a6bc95aa02
Issue #19448 : Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name.
2013-11-17 19:59:14 +01:00
b89b5df9c9
merge with 3.3
2013-10-27 07:46:09 +01:00
72c98d3a76
Issue #17997 : Change behavior of ``ssl.match_hostname()`` to follow RFC 6125,
...
for security reasons. It now doesn't match multiple wildcards nor wildcards
inside IDN fragments.
2013-10-27 07:16:53 +01:00
9a3777e525
#18705 : merge with 3.3.
2013-08-17 15:53:55 +03:00
30b9d5d3af
#18705 : fix a number of typos. Patch by Févry Thibault.
2013-08-17 15:50:46 +03:00
60a26e0516
Issue #9177 : Calling read() or write() now raises ValueError, not AttributeError, on a closed SSL socket.
...
Patch by Senko Rasic.
2013-07-20 19:35:16 +02:00
cd171c8e92
Issue #18200 : Back out usage of ModuleNotFoundError (8d28d44f3a9a)
2013-07-04 17:43:24 -04:00
0a140668fa
Issue #18200 : Update the stdlib (except tests) to use
...
ModuleNotFoundError.
2013-06-13 20:57:26 -04:00
46bebee25f
Issue #17134 : Add ssl.enum_cert_store() as interface to Windows' cert store.
2013-06-09 19:03:31 +02:00
6d7ad13a45
Issue #18143 : Implement ssl.get_default_verify_paths() in order to debug
...
the default locations for cafile and capath.
2013-06-09 18:02:55 +02:00
636f93c63b
Issue #17980 : Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
2013-05-18 17:56:42 +02:00
31fb419908
Issue #17980 : Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
2013-05-18 17:59:12 +02:00
242db728e2
Issue #13721 : SSLSocket.getpeercert() and SSLSocket.do_handshake() now raise an OSError with ENOTCONN, instead of an AttributeError, when the SSLSocket is not connected.
2013-05-01 20:52:07 +02:00
06d0c1e72c
remove uneffective 'while True' clause
2013-04-03 12:01:44 +02:00
2463e5fee4
Issue #16692 : The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù.
2013-03-28 22:24:43 +01:00
f86b3c394c
merge 3.3 ( #16900 )
2013-01-10 14:16:42 -06:00
36f7b97787
remove __del__ because it's evil and also prevents the ResourceWarning on the socket from happening ( closes #16900 )
2013-01-10 14:16:20 -06:00
58ddc9d743
Issue #8109 : The ssl module now has support for server-side SNI, thanks to a :meth:`SSLContext.set_servername_callback` method.
...
Patch by Daniel Black.
2013-01-05 21:20:29 +01:00
0832af6628
Issue #16717 : get rid of socket.error, replace with OSError
2012-12-18 23:10:48 +02:00
73e9bd4d25
Issue #16357 : fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
...
Original patch by Jeff McNeil.
2012-11-11 01:27:33 +01:00
5c89b4ec55
Issue #16357 : fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
...
Original patch by Jeff McNeil.
2012-11-11 01:25:36 +01:00
d5d17eb653
Issue #14204 : The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
...
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
a9bf2ac726
Try to really fix compilation failures of the _ssl module under very old OpenSSLs.
2012-02-17 18:47:54 +01:00
8f85f907e3
Issue #13636 : Weak ciphers are now disabled by default in the ssl module
...
(except when SSLv2 is explicitly asked for).
2012-01-03 22:46:48 +01:00
72aeec35a1
Issue #13636 : Weak ciphers are now disabled by default in the ssl module
...
(except when SSLv2 is explicitly asked for).
2012-01-03 22:49:08 +01:00
0e576f1f50
Issue #13626 : Add support for SSL Diffie-Hellman key exchange, through the
...
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
501da61671
Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
...
(followup to issue #13627 )
2011-12-21 09:27:41 +01:00
8abdb8abd8
Issue #13634 : Add support for querying and disabling SSL compression.
2011-12-20 10:13:40 +01:00
923df6f22a
Issue #13627 : Add support for SSL Elliptic Curve-based Diffie-Hellman
...
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
6db4944cc5
Issue #13635 : Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
...
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
41032a69c1
Issue #11183 : Add finer-grained exceptions to the ssl module, so that
...
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
513886aabb
Fix #12835 : prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson)
2011-08-28 00:00:27 +10:00
5fab03fd15
Remove the SSLSocket versions of sendmsg/recvmsg due to lack of proper tests and documentation in conjunction with lack of any known use cases (see issue #6560 for details)
2011-08-23 22:26:44 +10:00
96fe56abec
Add support for the send/recvmsg API to the socket module. Patch by David Watson and Heiko Wundram. ( Closes #6560 )
2011-08-22 11:55:57 +10:00
d649480739
Issue #12551 : Provide a get_channel_binding() method on SSL sockets so as
...
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented). This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.
Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
7128f95bd2
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:49:07 +02:00
b9ac25d1c3
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:47:06 +02:00
99c8b16143
Issue #12049 : Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
...
module.
2011-05-24 12:05:19 +02:00
7a616f2fc5
Issue #12065 : connect_ex() on an SSL socket now returns the original errno
...
when the socket's timeout expires (it used to return None).
2011-05-18 18:52:20 +02:00
b4410dbea6
Issue #12065 : connect_ex() on an SSL socket now returns the original errno
...
when the socket's timeout expires (it used to return None).
2011-05-18 18:51:06 +02:00
17ca323e7c
(Merge 3.1) Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
ee18b6f2fd
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
3de49192aa
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
ff9bfca482
Issue #12000 : When a SSL certificate has a subjectAltName without any
...
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:20:55 +02:00
1c86b44506
Issue #12000 : When a SSL certificate has a subjectAltName without any
...
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:19:49 +02:00
15399c3f09
Issue #11811 : ssl.get_server_certificate() is now IPv6-compatible. Patch
...
by Charles-François Natali.
2011-04-28 19:23:55 +02:00
86cbfec50a
Merged revisions 88664 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines
Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
and make it work for non-blocking connects.
........
2011-02-26 23:25:34 +00:00
e93bf7aed2
Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
...
and make it work for non-blocking connects.
2011-02-26 23:24:06 +00:00
d532321f7b
Issue #5639 : Add a *server_hostname* argument to `SSLContext.wrap_socket`
...
in order to support the TLS SNI extension. `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
2010-10-22 18:19:07 +00:00
59fdd6736b
Issue #1589 : Add ssl.match_hostname(), to help implement server identity
...
verification for higher-level protocols.
2010-10-08 10:37:08 +00:00
Christian Heimes
Georg Brandl
Ezio Melotti
Antoine Pitrou
Brett Cannon
Giampaolo Rodola'
Benjamin Peterson
Andrew Svetlov
Nick Coghlan
Victor Stinner