Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
87,771 Commits 7 Branches 587 Tags 2.3 GiB
Commit Graph

344 Commits

Author SHA1 Message Date
Benjamin Peterson 15042921ad enable cert validation in test 2015-01-07 22:12:43 -06:00
Benjamin Peterson 23ef9fac16 trying again 2015-01-07 21:21:34 -06:00
Benjamin Peterson e6838e08ef reorder cipher prefs 2015-01-07 20:52:40 -06:00
Benjamin Peterson 44c77791ab drop 256 2015-01-07 20:30:59 -06:00
Benjamin Peterson 359f2982f4 try using AES256 2015-01-07 20:03:27 -06:00
Benjamin Peterson 8791d697e0 fix assertions after ciphers were changed 2015-01-07 14:29:45 -06:00
Benjamin Peterson f78b78aed4 rc4 is a long time favorite 2015-01-07 14:21:22 -06:00
Benjamin Peterson 438a8db763 everyone should support AES ciphers 2015-01-07 13:28:40 -06:00
Benjamin Peterson 9f6eceab46 include some more ciphers 2015-01-07 12:59:20 -06:00
Benjamin Peterson aacd524118 force test server to speak tlsv1 2015-01-07 11:42:38 -06:00
Benjamin Peterson e27a421354 remove apparently wrong assertion about des bit size 2015-01-07 11:33:51 -06:00
Benjamin Peterson 4cb17812d9 expose the client's cipher suites from the handshake (closes #23186) 2015-01-07 11:14:26 -06:00
Victor Stinner 789b805700 test_ssl: add more debug to investigate test_openssl_version() failure on 
OpenBSD with LibreSSL.
 2015-01-06 11:51:06 +01:00
Victor Stinner 648b862017 Issue #22935: Fix test_ssl when the SSLv3 protocol is not supported 2014-12-12 12:23:59 +01:00
Benjamin Peterson 22293df016 merge 3.4 (#22935) 2014-12-05 22:11:33 -05:00
Benjamin Peterson e32467cf6a allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935) 
Patch by Kurt Roeckx.
 2014-12-05 21:59:35 -05:00
Victor Stinner beeb512fe1 Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The 
availability of the function is checked during the compilation.

