Felipe
19e4d9346d
bpo-31533: fix broken link to OpenSSL docs ( #3674 )
2017-09-20 20:20:18 +02:00
Christian Heimes
e82c034496
bpo-31431: SSLContext.check_hostname auto-sets CERT_REQUIRED ( #3531 )
...
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:29:57 +02:00
Christian Heimes
4df60f18c6
bpo-31386: Custom wrap_bio and wrap_socket type ( #3426 )
...
SSLSocket.wrap_bio() and SSLSocket.wrap_socket() hard-code SSLObject and
SSLSocket as return types. In the light of future deprecation of
ssl.wrap_socket() module function and direct instantiation of SSLSocket,
it is desirable to make the return type of SSLSocket.wrap_bio() and
SSLSocket.wrap_socket() customizable.
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:26:05 +02:00
Christian Heimes
b3ad0e5127
bpo-28182: Expose OpenSSL verification results ( #3412 )
...
The SSL module now raises SSLCertVerificationError when OpenSSL fails to
verify the peer's certificate. The exception contains more information about
the error.
Original patch by Chi Hsuan Yen
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-08 12:00:19 -07:00
Christian Heimes
cb5b68abde
bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 ( #1363 )
...
* bpo-29136: Add TLS 1.3 support
TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3
cipher suites don't overlap with cipher suites from TLS 1.2 and earlier.
Since Python sets its own set of permitted ciphers, TLS 1.3 handshake
will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common
AES-GCM and ChaCha20 suites.
Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with
OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3
now.
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-07 18:07:00 -07:00
Christian Heimes
ad0ffa033e
bpo-21649: Add RFC 7525 and Mozilla server side TLS ( #3387 )
...
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-06 16:19:56 -07:00
Christian Heimes
7b40cb7293
bpo-30714: ALPN changes for OpenSSL 1.1.0f ( #2305 )
...
OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client
could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that.
The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN
callback can pretend to not been set.
See https://github.com/openssl/openssl/pull/3158 for more details
Signed-off-by: Christian Heimes <christian@python.org>
2017-08-15 10:33:43 +02:00
Benjamin Peterson
fdfca5f0ff
remove extra word ( #2101 )
2017-06-11 00:24:38 -07:00
Benjamin Peterson
dc1da9adc3
clarify recv() and send() on SSLObject ( #2100 )
...
SSLObject has recv() and send(), but they don't do any network io.
2017-06-11 00:15:14 -07:00
Chandan Kumar
63c2c8ac17
bpo-19180: Updated references for RFC 1750, RFC 3280 & RFC 4366 (GH-148)
...
* RFC 1750 has been been obsoleted by RFC 4086.
* RFC 3280 has been obsoleted by RFC 5280.
* RFC 4366 has been obsoleted by RFC 6066.
2017-06-09 19:43:58 +10:00
Nathaniel J. Smith
d4069de511
Clean up some confusing text left by PROTOCOL_SSLv23 -> PROTOCOL_TLS transition ( #1355 )
2017-05-01 22:43:31 -07:00
Marco Buttu
7b2491a6aa
bpo-27200: Fix pathlib, ssl, turtle and weakref doctests (GH-616)
2017-04-13 17:17:59 +03:00
Alex Gaynor
275104e86b
In SSL module version examples, don't use a legacy version. ( #381 )
2017-03-02 11:23:19 +01:00
Alex Gaynor
1cf2a809b1
Fixed a handful of typos (GH-343)
2017-02-28 19:26:56 -08:00
Berker Peksag
d93c4de522
Fix usage of data directive
2017-02-06 13:37:19 +03:00
Serhiy Storchaka
7d6dda4b78
Issue #19795 : Improved more markups of True/False.
2016-10-19 18:36:51 +03:00
Serhiy Storchaka
4adf01caae
Issue #19795 : Improved more markups of True/False.
2016-10-19 18:30:05 +03:00
Serhiy Storchaka
989db5c880
Issue #19795 : Mark up None as literal text.
2016-10-19 16:37:13 +03:00
Serhiy Storchaka
ecf41da83e
Issue #19795 : Mark up None as literal text.
2016-10-19 16:29:26 +03:00
Christian Heimes
ed9c0706cf
Explain why PROTOCOL_SSLv23 does not support SSLv2 and SSLv3 by default.
2016-09-13 13:27:26 +02:00
Christian Heimes
17352fff92
Explain why PROTOCOL_SSLv23 does not support SSLv2 and SSLv3 by default.
