869e1778c0
Issue #22117 : Replace usage of _PyTime_ROUND_UP with _PyTime_ROUND_CEILING
...
All these functions only accept positive timeouts, so this change has no effect
in practice.
2015-03-30 03:49:14 +02:00
ea9c0dd2c2
Issue #22117 : Fix usage of _PyTime_AsTimeval()
...
Add _PyTime_AsTimeval_noraise() function. Call it when it's not possible (or
not useful) to raise a Python exception on overflow.
2015-03-30 02:51:13 +02:00
e245231fab
Issue #22117 : Fix ssl to use _PyTime_t API on sock_timeout
...
I didn't notice that the ssl module uses private attributes of socket objects.
2015-03-28 03:00:46 +01:00
8490f5acfe
Issue #23001 : Few functions in modules mmap, ossaudiodev, socket, ssl, and
...
codecs, that accepted only read-only bytes-like object now accept writable
bytes-like object too.
2015-03-20 09:00:36 +02:00
e42ccd2bfd
Issue #23694 : Enhance _Py_fopen(), it now raises an exception on error
...
* If fopen() fails, OSError is raised with the original filename object.
* The GIL is now released while calling fopen()
2015-03-18 01:39:23 +01:00
de8eca4638
merge 3.4
2015-03-04 22:50:25 -05:00
990fcaac3c
expose X509_V_FLAG_TRUSTED_FIRST
2015-03-04 22:49:41 -05:00
b64ae7bf2d
merge 3.4 ( #23476 )
2015-03-04 22:11:48 -05:00
fdb1971587
enable X509_V_FLAG_TRUSTED_FIRST when possible ( closes #23476 )
2015-03-04 22:11:12 -05:00
0bfd0a4048
Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.
2015-03-04 20:54:57 +01:00
f7f3b0a14a
Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.
2015-03-04 20:51:55 +01:00
4d0d982985
Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer
...
overflows. Added few missed PyErr_NoMemory().
2015-02-16 13:33:32 +02:00
1a1ff29659
Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer
...
overflows. Added few missed PyErr_NoMemory().
2015-02-16 13:28:22 +02:00
c54de47759
ifdef our way to compatibility with old openssl ( closes #23335 )
2015-01-28 12:06:39 -05:00
07f0515667
disable ALPN on LibreSSL, which has a large version number, but not ALPN support ( closes #23329 )
2015-01-27 11:10:18 -05:00
8861502e07
prefer server alpn ordering over the client's
2015-01-23 17:30:26 -05:00
cca2732a82
add support for ALPN ( closes #20188 )
2015-01-23 16:35:37 -05:00
baf7c1e546
use SSL_get_session
2015-01-07 11:32:00 -06:00
4cb17812d9
expose the client's cipher suites from the handshake ( closes #23186 )
2015-01-07 11:14:26 -06:00
fcfed19913
Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The
...
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
2015-01-06 13:54:58 +01:00
5e8430d02c
Issue #23143 : Remove compatibility with OpenSSLs older than 0.9.8.
...
(the last 0.9.7 release was in 2007)
2015-01-03 23:17:23 +01:00
e32467cf6a
allow ssl module to compile if openssl doesn't support SSL 3 ( closes #22935 )
...
Patch by Kurt Roeckx.
2014-12-05 21:59:35 -05:00
7243b574e5
don't require OpenSSL SNI to pass hostname to ssl functions ( #22921 )
...
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
22293df016
merge 3.4 ( #22935 )
2014-12-05 22:11:33 -05:00
beeb512fe1
Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The
...
availability of the function is checked during the compilation.
Patch written by Bernard Spil.
2014-11-28 13:28:25 +01:00
f9284ae8ed
merge 3.4 ( #22921 )
2014-11-23 17:06:39 -06:00
b1fdf47ff5
Issue #21965 : Add support for in-memory SSL to the ssl module.
...
Patch by Geert Jansen.
2014-10-05 20:41:53 +02:00
47e40429fb
Issue #20421 : Add a .version() method to SSL sockets exposing the actual protocol version in use.
2014-09-04 21:00:10 +02:00
e03de09ff2
(Merge 3.4) Issue #21781 , _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format
...
requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".
2014-07-07 21:52:49 +02:00
cd75298611
Issue #21781 , _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires
...
size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".
