regulary
interrupted by a signal and the signal handler does not raise an exception.
* Rename check_socket_and_wait_for_timeout() to PySSL_select()
* PySSL_select() is now clearly splitted betwen poll() and select()
* Add empty lines for readability
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
the input string in longer than 2 gigabytes, and
ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer
than 2 gigabytes. The ssl module does not support partial write.
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises
a ValueError if the password is longer than 2 gigabytes. The ssl module does
not support partial write.
The str() of a SSLError is also enhanced accordingly.
NOTE: this commit creates a reference leak. The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type. The leak is on the
type object when it is instantiated:
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented). This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.
Patch by Jacek Konieczny.
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r82211 | antoine.pitrou | 2010-06-25 02:07:34 +0200 (ven., 25 juin 2010) | 10 lines
Merged revisions 82210 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines
Issue #9075: In the ssl module, remove the setting of a `debug` flag
on an OpenSSL structure.
........
................
svn+ssh://pythondev@svn.python.org/python/trunk
........
r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines
Issue #9075: In the ssl module, remove the setting of a `debug` flag
on an OpenSSL structure.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r82204 | antoine.pitrou | 2010-06-25 00:34:04 +0200 (ven., 25 juin 2010) | 5 lines
Issue #8682: The ssl module now temporary increments the reference count of
a socket object got through `PyWeakref_GetObject`, so as to avoid possible
deallocation while the object is still being used.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r81242 | antoine.pitrou | 2010-05-17 01:14:22 +0200 (lun., 17 mai 2010) | 10 lines
Merged revisions 81241 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines
Clear the OpenSSL error queue each time an error is signalled.
When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
........
................
svn+ssh://pythondev@svn.python.org/python/trunk
........
r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines
Clear the OpenSSL error queue each time an error is signalled.
When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80454 | antoine.pitrou | 2010-04-24 23:26:44 +0200 (sam., 24 avril 2010) | 15 lines
Merged revisions 80451-80452 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines
The do_handshake() method of SSL objects now adjusts the blocking mode of
the SSL structure if necessary (as other methods already do).
........
r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines
Issue #5103: SSL handshake would ignore the socket timeout and block
indefinitely if the other end didn't respond.
........
................
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines
The do_handshake() method of SSL objects now adjusts the blocking mode of
the SSL structure if necessary (as other methods already do).
........
r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines
Issue #5103: SSL handshake would ignore the socket timeout and block
indefinitely if the other end didn't respond.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80394 | antoine.pitrou | 2010-04-23 02:16:21 +0200 (ven., 23 avril 2010) | 15 lines
Merged revisions 80392 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines
Issue #8108: Fix the unwrap() method of SSL objects when the socket has
a non-infinite timeout. Also make that method friendlier with applications
wanting to continue using the socket in clear-text mode, by disabling
OpenSSL's internal readahead. Thanks to Darryl Miles for guidance.
Issue #8108: test_ftplib's non-blocking SSL server now has proper handling
of SSL shutdowns.
........
................
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines
Issue #8108: Fix the unwrap() method of SSL objects when the socket has
a non-infinite timeout. Also make that method friendlier with applications
wanting to continue using the socket in clear-text mode, by disabling
OpenSSL's internal readahead. Thanks to Darryl Miles for guidance.
Issue #8108: test_ftplib's non-blocking SSL server now has proper handling
of SSL shutdowns.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80317 | antoine.pitrou | 2010-04-21 21:46:23 +0200 (mer., 21 avril 2010) | 15 lines
Merged revisions 80314-80315 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines
Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
........
r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines
Forgot to add the sample certificate (followup to r80314)
........
................
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines
Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
........
r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines
Forgot to add the sample certificate (followup to r80314)
........
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80151 | antoine.pitrou | 2010-04-17 19:10:38 +0200 (sam., 17 avril 2010) | 4 lines
Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the
available cipher list. Helps fix test_ssl with OpenSSL 1.0.0.
........
svn+ssh://pythondev@svn.python.org/python/trunk
........
r79812 | antoine.pitrou | 2010-04-05 23:35:07 +0200 (lun., 05 avril 2010) | 5 lines
Issue #8321: Give access to OpenSSL version numbers from the `ssl` module,
using the new attributes `ssl.OPENSSL_VERSION`, `ssl.OPENSSL_VERSION_INFO`
and `ssl.OPENSSL_VERSION_NUMBER`.
........
svn+ssh://pythondev@svn.python.org/python/trunk
........
r79448 | antoine.pitrou | 2010-03-26 20:27:16 +0100 (ven., 26 mars 2010) | 6 lines
Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
reads and writes are always retried by OpenSSL itself.
(this is a followup to issue #3890)
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r78598 | victor.stinner | 2010-03-02 23:48:17 +0100 (mar., 02 mars 2010) | 11 lines
Merged revisions 78596 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r78596 | victor.stinner | 2010-03-02 23:44:42 +0100 (mar., 02 mars 2010) | 4 lines
Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and
method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel
Black.
........
................
svn+ssh://pythondev@svn.python.org/python/trunk
........
r78596 | victor.stinner | 2010-03-02 23:44:42 +0100 (mar., 02 mars 2010) | 4 lines
Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and
method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel
Black.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r73623 | benjamin.peterson | 2009-06-28 12:22:03 -0500 (Sun, 28 Jun 2009) | 58 lines
Merged revisions 73004,73439,73496,73509,73529,73564,73576-73577,73595-73596,73605 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r73004 | jeffrey.yasskin | 2009-05-28 22:44:31 -0500 (Thu, 28 May 2009) | 5 lines
Fix nearly all compilation warnings under Apple gcc-4.0. Tested with OPT="-g
-Wall -Wstrict-prototypes -Werror" in both --with-pydebug mode and --without.
