Commit Graph

449 Commits

Author SHA1 Message Date
Christian Heimes 2756ef3165 [3.7] bpo-34670: Add TLS 1.3 post handshake auth (GH-9460) (GH-9505)
Add SSLContext.post_handshake_auth and
SSLSocket.verify_client_post_handshake for TLS 1.3 post-handshake
authentication.

Signed-off-by: Christian Heimes <christian@python.org>q

https://bugs.python.org/issue34670.
(cherry picked from commit 9fb051f032)

Co-authored-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue34670
2018-09-23 00:22:52 -07:00
Miss Islington (bot) c00f7037df
bpo-34759: Fix error handling in ssl 'unwrap()' (GH-9468)
OpenSSL follows the convention that whenever you call a function, it
returns an error indicator value; and if this value is negative, then
you need to go look at the actual error code to see what happened.

Commit c6fd1c1c3a introduced a small mistake in
_ssl__SSLSocket_shutdown_impl: instead of checking whether the error
indicator was negative, it started checking whether the actual error
code was negative, and it turns out that the error codes are never
negative. So the effect was that 'unwrap()' lost the ability to raise
SSL errors.

https://bugs.python.org/issue34759
(cherry picked from commit c0da582b22)

Co-authored-by: Nathaniel J. Smith <njs@pobox.com>
2018-09-21 22:00:42 -07:00
Miss Islington (bot) 2d3f2dc9f8 bpo-34542: Update test certs and keys (GH-8997) (GH-9007)
Update all test certs and keys to use future proof crypto settings:

* 3072 bit RSA keys
* SHA-256 signature

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit e6dac00779)
2018-09-06 15:13:24 +02:00
Miss Islington (bot) e3228a3f44 bpo-34399: 2048 bits RSA keys and DH params (GH-8762) (GH-8763)
Downstream vendors have started to deprecate weak keys. Update all RSA keys
and DH params to use at least 2048 bits.

Finite field DH param file use RFC 7919 values, generated with

    certtool --get-dh-params --sec-param=high

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 88bfd0bce0)

Co-authored-by: Christian Heimes <christian@python.org>
2018-08-14 16:52:27 +02:00
Xtreak f5770f354c bpo-33988: Fix test_warnings using -W error (GH-7985)
Use DeprecationWarning instead of PendingDeprecationWarning.
2018-07-05 18:59:46 +02:00
Miss Islington (bot) 42198571c5 bpo-31432: Revert unrelated code changes to _ssl.c and test_ssl (GH-7650) (GH-7651)
(cherry picked from commit 4531ec74c4)

Co-authored-by: Ned Deily <nad@python.org>
2018-06-11 20:58:06 -04:00
Miss Islington (bot) a5db479ac4 bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530) (GH-7649)
The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.
(cherry picked from commit ef24b6c54d)

Co-authored-by: Christian Heimes <christian@python.org>
2018-06-11 19:20:24 -04:00
Miss Islington (bot) 72ef4fc32b [3.7] bpo-33618: Enable TLS 1.3 in tests (GH-7079) (GH-7082)
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
https://github.com/openssl/openssl/pull/6340) is required.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 529525fb5a)
2018-05-23 22:49:04 +02:00
Miss Islington (bot) cd57b48ef9
bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)
Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.

Also update multissltests and Travis config to test with latest OpenSSL.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit e8eb6cb792)

Co-authored-by: Christian Heimes <christian@python.org>
2018-05-22 14:40:46 -07:00
Miss Islington (bot) 2dd885eaa0 [3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230)
Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit d02ac25ab0)

Co-authored-by: Christian Heimes <christian@python.org>
2018-03-25 13:28:20 +02:00
Miss Islington (bot) 4c842b0920
bpo-31453: Add setter for min/max protocol version (GH-5259)
OpenSSL 1.1 has introduced a new API to set the minimum and maximum
supported protocol version. The API is easier to use than the old
OP_NO_TLS1 option flags, too.

Since OpenSSL has no call to set minimum version to highest supported,
the implementation emulate maximum_version = MINIMUM_SUPPORTED and
minimum_version = MAXIMUM_SUPPORTED by figuring out the minumum and
maximum supported version at compile time.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 698dde16f6)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 03:41:04 -08:00
Christian Heimes 89c2051a55
[3.7] bpo-32951: Disable SSLSocket/SSLObject constructor (GH-5864) (#5925)
Direct instantiation of SSLSocket and SSLObject objects is now prohibited.
The constructors were never documented, tested, or designed as public
constructors. The SSLSocket constructor had limitations. For example it was
not possible to enabled hostname verification except was
ssl_version=PROTOCOL_TLS_CLIENT with cert_reqs=CERT_REQUIRED.

SSLContext.wrap_socket() and SSLContext.wrap_bio are the recommended API
to construct SSLSocket and SSLObject instances. ssl.wrap_socket() is
also deprecated.