2014-07-07 21:52:29 +02:00
7f084064e8
(Merge 3.4) Issue #21781 : Make the ssl module "ssize_t clean" for parsing
...
parameters. ssl.RAND_add() now supports strings longer than 2 GB.
2014-07-01 16:39:23 +02:00
2e57b4e488
Issue #21781 : Make the ssl module "ssize_t clean" for parsing parameters.
...
ssl.RAND_add() now supports strings longer than 2 GB.
2014-07-01 16:37:17 +02:00
45e8e2f218
Issue #21490 : Add new C macros: Py_ABS() and Py_STRINGIFY()
...
Keep _Py_STRINGIZE() in PC/pyconfig.h to not introduce a dependency between
pyconfig.h and pymacros.h.
2014-05-14 17:24:35 +02:00
0bebbc33fa
Issue #21015 : SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1".
...
(should also fix a buildbot failure introduced by #20995 )
2014-03-22 18:13:50 +01:00
83fed26953
avoid a compiler warning about assigning const char * to char *.
2014-01-17 12:09:05 -08:00
f34890937b
avoid a compiler warning about assigning const char * to char *.
2014-01-17 12:08:49 -08:00
78ace81c93
Issue #20207 : Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.
2014-01-09 20:09:03 +01:00
2f7c31678a
Remove conditional: it is useless at this point (OpenSSL headers are not yet included)
2014-01-09 20:07:41 +01:00
cd3d7cabef
Issue #20207 : Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.
2014-01-09 20:02:20 +01:00
36e96b8716
(Merge 3.3) Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now
...
raise a ValueError if num is negative (instead of raising a SystemError).
2013-12-19 16:47:25 +01:00
1e81a399a2
Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a
...
ValueError if num is negative (instead of raising a SystemError).
2013-12-19 16:47:04 +01:00
1aa9a75fbf
Issue #19509 : Add SSLContext.check_hostname to match the peer's certificate
...
with server_hostname on handshake.
2013-12-02 02:41:19 +01:00
470fba1f9f
SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too
2013-11-28 15:12:15 +01:00
2427b50fdd
Issue #8813 : X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+
...
The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
2013-11-23 11:24:32 +01:00
5398e1a56e
Issue #19448 : report name / NID in exception message of ASN1Object
2013-11-22 16:20:53 +01:00
f22e8e5426
Issue #18147 : Add missing documentation for SSLContext.get_ca_certs().
...
Also change the argument name to the same name as getpeercert()
2013-11-22 02:22:51 +01:00
44109d7de7
Issue #17134 : Finalize interface to Windows' certificate store. Cert and
...
CRL enumeration are now two functions. enum_certificates() also returns
purpose flags as set of OIDs.
2013-11-22 01:51:30 +01:00
1dbf61fa46
downcast len to int. The code has already checked that len < INT_MAX
2013-11-22 00:34:18 +01:00
18fc7be80d
lst might be NULL here
...
CID 1130752: Dereference after null check (FORWARD_NULL)
2013-11-21 23:57:49 +01:00
225877917e
Issue #8813 : Add SSLContext.verify_flags to change the verification flags
...
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
2013-11-21 23:56:13 +01:00
949ec14209
Issue #19682 : Fix compatibility issue with old version of OpenSSL that
...
was introduced by Issue #18379 .
2013-11-21 16:26:51 +01:00
bd3a7f90b5
Issue #18379 : SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP
...
and CRL distribution points.
2013-11-21 03:40:15 +01:00
efff7060f8
Issue #18138 : Implement cadata argument of SSLContext.load_verify_location()
...
to load CA certificates and CRL from memory. It supports PEM and DER
encoded strings.
2013-11-21 03:35:02 +01:00
b08ff7dcb4
Safely downcast SOCKET_T to int in _ssl module
2013-11-18 10:04:07 +01:00
a6bc95aa02
Issue #19448 : Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name.
2013-11-17 19:59:14 +01:00
a9eb38f02a
Issue #19437 : Fix newPySSLSocket(), handle PyWeakref_NewRef() failure
2013-10-31 16:35:38 +01:00
ba9be477b0
Issue #19437 : Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue()
...
failure
Don't call PyObject_CallObject() with NULL parameters and an exception set.
