diff --git a/Doc/library/multiprocessing.rst b/Doc/library/multiprocessing.rst index 16aabd50028..b303e163247 100644 --- a/Doc/library/multiprocessing.rst +++ b/Doc/library/multiprocessing.rst @@ -137,7 +137,7 @@ to start a process. These *start methods* are over Unix pipes. .. versionchanged:: 3.4 - *span* added on all unix platforms, and *forkserver* added for + *spawn* added on all unix platforms, and *forkserver* added for some unix platforms. Child processes no longer inherit all of the parents inheritable handles on Windows. diff --git a/Doc/whatsnew/3.4.rst b/Doc/whatsnew/3.4.rst index f1cb9d40439..141ca0bbe0f 100644 --- a/Doc/whatsnew/3.4.rst +++ b/Doc/whatsnew/3.4.rst @@ -124,8 +124,6 @@ Significantly Improved Library Modules: * :ref:`Single-dispatch generic functions ` in :mod:`functools` (:pep:`443`). * New :mod:`pickle` :ref:`protocol 4 ` (:pep:`3154`). -* :ref:`TLSv1.1 and TLSv1.2 support ` for :mod:`ssl` - (:issue:`16692`). * :mod:`multiprocessing` now has :ref:`an option to avoid using os.fork on Unix ` (:issue:`8713`). * :mod:`email` has a new submodule, :mod:`~email.contentmanager`, and @@ -136,6 +134,26 @@ Significantly Improved Library Modules: correct introspection of a much wider variety of callable objects * The :mod:`ipaddress` module API has been declared stable +Security improvements: + +* :ref:`Secure and interchangeable hash algorithm ` + (:pep:`456`). +* :ref:`Make newly created file descriptors non-inheritable ` + (:pep:`446`) to avoid leaking file descriptors to child processes. +* A new :func:`hashlib.pbkdf2_hmac` function provides + the `PKCS#5 password-based key derivation function 2 + `_. +* :ref:`TLSv1.1 and TLSv1.2 support ` for :mod:`ssl`. +* :ref:`Retrieving certificates from the Windows system cert store support + ` for :mod:`ssl`. +* :ref:`Server-side SNI (Server Name Indication) support + ` for :mod:`ssl`. +* The :class:`ssl.SSLContext` class got a :ref:`lot of improvements + `. +* :mod:`multiprocessing` now has :ref:`an option to avoid using os.fork + on Unix `: *spawn* and *forkserver* avoid + sharing data with child processes; child processes no longer inherit all of + the parents inheritable handles on Windows. CPython implementation improvements: @@ -1364,6 +1382,8 @@ TLSv1.2 support) have been added; support for these protocols is only available Python is linked with OpenSSL 1.0.1 or later. (Contributed by Michele OrrĂ¹ and Antoine Pitrou in :issue:`16692`) +.. _whatsnew34-sslcontext: + :class:`~ssl.SSLContext` method :meth:`~ssl.SSLContext.load_verify_locations` accepts a new optional argument *cadata*, which can be used to provide PEM or DER encoded certificates directly via strings or bytes, respectively. @@ -1383,12 +1403,16 @@ s), as well as a :meth:`~ssl.SSLContext.get_ca_certs` method that returns a list of the loaded ``CA`` certificates. (Contributed by Christian Heimes in and :issue:`18147`.) +.. _whatsnew34-win-cert-store: + Two new windows-only functions, :func:`~ssl.enum_certificates` and :func:`~ssl.enum_crls` provide the ability to retrieve certificates, certificate information, and CRLs from the Windows cert store. (Contributed by Christian Heimes in :issue:`17134`.) -Support for server-side SNI using the new +.. _whatsnew34-sni: + +Support for server-side SNI (Server Name Indication) using the new :meth:`ssl.SSLContext.set_servername_callback` method. (Contributed by Daniel Black in :issue:`8109`.)