There's still a batch of non-prototype warnings in Xlib.h that I don't know how
to fix.
........
r73439 | benjamin.peterson | 2009-06-15 19:29:31 -0500 (Mon, 15 Jun 2009) | 1 line
don't mask encoding errors when decoding a string #6289
........
r73496 | vinay.sajip | 2009-06-21 12:37:27 -0500 (Sun, 21 Jun 2009) | 1 line
Issue #6314: logging.basicConfig() performs extra checks on the "level" argument.
........
r73509 | amaury.forgeotdarc | 2009-06-22 14:33:48 -0500 (Mon, 22 Jun 2009) | 2 lines
#4490 Fix sample code run by "python -m xml.sax.xmlreader"
........
r73529 | r.david.murray | 2009-06-23 13:02:46 -0500 (Tue, 23 Jun 2009) | 4 lines
Fix issue 5230 by having pydoc's safeimport check to see if the import
error was thrown from itself in order to decide if the module can't be
found. Thanks to Lucas Prado Melo for collaborating on the fix and tests.
........
r73564 | amaury.forgeotdarc | 2009-06-25 17:29:29 -0500 (Thu, 25 Jun 2009) | 6 lines
#2016 Fix a crash in function call when the **kwargs dictionary is mutated
during the function call setup.
This even gives a slight speedup, probably because tuple allocation
is faster than PyMem_NEW.
........
r73576 | benjamin.peterson | 2009-06-26 18:37:06 -0500 (Fri, 26 Jun 2009) | 1 line
document is_declared_global()
........
r73577 | benjamin.peterson | 2009-06-27 09:16:23 -0500 (Sat, 27 Jun 2009) | 1 line
link to extensive generator docs in the reference manual
........
r73595 | ezio.melotti | 2009-06-27 18:45:39 -0500 (Sat, 27 Jun 2009) | 1 line
stmt and setup can contain multiple statements, see #5896
........
r73596 | ezio.melotti | 2009-06-27 19:07:45 -0500 (Sat, 27 Jun 2009) | 1 line
Fixed a wrong apostrophe
........
r73605 | georg.brandl | 2009-06-28 07:10:18 -0500 (Sun, 28 Jun 2009) | 1 line
Remove stray pychecker directive.
........
................
r73624 | benjamin.peterson | 2009-06-28 12:32:20 -0500 (Sun, 28 Jun 2009) | 1 line
document BufferedIOBase.raw and TextIOBase.buffer
................
svn+ssh://pythondev@svn.python.org/python/trunk
........
r73004 | jeffrey.yasskin | 2009-05-28 22:44:31 -0500 (Thu, 28 May 2009) | 5 lines
Fix nearly all compilation warnings under Apple gcc-4.0. Tested with OPT="-g
-Wall -Wstrict-prototypes -Werror" in both --with-pydebug mode and --without.
There's still a batch of non-prototype warnings in Xlib.h that I don't know how
to fix.
........
r73439 | benjamin.peterson | 2009-06-15 19:29:31 -0500 (Mon, 15 Jun 2009) | 1 line
don't mask encoding errors when decoding a string #6289
........
r73496 | vinay.sajip | 2009-06-21 12:37:27 -0500 (Sun, 21 Jun 2009) | 1 line
Issue #6314: logging.basicConfig() performs extra checks on the "level" argument.
........
r73509 | amaury.forgeotdarc | 2009-06-22 14:33:48 -0500 (Mon, 22 Jun 2009) | 2 lines
#4490 Fix sample code run by "python -m xml.sax.xmlreader"
........
r73529 | r.david.murray | 2009-06-23 13:02:46 -0500 (Tue, 23 Jun 2009) | 4 lines
Fix issue 5230 by having pydoc's safeimport check to see if the import
error was thrown from itself in order to decide if the module can't be
found. Thanks to Lucas Prado Melo for collaborating on the fix and tests.
........
r73564 | amaury.forgeotdarc | 2009-06-25 17:29:29 -0500 (Thu, 25 Jun 2009) | 6 lines
#2016 Fix a crash in function call when the **kwargs dictionary is mutated
during the function call setup.
This even gives a slight speedup, probably because tuple allocation
is faster than PyMem_NEW.
........
r73576 | benjamin.peterson | 2009-06-26 18:37:06 -0500 (Fri, 26 Jun 2009) | 1 line
document is_declared_global()
........
r73577 | benjamin.peterson | 2009-06-27 09:16:23 -0500 (Sat, 27 Jun 2009) | 1 line
link to extensive generator docs in the reference manual
........
r73595 | ezio.melotti | 2009-06-27 18:45:39 -0500 (Sat, 27 Jun 2009) | 1 line
stmt and setup can contain multiple statements, see #5896
........
r73596 | ezio.melotti | 2009-06-27 19:07:45 -0500 (Sat, 27 Jun 2009) | 1 line
Fixed a wrong apostrophe
........
r73605 | georg.brandl | 2009-06-28 07:10:18 -0500 (Sun, 28 Jun 2009) | 1 line
Remove stray pychecker directive.
........
PyUnicode_AsStringAndSize -> _PyUnicode_AsStringAndSize to mark
them for interpreter internal use only.
We'll have to rework these APIs or create new ones for the
purpose of accessing the UTF-8 representation of Unicode objects
for 3.1.
Otherwise dir(_sre.SRE_Match) returns an empty list.
First step: handle most occurrences, remove tp_getattr and fill the tp_methods and tp_members slots.
Add some test about attribute access.