2013-10-31 15:00:24 +01:00
ee0bac66b2
Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding
...
It is causing trouble like e.g. hanging processes.
2013-10-29 21:11:55 +01:00
fb6b44e830
Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding
...
It is causing trouble like e.g. hanging processes.
2013-10-29 20:50:01 +01:00
81be27d53e
Issue #19227 : Try to fix deadlocks caused by re-seeding then OpenSSL
...
pseudo-random number generator on fork().
2013-10-27 07:56:11 +01:00
fb404f528a
#19227 : merge with 3.3
2013-10-27 07:57:42 +01:00
b2201e1aa6
Properly initialize all fields of a SSL object after allocation.
2013-09-29 19:53:45 +02:00
860aee75b8
Properly initialize all fields of a SSL object after allocation.
2013-09-29 19:52:45 +02:00
20b85557f2
Issue #19095 : SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done.
2013-09-29 19:50:53 +02:00
2d7aba3db1
Issue #18709 : GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case
2013-09-05 16:04:50 +02:00
60bf2fc25b
Issue #18709 : GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case
2013-09-05 16:04:35 +02:00
daf455554b
Issue #18571 : Implementation of the PEP 446: file descriptors and file handles
...
are now created non-inheritable; add functions os.get/set_inheritable(),
os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().
2013-08-28 00:53:59 +02:00
cfa47962c2
Issue #18747 : Fix spelling errors in my commit message and comments,
...
thanks to Vajrasky Kok for proof-reading.
2013-08-25 14:19:29 +02:00
61636e7105
Issue #18747 : Fix spelling errors in my commit message and comments,
...
thanks to Vajrasky Kok for proof-reading.
2013-08-25 14:19:16 +02:00
cabbde9e1e
Fix compiler warning on Windows.
2013-08-24 23:46:27 +01:00
f54c24628b
Issue #18747 : Use a parent atfork handler instead of a child atfork handler.
...
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
2013-08-22 13:19:56 +02:00
80c5de93f9
Issue #18747 : Use a parent atfork handler instead of a child atfork handler.
...
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
2013-08-22 13:19:48 +02:00
6acbe2aaa3
Issue #18747 : Re-seed OpenSSL's pseudo-random number generator after fork.
...
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
2013-08-21 13:26:34 +02:00
f77b4b20e9
Issue #18747 : Re-seed OpenSSL's pseudo-random number generator after fork.
...
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
2013-08-21 13:26:05 +02:00
85532eb212
Issue #18777 : The ssl module now uses the new CRYPTO_THREADID API of
...
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
2013-08-19 17:36:39 +02:00
4d98ca9ff6
Issue #18777 : The ssl module now uses the new CRYPTO_THREADID API of
...
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
2013-08-19 17:36:29 +02:00
f920a1c1f1
Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.
2013-08-17 17:25:27 +02:00
3c2593b2bb
Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.
2013-08-17 17:25:18 +02:00
9b5907cbd5
Issue #18768 : coding style nitpick. Thanks to Vajrasky Kok
2013-08-17 17:19:03 +02:00
474afdda60
Issue #18768 : coding style nitpick. Thanks to Vajrasky Kok
2013-08-17 17:18:56 +02:00
a7e7497d88
#18466 : merge with 3.3.
2013-08-17 16:58:13 +03:00
85a8629d21
#18466 : fix more typos. Patch by Févry Thibault.
2013-08-17 16:57:41 +03:00
e06d47c70c
Issue #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes
...
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
2013-08-17 00:58:00 +02:00
824f7f366d
Issue #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes
...
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
2013-08-17 00:54:47 +02:00
9bfcaa6fb3
Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
...
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:35 +02:00
5962bef8aa
Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
...
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:18 +02:00
11ebff2757
Issue #18203 : Replace malloc() with PyMem_Malloc() in _ssl for the password
2013-07-07 17:07:52 +02:00
b64049183c
Issue #18203 : Replace malloc() with PyMem_Malloc() in Python modules
...
Replace malloc() with PyMem_Malloc() when the GIL is held, or with
PyMem_RawMalloc() otherwise.