The only test case for direct instantiation was added a couple of days
ago for IDNA testing.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 9d50ab563d)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 11:17:32 +01:00
Miss Islington (bot) 2614ed4c6e
bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (GH-5663)
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 05d9fe32a1)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 00:17:49 -08:00
Miss Islington (bot) ff7528f089 [3.7] bpo-31809: test secp ECDH curves (GH-4036) (#5872)
Add tests to verify connection with secp384r1 ECDH curves.
(cherry picked from commit b7b9225831)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-25 10:56:11 +01:00
Miss Islington (bot) 8fa8478dde [3.7] bpo-24334: Cleanup SSLSocket (GH-5252) (#5857)
* The SSLSocket is no longer implemented on top of SSLObject to
  avoid an extra level of indirection.
* Owner and session are now handled in the internal constructor.
* _ssl._SSLSocket now uses the same method names as SSLSocket and
  SSLObject.
* Channel binding type check is now handled in C code. Channel binding
  is always available.

The patch also changes the signature of SSLObject.__init__(). In my
opinion it's fine. A SSLObject is not a user-constructable object.
SSLContext.wrap_bio() is the only valid factory.
(cherry picked from commit 141c5e8c24)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-24 21:51:56 +01:00
Miss Islington (bot) 46632f4d3c [3.7] bpo-32819: Simplify and improve ssl.match_hostname (GH-5620) (#5847)
ssl.match_hostname() has been simplified and no longer depends on re and
ipaddress module for wildcard and IP addresses. Error reporting for invalid
wildcards has been improved.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit aef1283ba4)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-24 15:06:46 +01:00
Miss Islington (bot) 1c37e27719 [bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128) (GH-5843)
Previously, the ssl module stored international domain names (IDNs)
as U-labels. This is problematic for a number of reasons -- for
example, it made it impossible for users to use a different version
of IDNA than the one built into Python.

After this change, we always convert to A-labels as soon as possible,
and use them for all internal processing. In particular, server_hostname
attribute is now an A-label, and on the server side there's a new
sni_callback that receives the SNI servername as an A-label rather than
a U-label.
(cherry picked from commit 11a1493bc4)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-23 19:18:28 -08:00
Christian Heimes 66e5742bec
bpo-28414: ssl module idna test (#5395)
Add test cases for IDNA 2003 and 2008 host names. IDNA 2003
internationalized host names are working since bpo-31399 has landed. IDNA
2008 deviations are still broken and will be fixed in another patch.

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-29 14:25:13 +01:00
Christian Heimes 892d66e422
bpo-31429: Define TLS cipher suite on build time (#3532)
Until now Python used a hard coded white list of default TLS cipher
suites. The old approach has multiple downsides. OpenSSL's default
selection was completely overruled. Python did neither benefit from new
cipher suites (ChaCha20, TLS 1.3 suites) nor blacklisted cipher suites.
For example we used to re-enable 3DES.

Python now defaults to OpenSSL DEFAULT cipher suite selection and black
lists all unwanted ciphers. Downstream vendors can override the default
cipher list with --with-ssl-default-suites.

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-29 14:10:18 +01:00
Christian Heimes 61d478c71c
bpo-31399: Let OpenSSL verify hostname and IP address (#3462)
bpo-31399: Let OpenSSL verify hostname and IP

The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.

* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-27 15:51:38 +01:00
Christian Heimes bd5c7d238c
bpo-32602: Test ECDSA certs (#5247)
Add test certs and test for ECDSA cert and EC/RSA dual mode.

I'm also adding certs for IDNA 2003/2008 tests and simplify some test
data handling.

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-20 15:16:30 +01:00
Mike 53f7a7c281 bpo-32297: Few misspellings found in Python source code comments. (#4803)
* Fix multiple typos in code comments

* Add spacing in comments (test_logging.py, test_math.py)

* Fix spaces at the beginning of comments in test_logging.py
2017-12-14 13:04:53 +02:00
Mandeep Singh ede2ac913e bpo-23033: Improve SSL Certificate handling (GH-937)
Wildcard is now supported in hostname when it is one and only character in
the leftmost segment.
2017-11-26 14:31:27 -08:00
Christian Heimes e82c034496 bpo-31431: SSLContext.check_hostname auto-sets CERT_REQUIRED (#3531)
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:29:57 +02:00
Christian Heimes a170fa162d bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)
Replaces PROTOCOL_TLSv* and PROTOCOL_SSLv23 with PROTOCOL_TLS_CLIENT and
PROTOCOL_TLS_SERVER.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:27:30 +02:00
Christian Heimes 4df60f18c6 bpo-31386: Custom wrap_bio and wrap_socket type (#3426)
SSLSocket.wrap_bio() and SSLSocket.wrap_socket() hard-code SSLObject and
SSLSocket as return types. In the light of future deprecation of
ssl.wrap_socket() module function and direct instantiation of SSLSocket,
it is desirable to make the return type of SSLSocket.wrap_bio() and
SSLSocket.wrap_socket() customizable.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:26:05 +02:00
Victor Stinner 50a72af657 test_ssl: Implement timeout in ssl_io_loop() (#3500)
The timeout parameter was not used.
2017-09-11 09:34:24 -07:00
Christian Heimes b3ad0e5127 bpo-28182: Expose OpenSSL verification results (#3412)
The SSL module now raises SSLCertVerificationError when OpenSSL fails to
verify the peer's certificate. The exception contains more information about
the error.