2016-09-13 12:09:55 +02:00
Christian Heimes
c4d2e500a9
Update whatsnew with my contributions
2016-09-12 01:14:35 +02:00
Christian Heimes
5fe668c672
Issue #28085 : Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContext
2016-09-12 00:01:11 +02:00
Christian Heimes
99a6570295
Issue #19500 : Add client-side SSL session resumption to the ssl module.
2016-09-10 23:44:53 +02:00
Christian Heimes
d04863771b
Issue #28022 : Deprecate ssl-related arguments in favor of SSLContext.
...
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.
ssl.wrap_socket() is not marked as deprecated yet.
2016-09-10 23:23:33 +02:00
Christian Heimes
358cfd426c
Issue 28043: SSLContext has improved default settings
...
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
2016-09-10 22:43:48 +02:00
Christian Heimes
3aeacad561
Issue #28025 : Convert all ssl module constants to IntEnum and IntFlags.
2016-09-10 00:19:35 +02:00
Christian Heimes
03d13c0cbf
Issues #27850 and #27766 : Remove 3DES from ssl default cipher list and add ChaCha20 Poly1305.
2016-09-06 20:06:47 +02:00
Christian Heimes
598894ff48
Issue #26470 : Port ssl and hashlib module to OpenSSL 1.1.0.
2016-09-05 23:19:05 +02:00
Christian Heimes
ac041c0aa7
Issues #27850 and #27766 : Remove 3DES from ssl default cipher list and add ChaCha20 Poly1305.
2016-09-06 20:07:58 +02:00
Christian Heimes
25bfcd5d9e
Issue #27866 : Add SSLContext.get_ciphers() method to get a list of all enabled ciphers.
2016-09-06 00:04:45 +02:00
Christian Heimes
01113faef9
Issue #26470 : Port ssl and hashlib module to OpenSSL 1.1.0.
2016-09-05 23:23:24 +02:00
Terry Jan Reedy
fa089b9b0b
Issue #22558 : Add remaining doc links to source code for Python-coded modules.
...
Reformat header above separator line (added if missing) to a common format.
Patch by Yoni Lavi.
2016-06-11 15:02:54 -04:00
Serhiy Storchaka
dba903993a
Issue #23921 : Standardized documentation whitespace formatting.
...
Original patch by James Edwards.
2016-05-10 12:01:23 +03:00
Serhiy Storchaka
6dff0205b7
Issue #26736 : Used HTTPS for external links in the documentation if possible.
2016-05-07 10:49:07 +03:00
Martin Panter
f6b1d66a3c
Issue #23804 : Fix SSL recv/read(0) to not return 1024 bytes
2016-03-28 00:22:09 +00:00
Georg Brandl
5d94134040
Closes #25910 : fix dead and permanently redirected links in the docs. Thanks to SilentGhost for the patch.
2016-02-26 19:37:12 +01:00
Georg Brandl
8c16cb9f65
Closes #26435 : fix syntax in directives. Thanks to Jakub Stasiak.
2016-02-25 20:17:45 +01:00
Serhiy Storchaka
4981dd2cb8
Fixed merging error in 3ebeeed1eb28.
...
Thanks Марк Коренберг.
2015-11-06 11:19:42 +02:00
Martin Panter
4827e488a4
Merge spelling fixes from 3.4 into 3.5
2015-10-31 12:16:18 +00:00
Martin Panter
1f1177d69a
Fix some spelling errors in documentation and code comments
2015-10-31 11:48:53 +00:00
Berker Peksag
fee05daef8
Issue #24232 : Fix typos. Patch by Ville Skyttä.
2015-05-19 01:38:05 +03:00
Berker Peksag
315e104d11
Issue #24232 : Fix typos. Patch by Ville Skyttä.
2015-05-19 01:36:55 +03:00
Antoine Pitrou
b9f2ab9eae
Fix duplicate doc entry for SSLContext.get_ca_certs()
...
(closes #18147 )
2015-04-13 21:06:51 +02:00
Antoine Pitrou
97aa953550
Fix duplicate doc entry for SSLContext.get_ca_certs()
...
(closes #18147 )
2015-04-13 21:06:15 +02:00
Benjamin Peterson
1c69c3e3d8
use imperative
2015-04-11 07:42:42 -04:00
Berker Peksag
eb7a97c48e
Issue #23025 : Add a mention of os.urandom to RAND_bytes and RAND_pseudo_bytes docs.