2013-07-07 16:21:41 +02:00
7e00151e1f
_ssl.c: strip trailing spaces
2013-06-25 00:44:31 +02:00
86073dc3c2
(Merge 3.3) Issue #18135 : ssl.SSLSocket.write() now raises an OverflowError if
...
the input string in longer than 2 gigabytes, and
ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer
than 2 gigabytes. The ssl module does not support partial write.
2013-06-25 00:43:47 +02:00
6efa965a27
Issue #18135 : ssl.SSLSocket.write() now raises an OverflowError if the input
...
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises
a ValueError if the password is longer than 2 gigabytes. The ssl module does
not support partial write.
2013-06-25 00:42:31 +02:00
8cfd67cfe7
(Merge 3.3) Issue #18135 : Fix a possible integer overflow in
...
ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and
passwords longer than 2 gigabytes.
2013-06-23 15:09:26 +02:00
9ee0203057
Issue #18135 : Fix a possible integer overflow in ssl.SSLSocket.write()
...
and in ssl.SSLContext.load_cert_chain() for strings and passwords longer
than 2 gigabytes.
2013-06-23 15:08:23 +02:00
4569cd5eab
_ssl.c: strip trailing spaces
2013-06-23 14:58:43 +02:00
9a5395ae2b
Issue #18147 : Add diagnostic functions to ssl.SSLContext().
...
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
2013-06-17 15:44:12 +02:00
200bb1b08c
Simplify return value of ssl.get_default_verify_paths
...
prefix function with PySSL_, too. Other module level functions have a prefix, too.
2013-06-14 15:14:29 +02:00
75b8426698
fixd refleak
2013-06-10 10:47:22 +02:00
46bebee25f
Issue #17134 : Add ssl.enum_cert_store() as interface to Windows' cert store.
2013-06-09 19:03:31 +02:00
142ec2c014
get_default_verify_paths doesn't belong inside the ifdef block
2013-06-09 18:29:54 +02:00
6d7ad13a45
Issue #18143 : Implement ssl.get_default_verify_paths() in order to debug
...
the default locations for cafile and capath.
2013-06-09 18:02:55 +02:00
19fef69b75
Fix compilation under MSVC: ssl_set_mode() is a macro, and the MSVC preprocessor doesn't process #ifdef's inside a macro argument list.
...
(found explanation at http://www.tech-archive.net/Archive/VC/microsoft.public.vc.language/2007-05/msg00385.html )
2013-05-25 13:23:03 +02:00
3a65ad7f08
Issue #8240 : Set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag on SSL sockets.
2013-05-25 13:02:32 +02:00
50b24d0d7c
Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.
...
Patch by Kazuhiro Yoshida.
(originally issue #8109 )
2013-04-11 20:48:42 +02:00
ce852cb8b9
Fix comment about the OpenSSL version in which SNI version was introduced.
2013-03-30 16:45:04 +01:00
edbc18e9d0
Improve set_servername_callback docstring.
2013-03-30 16:40:27 +01:00
a596338bb8
Fix previous fix (the cause was actually a misplaced #endif, or so it seems)
2013-03-30 16:39:00 +01:00
41f8c4f5e4
Further compiling fixes (issue #17581 )
2013-03-30 16:36:54 +01:00
912fbff105
Issue #17581 : try to fix building on old OpenSSL versions
2013-03-30 16:29:32 +01:00
2463e5fee4
Issue #16692 : The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù.
2013-03-28 22:24:43 +01:00
20d60803d5
Issue #16982 : Fix --without-threads build failure.
2013-01-17 17:07:17 +01:00
1e37e9efa9
SSLContext.load_dh_params() now properly closes the input file.
2013-01-12 21:44:33 +01:00
457a2292ca
SSLContext.load_dh_params() now properly closes the input file.
2013-01-12 21:43:45 +01:00
5dd12a5978
Fix returning uninitialized variable (issue #8109 ).
...
Found by Christian with Coverity.
2013-01-06 15:25:36 +01:00
58ddc9d743
Issue #8109 : The ssl module now has support for server-side SNI, thanks to a :meth:`SSLContext.set_servername_callback` method.
...
Patch by Daniel Black.
