traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
77,464 Commits 9 Branches 456 Tags 1.7 GiB
Commit Graph

159 Commits

Author SHA1 Message Date
Christian Heimes f77b4b20e9 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork. 
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
 2013-08-21 13:26:05 +02:00
Christian Heimes 4d98ca9ff6 Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of 
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
 2013-08-19 17:36:29 +02:00
Christian Heimes 3c2593b2bb Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:18 +02:00
Christian Heimes 474afdda60 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:18:56 +02:00
Ezio Melotti 85a8629d21 #18466: fix more typos. Patch by Févry Thibault. 2013-08-17 16:57:41 +03:00
Christian Heimes 824f7f366d Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
 2013-08-17 00:54:47 +02:00
Christian Heimes 5962bef8aa Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if 
X509_get_version() grows beyond our small int cache.
CID 1058279
 2013-07-26 15:51:18 +02:00
Victor Stinner 6efa965a27 Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input 
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises
a ValueError if the password is longer than 2 gigabytes. The ssl module does
not support partial write.
 2013-06-25 00:42:31 +02:00
Victor Stinner 9ee0203057 Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write() 
and in ssl.SSLContext.load_cert_chain() for strings and passwords longer
than 2 gigabytes.
 2013-06-23 15:08:23 +02:00
Victor Stinner 4569cd5eab _ssl.c: strip trailing spaces 2013-06-23 14:58:43 +02:00
Antoine Pitrou 457a2292ca SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:43:45 +01:00
Christian Heimes 5cb31c9277 Issue #15977: Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times 2012-09-20 12:42:54 +02:00
Jesus Cea b7a2800831 MERGE: Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:08:48 +02:00
Jesus Cea c8754a13e6 Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:00:58 +02:00
Antoine Pitrou 721738fbee Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly. 
Patch by Serhiy Storchaka.
 2012-08-15 23:20:39 +02:00
Antoine Pitrou 6f430e4963 Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly. 
Patch by Serhiy Storchaka.
 2012-08-15 23:18:25 +02:00
Antoine Pitrou 3b36fb1f53 Issue #14837: SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule. 
The str() of a SSLError is also enhanced accordingly.

NOTE: this commit creates a reference leak.  The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type.  The leak is on the
type object when it is instantiated:

>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
 2012-06-22 21:11:52 +02:00
Antoine Pitrou d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library. 
Patch by Colin Marc.
 2012-03-22 00:23:03 +01:00
Antoine Pitrou c135fa424e Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay. 2012-02-19 21:22:39 +01:00
Antoine Pitrou a9bf2ac726 Try to really fix compilation failures of the _ssl module under very old OpenSSLs. 2012-02-17 18:47:54 +01:00
Antoine Pitrou e9fccb360f Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined 2012-02-17 11:53:10 +01:00
Antoine Pitrou 04d4ee4e56 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:28:21 +01:00
Antoine Pitrou 2f5a163dfc Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou 9e2e5329dc Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:53:29 +01:00
Antoine Pitrou 3f366314e8 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:50:45 +01:00
Antoine Pitrou f2bf8a6ac5 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:48:47 +01:00
Antoine Pitrou 0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the 
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
 2011-12-22 10:03:38 +01:00
Antoine Pitrou 501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build. 
(followup to issue #13627)
 2011-12-21 09:27:41 +01:00
Antoine Pitrou 8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou 923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman 
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
 2011-12-19 17:16:51 +01:00
Antoine Pitrou 6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers 
choose the cipher based on their own preferences, rather than on the
client's.
 2011-12-19 13:27:11 +01:00
Antoine Pitrou bc53032408 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:42:52 +01:00
Antoine Pitrou 116d6b98bf Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:39:19 +01:00
Antoine Pitrou 41032a69c1 Issue #11183: Add finer-grained exceptions to the ssl module, so that 
you don't have to inspect the exception's attributes in the common case.
 2011-10-27 23:56:55 +02:00
Antoine Pitrou a0e0e23299 Add a docstring to SSLError 2011-10-22 23:41:52 +02:00
Antoine Pitrou b7705b7792 Use PyExc_OSError directly instead of grabbing it from the socket module API 2011-10-22 23:37:51 +02:00
Antoine Pitrou a02a12c517 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:22:30 +02:00
Antoine Pitrou d8c347a8de Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:20:25 +02:00
Charles-François Natali ac7e9e058d Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 18:10:27 +02:00
Charles-François Natali aa26b27503 Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 17:51:43 +02:00
Antoine Pitrou 4fd1e6a3ba Issue #12803: SSLContext.load_cert_chain() now accepts a password argument 
to be used if the private key is encrypted.  Patch by Adam Simpkins.
 2011-08-25 14:39:44 +02:00
Antoine Pitrou d649480739 Issue #12551: Provide a get_channel_binding() method on SSL sockets so as 
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.

Patch by Jacek Konieczny.
 2011-07-21 01:11:30 +02:00
Antoine Pitrou 7128f95bd2 Issue #12440: When testing whether some bits in SSLContext.options can be 
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
 2011-07-08 18:49:07 +02:00
Antoine Pitrou b9ac25d1c3 Issue #12440: When testing whether some bits in SSLContext.options can be 
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
 2011-07-08 18:47:06 +02:00
Victor Stinner 99c8b16143 Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl 
module.
 2011-05-24 12:05:19 +02:00
Victor Stinner 17ca323e7c (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 00:48:41 +02:00
Victor Stinner ee18b6f2fd Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 00:38:00 +02:00
Victor Stinner 3de49192aa Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-09 00:42:58 +02:00
Antoine Pitrou a7caec74aa Merge fix for issue #11746 2011-04-03 18:16:50 +02:00
Antoine Pitrou 9c25486093 Issue #11746: Fix SSLContext.load_cert_chain() to accept elliptic curve private keys. 2011-04-03 18:15:34 +02:00