...
Patch by Alex Gaynor.
2015-04-10 16:19:13 +03:00
Benjamin Peterson
339e3f33b6
merge 3.4
2015-04-11 07:44:45 -04:00
Serhiy Storchaka
2ce11d296c
Null merge
2015-04-10 16:22:14 +03:00
Berker Peksag
a7b9a1f4df
Issue #23025 : Add a mention of os.urandom to RAND_bytes and RAND_pseudo_bytes docs.
...
Patch by Alex Gaynor.
2015-04-10 16:19:44 +03:00
Benjamin Peterson
f1c5dea3c2
merge 3.4
2015-04-08 11:11:45 -04:00
Benjamin Peterson
6f362fa6c8
actually ssl3 is just completely broken
2015-04-08 11:11:00 -04:00
Victor Stinner
146907081c
Issue #23853 : Methods of SSL socket don't reset the socket timeout anymore each
...
time bytes are received or sent. The socket timeout is now the maximum total
duration of the method.
This change fixes a denial of service if the application is regulary
interrupted by a signal and the signal handler does not raise an exception.
2015-04-06 22:46:13 +02:00
Serhiy Storchaka
8490f5acfe
Issue #23001 : Few functions in modules mmap, ossaudiodev, socket, ssl, and
...
codecs, that accepted only read-only bytes-like object now accept writable
bytes-like object too.
2015-03-20 09:00:36 +02:00
Benjamin Peterson
85586ebc39
merge 3.4 ( #23679 )
2015-03-16 12:45:27 -05:00
Benjamin Peterson
59c4eb71f2
versionchanged for rc4 removal ( closes #23679 )
2015-03-16 12:43:38 -05:00
Benjamin Peterson
af098a221a
merge 3.4 ( #23608 )
2015-03-08 09:42:40 -04:00
Benjamin Peterson
c8358273ae
indicate correct version ( closes #23608 )
2015-03-08 09:42:25 -04:00
Benjamin Peterson
de8eca4638
merge 3.4
2015-03-04 22:50:25 -05:00
Benjamin Peterson
990fcaac3c
expose X509_V_FLAG_TRUSTED_FIRST
2015-03-04 22:49:41 -05:00
Antoine Pitrou
c481bfb3f6
Issue #23239 : ssl.match_hostname() now supports matching of IP addresses.
2015-02-15 18:12:20 +01:00
Benjamin Peterson
8861502e07
prefer server alpn ordering over the client's
2015-01-23 17:30:26 -05:00
Benjamin Peterson
cca2732a82
add support for ALPN ( closes #20188 )
2015-01-23 16:35:37 -05:00
Benjamin Peterson
4cb17812d9
expose the client's cipher suites from the handshake ( closes #23186 )
2015-01-07 11:14:26 -06:00
Victor Stinner
3ce67a9560
Issue #23177 : Document that ssl.RAND_egd() is not available with LibreSSL
2015-01-06 13:53:09 +01:00
Benjamin Peterson
b92fd01189
note that sslv3 may not be available
2014-12-06 11:36:32 -05:00
Serhiy Storchaka
b757c83ec6
Issue #22581 : Use more "bytes-like object" throughout the docs and comments.
2014-12-05 22:25:22 +02:00
Antoine Pitrou
2b207badd6
Fix #22987 : update the compatibility matrix for a SSLv23 client.
2014-12-03 20:00:56 +01:00
Benjamin Peterson
dbd4bcfcca
correct versionchanged version
2014-11-23 20:09:31 -06:00
Benjamin Peterson
7243b574e5
don't require OpenSSL SNI to pass hostname to ssl functions ( #22921 )
...
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
Benjamin Peterson
b9859daeeb
merge 3.4
2014-12-06 11:37:18 -05:00
Serhiy Storchaka
92bf919ed0
Issue #22581 : Use more "bytes-like object" throughout the docs and comments.
2014-12-05 22:26:10 +02:00
Antoine Pitrou
af12676659
Fix #22987 : update the compatibility matrix for a SSLv23 client.
2014-12-03 20:03:11 +01:00
Benjamin Peterson
f9284ae8ed
merge 3.4 ( #22921 )
2014-11-23 17:06:39 -06:00
Georg Brandl
bad8d4bb53
merge with 3.4
2014-10-29 10:57:42 +01:00
Georg Brandl
b7354a65ce
Fixing broken links in doc, part 4: some more breaks and redirects
2014-10-29 10:57:37 +01:00
Antoine Pitrou
35cd53a940
Issue #22660 : update various mentions in the ssl module documentation.