2013-01-05 21:20:29 +01:00
5cb31c9277
Issue #15977 : Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times
2012-09-20 12:42:54 +02:00
b7a2800831
MERGE: Closes #15793 : Stack corruption in ssl.RAND_egd()
2012-09-11 02:08:48 +02:00
c8754a13e6
Closes #15793 : Stack corruption in ssl.RAND_egd()
2012-09-11 02:00:58 +02:00
721738fbee
Issue #15604 : Update uses of PyObject_IsTrue() to check for and handle errors correctly.
...
Patch by Serhiy Storchaka.
2012-08-15 23:20:39 +02:00
6f430e4963
Issue #15604 : Update uses of PyObject_IsTrue() to check for and handle errors correctly.
...
Patch by Serhiy Storchaka.
2012-08-15 23:18:25 +02:00
3b36fb1f53
Issue #14837 : SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule.
...
The str() of a SSLError is also enhanced accordingly.
NOTE: this commit creates a reference leak. The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type. The leak is on the
type object when it is instantiated:
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
2012-06-22 21:11:52 +02:00
d5d17eb653
Issue #14204 : The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
...
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
c135fa424e
Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay.
2012-02-19 21:22:39 +01:00
a9bf2ac726
Try to really fix compilation failures of the _ssl module under very old OpenSSLs.
2012-02-17 18:47:54 +01:00
e9fccb360f
Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined
2012-02-17 11:53:10 +01:00
04d4ee4e56
Issue #13014 : Fix a possible reference leak in SSLSocket.getpeercert().
2012-02-15 22:28:21 +01:00
2f5a163dfc
Issue #13014 : Fix a possible reference leak in SSLSocket.getpeercert().
2012-02-15 22:25:27 +01:00
9e2e5329dc
Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
2012-01-27 09:53:29 +01:00
3f366314e8
Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
2012-01-27 09:50:45 +01:00
f2bf8a6ac5
Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
2012-01-27 09:48:47 +01:00
0e576f1f50
Issue #13626 : Add support for SSL Diffie-Hellman key exchange, through the
...
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
501da61671
Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
...
(followup to issue #13627 )
2011-12-21 09:27:41 +01:00
8abdb8abd8
Issue #13634 : Add support for querying and disabling SSL compression.
2011-12-20 10:13:40 +01:00
923df6f22a
Issue #13627 : Add support for SSL Elliptic Curve-based Diffie-Hellman
...
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
6db4944cc5
Issue #13635 : Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
...
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
bc53032408
Issue #13458 : Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
...
Patch by Robert Xiao.
2011-11-23 01:42:52 +01:00
116d6b98bf
Issue #13458 : Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
...
Patch by Robert Xiao.
2011-11-23 01:39:19 +01:00
41032a69c1
Issue #11183 : Add finer-grained exceptions to the ssl module, so that
...
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
a0e0e23299
Add a docstring to SSLError
2011-10-22 23:41:52 +02:00
b7705b7792
Use PyExc_OSError directly instead of grabbing it from the socket module API
2011-10-22 23:37:51 +02:00
a02a12c517
Issue #13034 : When decoding some SSL certificates, the subjectAltName extension could be unreported.
2011-10-01 19:22:30 +02:00
d8c347a8de
Issue #13034 : When decoding some SSL certificates, the subjectAltName extension could be unreported.
2011-10-01 19:20:25 +02:00
ac7e9e058d
Issue #12287 : Fix a stack corruption in ossaudiodev module when the FD is
...
greater than FD_SETSIZE.
2011-08-28 18:10:27 +02:00
aa26b27503
Issue #12287 : Fix a stack corruption in ossaudiodev module when the FD is
...
greater than FD_SETSIZE.
2011-08-28 17:51:43 +02:00
4fd1e6a3ba
Issue #12803 : SSLContext.load_cert_chain() now accepts a password argument
...
to be used if the private key is encrypted. Patch by Adam Simpkins.
2011-08-25 14:39:44 +02:00
d649480739
Issue #12551 : Provide a get_channel_binding() method on SSL sockets so as
...
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented). This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.
Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
7128f95bd2
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:49:07 +02:00
b9ac25d1c3
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:47:06 +02:00
99c8b16143
Issue #12049 : Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
...
module.
2011-05-24 12:05:19 +02:00
17ca323e7c
(Merge 3.1) Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
ee18b6f2fd
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
3de49192aa
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
a7caec74aa
Merge fix for issue #11746
2011-04-03 18:16:50 +02:00
9c25486093
Issue #11746 : Fix SSLContext.load_cert_chain() to accept elliptic curve private keys.