Patch written by Bernard Spil.
 2014-11-28 13:28:25 +01:00
Benjamin Peterson f9284ae8ed merge 3.4 (#22921) 2014-11-23 17:06:39 -06:00
Benjamin Peterson 7243b574e5 don't require OpenSSL SNI to pass hostname to ssl functions (#22921) 
Patch by Donald Stufft.
 2014-11-23 17:04:34 -06:00
Benjamin Peterson 98e1b9158c merge 3.4 2014-11-03 21:06:07 -05:00
Benjamin Peterson 1ea070e561 test that keyfile can be None 2014-11-03 21:05:01 -05:00
Benjamin Peterson 1cca273669 merge 3.4 (#22417) 2014-11-03 14:36:48 -05:00
Benjamin Peterson 4ffb075271 PEP 476: enable HTTPS certificate verification by default (#22417) 
Patch by Alex Gaynor with some modifications by me.
 2014-11-03 14:29:33 -05:00
Antoine Pitrou b1fdf47ff5 Issue #21965: Add support for in-memory SSL to the ssl module. 
Patch by Geert Jansen.
 2014-10-05 20:41:53 +02:00
Benjamin Peterson 91b62c4a8a merge 3.4 2014-10-03 18:17:30 -04:00
Benjamin Peterson 91244e01bb separate cert loading tests into Windows and non-Windows cases 2014-10-03 18:17:15 -04:00
Benjamin Peterson 8b9cfa1066 merge 3.4 (#22449) 2014-10-03 17:33:45 -04:00
Benjamin Peterson 5915b0f924 also use openssl envvars to find certs on windows (closes #22449) 
Patch by Christian Heimes and Alex Gaynor.
 2014-10-03 17:27:05 -04:00
Antoine Pitrou 47e40429fb Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use. 2014-09-04 21:00:10 +02:00
Charles-François Natali 6e20460dc6 Issue #21566: Make use of socket.listen() default backlog. 2014-07-23 19:28:13 +01:00
Antoine Pitrou 26408df88f Issue #21976: Fix test_ssl to accept LibreSSL version strings. 
Thanks to William Orr.
 2014-07-21 18:37:36 -04:00
Antoine Pitrou dfab935c74 Issue #21976: Fix test_ssl to accept LibreSSL version strings. 
Thanks to William Orr.
 2014-07-21 18:35:01 -04:00
Giampaolo Rodola' 915d14190e fix issue #17552: add socket.sendfile() method allowing to send a file over a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'· 2014-06-11 03:54:30 +02:00
Antoine Pitrou b4bebdafe3 Issue #20951: SSLSocket.send() now raises either SSLWantReadError or SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0. 
Patch by Nikolaus Rath.
 2014-04-29 10:03:28 +02:00
Antoine Pitrou c695c95626 Issue #19940: ssl.cert_time_to_seconds() now interprets the given time string in the UTC timezone (as specified in RFC 5280), not the local timezone. 
Patch by Akira.
 2014-04-28 20:57:36 +02:00
Antoine Pitrou 172f025bed Issue #21068: The ssl.PROTOCOL* constants are now enum members. 2014-04-18 20:33:08 +02:00
Antoine Pitrou c043061667 Try to fix buildbot failures on old OpenSSLs (< 1.0.0) - followup to issue #21015 2014-04-16 18:33:39 +02:00
Antoine Pitrou 94a5b663bf Issue #20896: ssl.get_server_certificate() now uses PROTOCOL_SSLv23, not PROTOCOL_SSLv3, for maximum compatibility. 2014-04-16 18:56:28 +02:00
Donald Stufft 6a2ba94908 Issue #21013: Enhance ssl.create_default_context() for server side contexts 
Closes #21013 by modfying ssl.create_default_context() to:

* Move the restricted ciphers to only apply when using
  ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not
  is the lack of RC4 in the restricted. However there are servers that exist
  that only expose RC4 still.
* Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context
  will select TLS1.1 or TLS1.2 if it is available.
* Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets
* Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security
  of the perfect forward secrecy
* Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side
  socket the context will prioritize our ciphers which have been carefully
  selected to maximize security and performance.
* Documents the failure conditions when a SSL3.0 connection is required so
  that end users can more easily determine if they need to unset
  ssl.OP_NO_SSLv3.
 2014-03-23 19:05:28 -04:00
Antoine Pitrou 0bebbc33fa Issue #21015: SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". 
(should also fix a buildbot failure introduced by #20995)
 2014-03-22 18:13:50 +01:00
Benjamin Peterson 10b93cc29c merge 3.3 (#20896) 2014-03-12 18:10:57 -05:00
Antoine Pitrou ba44860c11 Try to fix test_ssl failures on some buildbots 2014-01-09 21:30:17 +01:00
Antoine Pitrou 32c4915b23 Try to fix test_ssl failures on some buildbots 2014-01-09 21:28:48 +01:00
Antoine Pitrou 78ace81c93 Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for. 2014-01-09 20:09:03 +01:00
Antoine Pitrou cd3d7cabef Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for. 2014-01-09 20:02:20 +01:00
Antoine Pitrou 3e86ba4e32 Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data. 2013-12-28 17:26:33 +01:00
Antoine Pitrou e6d2f159fc Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data. 2013-12-28 17:30:51 +01:00
Victor Stinner 36e96b8716 (Merge 3.3) Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now 
raise a ValueError if num is negative (instead of raising a SystemError).
 2013-12-19 16:47:25 +01:00
Victor Stinner 1e81a399a2 Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a 
ValueError if num is negative (instead of raising a SystemError).
 2013-12-19 16:47:04 +01:00
Christian Heimes bd9cbb0691 Issue #19919: Fix flacky SSL test. connect_ex() sometimes returns 
EWOULDBLOCK on Windows or VMs hosted on Windows.
 2013-12-16 21:16:45 +01:00