2014-10-21 00:16:00 +02:00
Antoine Pitrou
4b4ddb2190
Issue #22660 : update various mentions in the ssl module documentation.
2014-10-21 00:14:39 +02:00
Victor Stinner
2debf15593
Issue #22564 : cleanup SSLObject doc
2014-10-10 13:04:08 +02:00
Victor Stinner
29611452b7
Issue #22564 : ssl doc, add more links to the non-blocking section
2014-10-10 12:52:43 +02:00
Victor Stinner
805b262d38
Issue #22564 : ssl doc: reorganize and reindent documentation of SSLObject and
...
MemoryBIO; move documentation of SSLContext.wrap_bio()
2014-10-10 12:49:08 +02:00
Victor Stinner
9558e90315
Merge 3.4
2014-10-10 12:47:01 +02:00
Victor Stinner
cfb2a0a855
Issue #22564 : ssl doc: mention asyncio in the non-blocking section
2014-10-10 12:45:10 +02:00
Victor Stinner
92127a5edb
Merge 3.4
2014-10-10 12:43:17 +02:00
Victor Stinner
d28fe8c8f4
Issue #22564 : ssl doc: mention how SSLSocket are usually created
2014-10-10 12:07:19 +02:00
Victor Stinner
3c3d3c73f3
Issue #22564 : ssl doc: use "class" marker to document the SSLSocket class
2014-10-10 12:06:51 +02:00
Victor Stinner
41f92c2818
Issue #22564 : ssl doc: document read(), write(), pending, server_side and
...
server_hostname methods and attributes of SSLSocket.
2014-10-10 12:05:56 +02:00
Victor Stinner
851a6cc071
Issue #22564 : ssl doc: fix typos
2014-10-10 12:04:15 +02:00
Antoine Pitrou
b1fdf47ff5
Issue #21965 : Add support for in-memory SSL to the ssl module.
...
Patch by Geert Jansen.
2014-10-05 20:41:53 +02:00
Berker Peksag
131caba074
Revert #22251
2014-09-28 00:01:55 +03:00
Berker Peksag
9c1dba2758
Revert #22251
2014-09-28 00:00:58 +03:00
Berker Peksag
f7fee33104
Issue #22251 : Fix ReST markup to avoid errors building docs.
2014-09-27 23:22:35 +03:00
Berker Peksag
3749404ba5
Issue #22251 : Fix ReST markup to avoid errors building docs.
2014-09-27 23:21:35 +03:00
Antoine Pitrou
47e40429fb
Issue #20421 : Add a .version() method to SSL sockets exposing the actual protocol version in use.
2014-09-04 21:00:10 +02:00
Zachary Ware
b27d3a2d21
Closes #22072 : Merge typo fixes from 3.4
2014-07-25 13:31:36 -05:00
Zachary Ware
88a1977a08
Issue #22072 : Fix a couple of SSL doc typos. Patch by Alex Gaynor.
2014-07-25 13:30:50 -05:00
Berker Peksag
68f411670e
Issue #21994 : Merge with 3.4.
2014-07-17 05:02:02 +03:00
Berker Peksag
38bf87c7f2
Issue #21994 : Fix SyntaxError in the SSLContext.check_hostname documentation.
2014-07-17 05:00:36 +03:00
Zachary Ware
ba9fb0d83f
Fix doc build warning
2014-06-11 15:02:25 -05:00
Giampaolo Rodola'
915d14190e
fix issue #17552 : add socket.sendfile() method allowing to send a file over a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'·
2014-06-11 03:54:30 +02:00
Donald Stufft
8b852f111e
Fix Issue #21528 - Fix documentation typos
2014-05-20 12:58:38 -04:00
Antoine Pitrou
f48ff0dd6c
Issue #21430 : additions to the description of non-blocking SSL sockets
2014-05-18 00:56:53 +02:00
Antoine Pitrou
75e03388d8
Issue #21430 : additions to the description of non-blocking SSL sockets
2014-05-18 00:55:13 +02:00
Antoine Pitrou
b4bebdafe3
Issue #20951 : SSLSocket.send() now raises either SSLWantReadError or SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0.
...
Patch by Nikolaus Rath.