2011-04-03 18:15:34 +02:00
b94767ff44
Issue #8914 : fix various warnings from the Clang static analyzer v254.
2011-02-22 20:15:44 +00:00
80f75e684e
Issue #10989 : Fix a crash on SSLContext.load_verify_locations(None, True).
...
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
2011-01-29 11:31:20 +00:00
8e63c687ef
Merged revisions 87140 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines
Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
........
2010-12-09 12:30:05 +00:00
524f10359b
Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
2010-12-09 10:49:00 +00:00
c4df784514
Issue #10272 : The ssl module now raises socket.timeout instead of a generic
...
SSLError on socket timeouts.
2010-12-03 19:59:41 +00:00
664c2d1fc0
Issue #10443 : Add the SSLContext.set_default_verify_paths() method.
2010-11-17 20:29:42 +00:00
fb0469112f
Issue #10022 : The dictionary returned by the `getpeercert()` method
...
of SSL sockets now has additional items such as `issuer` and `notBefore`.
2010-11-09 20:21:19 +00:00
d532321f7b
Issue #5639 : Add a *server_hostname* argument to `SSLContext.wrap_socket`
...
in order to support the TLS SNI extension. `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
2010-10-22 18:19:07 +00:00
31370951c0
Merged revisions 85432 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r85432 | benjamin.peterson | 2010-10-13 17:06:39 -0500 (Wed, 13 Oct 2010) | 1 line
constify to appease compiler warnings
........
2010-10-13 22:20:48 +00:00
eb1410fc40
constify to appease compiler warnings
2010-10-13 22:06:39 +00:00
fc113eeb7d
Define a "session_id_context" at context creation. This is recommended
...
for the OpenSSL server-side session cache.
2010-10-13 12:46:13 +00:00
bd4dacb3f9
Fix compile on NetBSD 5.0 (or anything else using an old 0.9.9-dev OpenSSL).
2010-10-13 03:53:21 +00:00
b0182c8ca5
Issue #10075 : Add a session_stats() method to SSLContext objects.
2010-10-12 20:09:02 +00:00
10c4c23a25
Merged revisions 84464 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r84464 | antoine.pitrou | 2010-09-03 20:38:17 +0200 (ven., 03 sept. 2010) | 3 lines
Issue #3805 : clean up implementation of the _read method in _ssl.c.
........
2010-09-03 18:39:47 +00:00
24e561ae04
Issue #3805 : clean up implementation of the _read method in _ssl.c.
2010-09-03 18:38:17 +00:00
67e8e5633e
Try to fix some buildbot failures on test_ssl
2010-09-01 20:55:41 +00:00
e0f9863a61
Issue #9693 - msg 115273: attempt to fix ssl module failures on certain OpenSSL versions by calling ERR_clear_error() before raising IOError
2010-09-01 19:28:49 +00:00
745ab3807e
Fix issue issue9706: provides a better error handling for various SSL operations
2010-08-29 19:25:49 +00:00
732cc9be1e
Merged revisions 83677 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line
Fix memory leak in ssl module.
........
2010-08-03 18:33:11 +00:00
ee55df5c85
Fix memory leak in ssl module.
2010-08-03 18:31:54 +00:00
4b261d2073
Merged revisions 82211 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r82211 | antoine.pitrou | 2010-06-25 02:07:34 +0200 (ven., 25 juin 2010) | 10 lines
Merged revisions 82210 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines
Issue #9075 : In the ssl module, remove the setting of a `debug` flag
on an OpenSSL structure.
........
................
2010-06-25 00:13:19 +00:00
6186bfb735
Merged revisions 82210 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines
Issue #9075 : In the ssl module, remove the setting of a `debug` flag
on an OpenSSL structure.
........
2010-06-25 00:07:34 +00:00
94fbaac58d
Merged revisions 82204 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r82204 | antoine.pitrou | 2010-06-25 00:34:04 +0200 (ven., 25 juin 2010) | 5 lines
Issue #8682 : The ssl module now temporary increments the reference count of
a socket object got through `PyWeakref_GetObject`, so as to avoid possible
deallocation while the object is still being used.
........