Original patch by Chi Hsuan Yen

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-08 12:00:19 -07:00
Christian Heimes cb5b68abde bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (#1363)
* bpo-29136: Add TLS 1.3 support

TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3
cipher suites don't overlap with cipher suites from TLS 1.2 and earlier.
Since Python sets its own set of permitted ciphers, TLS 1.3 handshake
will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common
AES-GCM and ChaCha20 suites.

Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with
OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3
now.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-07 18:07:00 -07:00
Christian Heimes 888bbdc192 bpo-27340: Use memoryview in SSLSocket.sendall() (#3384)
* bpo-27340: Use memoryview in SSLSocket.sendall()

SSLSocket.sendall() now uses memoryview to create slices of data. This fix
support for all bytes-like object. It is also more efficient and avoids
costly copies.

Signed-off-by: Christian Heimes <christian@python.org>

* Cast view to bytes, fix typo

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-07 14:18:21 -07:00
Antoine Pitrou a6a4dc816d bpo-31370: Remove support for threads-less builds (#3385)
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
2017-09-07 18:56:24 +02:00
Christian Heimes 6877111648 bpo-29781: Fix SSLObject.version before handshake (#3364)
SSLObject.version() now correctly returns None when handshake over BIO has
not been performed yet.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-05 21:55:40 -07:00
Christian Heimes 305e56c27a bpo-31320: No traceback to sys.stderr in test_ssl (#3360)
In case PROTOCOL_TLS_SERVER is used for both client context and server
context, the test thread dies with OSError. Catch OSError to avoid
traceback on sys.stderr

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-05 16:37:09 -07:00
Christian Heimes 002d64039b bpo-25674: remove sha256.tbs-internet.com ssl test (#3297)
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-04 22:26:01 +02:00
Victor Stinner 8687101589 bpo-31323: Fix reference leak in test_ssl (#3263)
Store exceptions as string rather than object to prevent reference
cycles which cause leaking dangling threads.
2017-09-02 00:26:17 +02:00
Christian Heimes 7b40cb7293 bpo-30714: ALPN changes for OpenSSL 1.1.0f (#2305)
OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client
could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that.
The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN
callback can pretend to not been set.

See https://github.com/openssl/openssl/pull/3158 for more details

Signed-off-by: Christian Heimes <christian@python.org>
2017-08-15 10:33:43 +02:00
Steve Dower 68d663cf85 [bpo-30916] Pre-build OpenSSL and Tcl/Tk for Windows (#2688)
Updates ssl and tkinter projects to use pre-built externals
2017-07-17 11:15:48 +02:00
Nathaniel J. Smith 59fdf0f3ba Add a test for bad IDNA in ssl server_hostname (#1997)
See discussion:
  https://github.com/python/cpython/pull/1992#issuecomment-307024778
2017-06-09 11:35:16 +02:00
Victor Stinner 1dae7450c6 bpo-30199: test_ssl closes all asyncore channels (#1381)
AsyncoreEchoServer of test_ssl now calls
asyncore.close_all(ignore_all=True) to ensure that
asyncore.socket_map is cleared once the test completes, even if
ConnectionHandler was not correctly unregistered.

Fix the following warning:

Warning -- asyncore.socket_map was modified by test_ssl
  Before: {}
  After:  {6: <test.test_ssl.AsyncoreEchoServer.EchoServer.ConnectionHandler>}
2017-05-02 13:12:02 +02:00
Serhiy Storchaka 70d28a184c Remove unused imports. 2016-12-16 20:00:15 +02:00
Martin Panter b1321fba53 Issue #28394: More typo fixes for 3.6+ 2016-10-10 00:38:21 +00:00
Christian Heimes a5d0765990 Finish GC code for SSLSession and increase test coverage 2016-09-24 10:48:05 +02:00
Martin Panter 22ecc4b36d Issue #28221: Merge SSL test cleanup from 3.5 into 3.6 2016-09-24 03:03:07 +00:00
Martin Panter 8609cda961 Issue #28221: Remove unused assignment from test_asyncore_server()
The later value of FOO is fine. The test just needs to verify that the server
converted it to lowercase.
2016-09-23 23:45:56 +00:00
Martin Panter 3217b1243e Merge socketserver fixes from 3.5 into 3.6 2016-09-22 10:33:51 +00:00
Martin Panter 463ef2b3cf Fix references to Python 3’s socketserver (lowercase) module 2016-09-22 09:37:56 +00:00
Christian Heimes 9017ec1ea0 Issue #28093: Check more invalid combinations of PROTOCOL_TLS_CLIENT / PROTOCOL_TLS_SERVER 2016-09-12 10:48:20 +02:00
Christian Heimes 5fe668c672 Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContext 2016-09-12 00:01:11 +02:00
Christian Heimes 99a6570295 Issue #19500: Add client-side SSL session resumption to the ssl module. 2016-09-10 23:44:53 +02:00
Christian Heimes d04863771b Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.

ssl.wrap_socket() is not marked as deprecated yet.
2016-09-10 23:23:33 +02:00