2014-04-29 10:03:28 +02:00
Antoine Pitrou
c695c95626
Issue #19940 : ssl.cert_time_to_seconds() now interprets the given time string in the UTC timezone (as specified in RFC 5280), not the local timezone.
...
Patch by Akira.
2014-04-28 20:57:36 +02:00
Antoine Pitrou
94a5b663bf
Issue #20896 : ssl.get_server_certificate() now uses PROTOCOL_SSLv23, not PROTOCOL_SSLv3, for maximum compatibility.
2014-04-16 18:56:28 +02:00
Donald Stufft
4137465bf5
Issue #21043 : Remove the recommendation for specific CA organizations
...
Closes #21043 by updating the documentation to remove specific CA
organizations and update the text to no longer need to tell you to
download root certificates, but instead use the OS certificates
avaialble through SSLContext.load_default_certs.
2014-03-24 19:26:03 -04:00
Donald Stufft
6a2ba94908
Issue #21013 : Enhance ssl.create_default_context() for server side contexts
...
Closes #21013 by modfying ssl.create_default_context() to:
* Move the restricted ciphers to only apply when using
ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not
is the lack of RC4 in the restricted. However there are servers that exist
that only expose RC4 still.
* Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context
will select TLS1.1 or TLS1.2 if it is available.
* Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets
* Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security
of the perfect forward secrecy
* Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side
socket the context will prioritize our ciphers which have been carefully
selected to maximize security and performance.
* Documents the failure conditions when a SSL3.0 connection is required so
that end users can more easily determine if they need to unset
ssl.OP_NO_SSLv3.
2014-03-23 19:05:28 -04:00
Antoine Pitrou
f8cbbbb652
Issue #20913 : make it clear that create_default_context() also enables hostname checking
2014-03-23 16:31:08 +01:00
Antoine Pitrou
c5e075ff03
Issue #20913 : improve the SSL security considerations to first advocate using create_default_context().
2014-03-22 18:19:11 +01:00
Donald Stufft
79ccaa2cad
Issue #20995 : Enhance default ciphers used by the ssl module
...
Closes #20995 by Enabling better security by prioritizing ciphers
such that:
* Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
* Prefer ECDHE over DHE for better performance
* Prefer any AES-GCM over any AES-CBC for better performance and security
* Then Use HIGH cipher suites as a fallback
* Then Use 3DES as fallback which is secure but slow
* Finally use RC4 as a fallback which is problematic but needed for
compatibility some times.
* Disable NULL authentication, NULL encryption, and MD5 MACs for security
reasons
2014-03-21 21:33:34 -04:00
Larry Hastings
3732ed2414
Merge in all documentation changes since branching 3.4.0rc1.
2014-03-15 21:13:56 -07:00
Antoine Pitrou
e6d2f159fc
Issue #19422 : Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
2013-12-28 17:30:51 +01:00
Antoine Pitrou
3e86ba4e32
Issue #19422 : Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
2013-12-28 17:26:33 +01:00
R David Murray
748bad2cd0
Tidy up ssl whatsnew references, make ssl section formatting consistent.
...
Also remove some extra blank lines in the ssl doc acctions for tls1.1/1.2,
and reflow a paragraph.
2013-12-20 17:08:39 -05:00
Christian Heimes
1aa9a75fbf
Issue #19509 : Add SSLContext.check_hostname to match the peer's certificate
...
with server_hostname on handshake.
2013-12-02 02:41:19 +01:00
Serhiy Storchaka
0e90e99188
Issue #19795 : Improved markup of True/False constants.
2013-11-29 12:19:53 +02:00
Serhiy Storchaka
fbc1c26803
Issue #19795 : Improved markup of True/False constants.
2013-11-29 12:17:13 +02:00
Antoine Pitrou
5bef410471
Tweak ssl docs
2013-11-23 16:16:29 +01:00
Christian Heimes
4c05b472dd
Issue #19689 : Add ssl.create_default_context() factory function. It creates
...
a new SSLContext object with secure default settings.
2013-11-23 15:58:30 +01:00
Christian Heimes
6b2ff98df4
Correct documentation clientAuth -> CLIENT_AUTH
2013-11-23 14:42:01 +01:00
Christian Heimes
72d28500b3
Issue #19292 : Add SSLContext.load_default_certs() to load default root CA
...
certificates from default stores or system stores. By default the method
loads CA certs for authentication of server certs.
2013-11-23 13:56:58 +01:00
Christian Heimes
2427b50fdd
Issue #8813 : X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+
...