2010-06-24 22:49:57 +00:00
8bae4ec622
Issue #8682 : The ssl module now temporary increments the reference count of
...
a socket object got through `PyWeakref_GetObject`, so as to avoid possible
deallocation while the object is still being used.
2010-06-24 22:34:04 +00:00
b52187710e
Issue #4870 : Add an `options` attribute to SSL contexts, as well as
...
several ``OP_*`` constants to the `ssl` module. This allows to selectively
disable protocol versions, when used in combination with `PROTOCOL_SSLv23`.
2010-05-21 09:56:06 +00:00
321257da1a
Merged revisions 81242 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r81242 | antoine.pitrou | 2010-05-17 01:14:22 +0200 (lun., 17 mai 2010) | 10 lines
Merged revisions 81241 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines
Clear the OpenSSL error queue each time an error is signalled.
When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
........
................
2010-05-16 23:18:00 +00:00
9d74b42aca
Merged revisions 81241 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines
Clear the OpenSSL error queue each time an error is signalled.
When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
........
2010-05-16 23:14:22 +00:00
f9faaad801
Issue #8477 : ssl.RAND_egd() supports str with surrogates and bytes for the path
2010-05-16 21:36:37 +00:00
3800e1e961
Issue #8477 : _ssl._test_decode_cert() supports str with surrogates and bytes
...
for the filename
2010-05-16 21:23:48 +00:00
65ec8ae47f
Fix (hopefully) the remaining test_ssl buildbot failures
2010-05-16 19:56:32 +00:00
152efa2ae2
Issue #8550 : Add first class `SSLContext` objects to the ssl module.
2010-05-16 18:19:27 +00:00
a29b181693
Merged revisions 81116 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r81116 | antoine.pitrou | 2010-05-12 16:05:24 +0200 (mer., 12 mai 2010) | 9 lines
Merged revisions 81115 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r81115 | antoine.pitrou | 2010-05-12 16:02:34 +0200 (mer., 12 mai 2010) | 3 lines
Improve _ssl.c formatting
........
................
2010-05-12 14:08:45 +00:00
525807bf72
Merged revisions 81115 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r81115 | antoine.pitrou | 2010-05-12 16:02:34 +0200 (mer., 12 mai 2010) | 3 lines
Improve _ssl.c formatting
........
2010-05-12 14:05:24 +00:00
30dc1a73d0
Merged revisions 80790 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80790 | antoine.pitrou | 2010-05-05 17:57:33 +0200 (mer., 05 mai 2010) | 9 lines
Merged revisions 80789 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80789 | antoine.pitrou | 2010-05-05 17:53:45 +0200 (mer., 05 mai 2010) | 3 lines
Untabify Modules/_ssl.c
........
................
2010-05-05 16:01:14 +00:00
cbb82ebd75
Merged revisions 80789 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80789 | antoine.pitrou | 2010-05-05 17:53:45 +0200 (mer., 05 mai 2010) | 3 lines
Untabify Modules/_ssl.c
........
2010-05-05 15:57:33 +00:00
79ac78afef
Merged revisions 80542 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80542 | antoine.pitrou | 2010-04-27 21:14:15 +0200 (mar., 27 avril 2010) | 10 lines
Merged revisions 80540 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80540 | antoine.pitrou | 2010-04-27 21:09:59 +0200 (mar., 27 avril 2010) | 4 lines
Issue #8549 : Fix compiling the _ssl extension under AIX. Patch by
Sridhar Ratnakumar.
........
................
2010-04-27 19:18:34 +00:00
06e34a9476
Merged revisions 80540 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80540 | antoine.pitrou | 2010-04-27 21:09:59 +0200 (mar., 27 avril 2010) | 4 lines
Issue #8549 : Fix compiling the _ssl extension under AIX. Patch by
Sridhar Ratnakumar.
........
2010-04-27 19:14:15 +00:00
ec146185c4
Merged revisions 80454 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80454 | antoine.pitrou | 2010-04-24 23:26:44 +0200 (sam., 24 avril 2010) | 15 lines
Merged revisions 80451-80452 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines
The do_handshake() method of SSL objects now adjusts the blocking mode of
the SSL structure if necessary (as other methods already do).
........
r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines
Issue #5103 : SSL handshake would ignore the socket timeout and block
indefinitely if the other end didn't respond.
........
................
2010-04-24 21:30:20 +00:00
d3f8ab8bd3
Merged revisions 80451-80452 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines
The do_handshake() method of SSL objects now adjusts the blocking mode of
the SSL structure if necessary (as other methods already do).
........
r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines
Issue #5103 : SSL handshake would ignore the socket timeout and block
indefinitely if the other end didn't respond.
........
2010-04-24 21:26:44 +00:00
5a1c4d1880
Merged revisions 80394 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80394 | antoine.pitrou | 2010-04-23 02:16:21 +0200 (ven., 23 avril 2010) | 15 lines
Merged revisions 80392 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines
Issue #8108 : Fix the unwrap() method of SSL objects when the socket has
a non-infinite timeout. Also make that method friendlier with applications
wanting to continue using the socket in clear-text mode, by disabling
OpenSSL's internal readahead. Thanks to Darryl Miles for guidance.
Issue #8108 : test_ftplib's non-blocking SSL server now has proper handling
of SSL shutdowns.
........
................
2010-04-23 21:11:10 +00:00
2c4f98b3c5
Merged revisions 80392 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines
Issue #8108 : Fix the unwrap() method of SSL objects when the socket has
a non-infinite timeout. Also make that method friendlier with applications
wanting to continue using the socket in clear-text mode, by disabling
OpenSSL's internal readahead. Thanks to Darryl Miles for guidance.
Issue #8108 : test_ftplib's non-blocking SSL server now has proper handling
of SSL shutdowns.
........
2010-04-23 00:16:21 +00:00
da6902cb7b
Merged revisions 80317 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80317 | antoine.pitrou | 2010-04-21 21:46:23 +0200 (mer., 21 avril 2010) | 15 lines
Merged revisions 80314-80315 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines
Issue #8484 : Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
........
r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines
Forgot to add the sample certificate (followup to r80314)
........
................
2010-04-21 19:52:52 +00:00
fec12fff0f
Merged revisions 80314-80315 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines
Issue #8484 : Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
........
r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines
Forgot to add the sample certificate (followup to r80314)
........
2010-04-21 19:46:23 +00:00
2d9cb9c1cb
Merged revisions 80151 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80151 | antoine.pitrou | 2010-04-17 19:10:38 +0200 (sam., 17 avril 2010) | 4 lines
Issue #8322 : Add a *ciphers* argument to SSL sockets, so as to change the
available cipher list. Helps fix test_ssl with OpenSSL 1.0.0.
........
2010-04-17 17:40:45 +00:00
d59ceb5b7c
Merged revisions 79912 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r79912 | antoine.pitrou | 2010-04-09 22:42:09 +0200 (ven., 09 avril 2010) | 10 lines
Merged revisions 79910 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r79910 | antoine.pitrou | 2010-04-09 22:38:39 +0200 (ven., 09 avril 2010) | 4 lines
SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6. Fix compilation
with earlier versions.
........
................
2010-04-09 20:47:00 +00:00
0ae7b5897e
Merged revisions 79910 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r79910 | antoine.pitrou | 2010-04-09 22:38:39 +0200 (ven., 09 avril 2010) | 4 lines
SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6. Fix compilation
with earlier versions.
........
2010-04-09 20:42:09 +00:00
04f6a32dff
Merged revisions 79812 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r79812 | antoine.pitrou | 2010-04-05 23:35:07 +0200 (lun., 05 avril 2010) | 5 lines
Issue #8321 : Give access to OpenSSL version numbers from the `ssl` module,
using the new attributes `ssl.OPENSSL_VERSION`, `ssl.OPENSSL_VERSION_INFO`
and `ssl.OPENSSL_VERSION_NUMBER`.
........
2010-04-05 21:40:07 +00:00
Victor Stinner
Serhiy Storchaka
Benjamin Peterson
Antoine Pitrou
Gregory P. Smith
Christian Heimes
Georg Brandl
Richard Oudkerk
Ezio Melotti
Stefan Krah
Jesus Cea
Charles-François Natali
Victor Stinner
Brett Cannon
Hirokazu Yamamoto
Gregory P. Smith
Giampaolo Rodolà
Mark Dickinson