The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
2013-11-23 11:24:32 +01:00
Christian Heimes
f22e8e5426
Issue #18147 : Add missing documentation for SSLContext.get_ca_certs().
...
Also change the argument name to the same name as getpeercert()
2013-11-22 02:22:51 +01:00
Christian Heimes
44109d7de7
Issue #17134 : Finalize interface to Windows' certificate store. Cert and
...
CRL enumeration are now two functions. enum_certificates() also returns
purpose flags as set of OIDs.
2013-11-22 01:51:30 +01:00
Christian Heimes
225877917e
Issue #8813 : Add SSLContext.verify_flags to change the verification flags
...
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
2013-11-21 23:56:13 +01:00
Christian Heimes
bd3a7f90b5
Issue #18379 : SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP
...
and CRL distribution points.
2013-11-21 03:40:15 +01:00
Christian Heimes
efff7060f8
Issue #18138 : Implement cadata argument of SSLContext.load_verify_location()
...
to load CA certificates and CRL from memory. It supports PEM and DER
encoded strings.
2013-11-21 03:35:02 +01:00
Antoine Pitrou
6b2b084192
Issue #19508 : direct the user to read the security considerations for the ssl module
2013-11-17 15:36:03 +01:00
Antoine Pitrou
9eefe91fc2
Issue #19508 : direct the user to read the security considerations for the ssl module
2013-11-17 15:35:33 +01:00
Christian Heimes
9f09120b83
merge
2013-10-29 22:21:16 +01:00
Christian Heimes
47674bc470
fix language
2013-10-29 22:19:39 +01:00
Christian Heimes
ee0bac66b2
Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding
...
It is causing trouble like e.g. hanging processes.
2013-10-29 21:11:55 +01:00
Christian Heimes
3046fe4c03
Issue #18747 : document issue with OpenSSL's CPRNG state and fork
2013-10-29 21:08:56 +01:00
Georg Brandl
72c98d3a76
Issue #17997 : Change behavior of ``ssl.match_hostname()`` to follow RFC 6125,
...
for security reasons. It now doesn't match multiple wildcards nor wildcards
inside IDN fragments.
2013-10-27 07:16:53 +01:00
Georg Brandl
b89b5df9c9
merge with 3.3
2013-10-27 07:46:09 +01:00
Georg Brandl
99b1a12f2f
merge with 3.3
2013-10-06 18:20:39 +02:00
Georg Brandl
4a6cf6c9d1
Closes #19177 : replace dead link to SSL/TLS introduction with the version from Apache.
2013-10-06 18:20:31 +02:00
Antoine Pitrou
20b85557f2
Issue #19095 : SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done.
2013-09-29 19:50:53 +02:00
Larry Hastings
d36fc4307e
Fix minor documentation markup error.
2013-08-03 02:49:53 -07:00
R David Murray
fe3ae3cdc7
Merge #18311 : fix typo.
2013-06-26 15:11:32 -04:00
R David Murray
c7f7579855
#18311 : fix typo.
2013-06-26 15:11:12 -04:00
Christian Heimes
9a5395ae2b
Issue #18147 : Add diagnostic functions to ssl.SSLContext().
...
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
2013-06-17 15:44:12 +02:00
Christian Heimes
46bebee25f
Issue #17134 : Add ssl.enum_cert_store() as interface to Windows' cert store.
2013-06-09 19:03:31 +02:00
Christian Heimes
3e738f97f8
removed accidental new line
2013-06-09 18:07:16 +02:00
Christian Heimes
6d7ad13a45
Issue #18143 : Implement ssl.get_default_verify_paths() in order to debug
...
the default locations for cafile and capath.
2013-06-09 18:02:55 +02:00
Antoine Pitrou
9b42128e2c
Issue #17739 : fix the description of SSLSocket.getpeercert(binary_form=True) for server sockets.
...
Thanks to David D Lowe for reporting.
2013-04-16 20:28:15 +02:00
Antoine Pitrou
d34941ad4e
Issue #17739 : fix the description of SSLSocket.getpeercert(binary_form=True) for server sockets.
...
Thanks to David D Lowe for reporting.
2013-04-16 20:27:17 +02:00
Antoine Pitrou
50b24d0d7c
Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.
...
Patch by Kazuhiro Yoshida.
(originally issue #8109 )
2013-04-11 20:48:42 +02:00
Antoine Pitrou
2463e5fee4
Issue #16692 : The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù.
2013-03-28 22:24:43 +01:00