Commit Graph

151 Commits

Author SHA1 Message Date
Christian Heimes ed9884b2d0 Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:35 +02:00
Christian Heimes 8ee5ffddf5 Issue #18747: Fix spelling errors in my commit message and comments,
thanks to Vajrasky Kok for proof-reading.
2013-08-25 14:19:16 +02:00
Barry Warsaw 82f8828317 - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
  GENERAL_NAME_print() function to get the string represention of ASN.1
  strings for `rfc822Name` (email), `dNSName` (DNS) and
  `uniformResourceIdentifier` (URI).
2013-08-23 13:26:49 -04:00
Christian Heimes 1d0f73d20f Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
2013-08-22 13:19:48 +02:00
Christian Heimes 0d604cf65e Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
2013-08-21 13:26:05 +02:00
Christian Heimes 10107813ac Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
2013-08-19 17:36:29 +02:00
Christian Heimes b4ec842f39 Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:18 +02:00
Christian Heimes f1bd47ae14 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:18:56 +02:00
Ezio Melotti 419e23cbb0 #18466: fix more typos. Patch by Févry Thibault. 2013-08-17 16:56:09 +03:00
Christian Heimes 88b174c977 Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
2013-08-17 00:54:47 +02:00
Victor Stinner c1a44269da Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
string in longer than 2 gigabytes. The ssl module does not support partial
write.
2013-06-25 00:48:02 +02:00
Victor Stinner 4807df41ad Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
for strings longer than 2 gigabytes.
2013-06-23 15:15:10 +02:00
Antoine Pitrou c5bef75c77 Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly.
Patch by Serhiy Storchaka.
2012-08-15 23:16:51 +02:00
Antoine Pitrou d358e0554b Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:42:45 +01:00
Antoine Pitrou dd7e071b23 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou 374b4ea9da Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:44:08 +01:00
Antoine Pitrou aa1c967f93 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
Patch by Robert Xiao.
2011-11-23 01:39:19 +01:00
Antoine Pitrou f06eb46918 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:30:58 +02:00
Charles-François Natali fda7b379ac Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is
greater than FD_SETSIZE.
2011-08-28 16:22:33 +02:00
Victor Stinner b1241f9619 (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 01:52:03 +02:00
Hirokazu Yamamoto a9b1689a89 Merged revisions 87140 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines

  Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
........
2010-12-09 12:12:42 +00:00
Benjamin Peterson 8e73403284 Merged revisions 85432 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85432 | benjamin.peterson | 2010-10-13 17:06:39 -0500 (Wed, 13 Oct 2010) | 1 line

  constify to appease compiler warnings
........
2010-10-13 22:10:31 +00:00
Mark Dickinson c1ef2fa45f Merged revisions 83680,83685 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/release27-maint

................
  r83680 | mark.dickinson | 2010-08-03 19:34:53 +0100 (Tue, 03 Aug 2010) | 9 lines

  Merged revisions 83677 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/branches/py3k

  ........
    r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line

    Fix memory leak in ssl module.
  ........
................
  r83685 | mark.dickinson | 2010-08-03 19:46:28 +0100 (Tue, 03 Aug 2010) | 9 lines

  Merged revisions 83683 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/branches/py3k

  ........
    r83683 | mark.dickinson | 2010-08-03 19:44:16 +0100 (Tue, 03 Aug 2010) | 1 line

    Misc/NEWS entry for r83677.
  ........
................
2010-08-03 18:50:32 +00:00
Mark Dickinson 793c71ce52 Merged revisions 83677 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line

  Fix memory leak in ssl module.
........
2010-08-03 18:34:53 +00:00
Antoine Pitrou b4f0e644bc Merged revisions 82210 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines

  Issue #9075: In the ssl module, remove the setting of a `debug` flag
  on an OpenSSL structure.
........
2010-06-25 00:09:05 +00:00
Antoine Pitrou 0dddf600d4 Issue #9075: In the ssl module, remove the setting of a `debug` flag
on an OpenSSL structure.
2010-06-25 00:03:21 +00:00
Antoine Pitrou b6e3e3ab92 Merged revisions 81241 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines

  Clear the OpenSSL error queue each time an error is signalled.
  When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
........
2010-05-16 23:14:34 +00:00
Antoine Pitrou 508a237c97 Clear the OpenSSL error queue each time an error is signalled.
When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
2010-05-16 23:11:46 +00:00
Antoine Pitrou 96125cf170 Merged revisions 81115 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r81115 | antoine.pitrou | 2010-05-12 16:02:34 +0200 (mer., 12 mai 2010) | 3 lines

  Improve _ssl.c formatting
........
2010-05-12 14:05:34 +00:00
Antoine Pitrou 2e136abd16 Improve _ssl.c formatting 2010-05-12 14:02:34 +00:00
Antoine Pitrou 7fd622afd7 Merged revisions 80789 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80789 | antoine.pitrou | 2010-05-05 17:53:45 +0200 (mer., 05 mai 2010) | 3 lines

  Untabify Modules/_ssl.c
........
2010-05-05 15:59:19 +00:00
Antoine Pitrou a4c2a5c9a0 Untabify Modules/_ssl.c 2010-05-05 15:53:45 +00:00
Brett Cannon 949476ee58 Remove unneeded variable initialization.
Found using Clang's static analyzer.
2010-05-03 23:41:23 +00:00
Antoine Pitrou bcc17e7223 Merged revisions 80540 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80540 | antoine.pitrou | 2010-04-27 21:09:59 +0200 (mar., 27 avril 2010) | 4 lines

  Issue #8549: Fix compiling the _ssl extension under AIX.  Patch by
  Sridhar Ratnakumar.
........
2010-04-27 19:13:23 +00:00
Antoine Pitrou 1dc6b08f9e Issue #8549: Fix compiling the _ssl extension under AIX. Patch by
Sridhar Ratnakumar.
2010-04-27 19:09:59 +00:00
Antoine Pitrou c689d96044 Merged revisions 80451-80452 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines

  The do_handshake() method of SSL objects now adjusts the blocking mode of
  the SSL structure if necessary (as other methods already do).
........
  r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines

  Issue #5103: SSL handshake would ignore the socket timeout and block
  indefinitely if the other end didn't respond.
........
2010-04-24 20:13:37 +00:00
Antoine Pitrou 4d3e372ff3 The do_handshake() method of SSL objects now adjusts the blocking mode of
the SSL structure if necessary (as other methods already do).
2010-04-24 19:57:01 +00:00
Antoine Pitrou 07072168fb Merged revisions 80392 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines

  Issue #8108: Fix the unwrap() method of SSL objects when the socket has
  a non-infinite timeout.  Also make that method friendlier with applications
  wanting to continue using the socket in clear-text mode, by disabling
  OpenSSL's internal readahead.  Thanks to Darryl Miles for guidance.

  Issue #8108: test_ftplib's non-blocking SSL server now has proper handling
  of SSL shutdowns.
........
2010-04-23 21:07:58 +00:00
Antoine Pitrou a5c4b5515f Issue #8108: Fix the unwrap() method of SSL objects when the socket has
a non-infinite timeout.  Also make that method friendlier with applications
wanting to continue using the socket in clear-text mode, by disabling
OpenSSL's internal readahead.  Thanks to Darryl Miles for guidance.

Issue #8108: test_ftplib's non-blocking SSL server now has proper handling
of SSL shutdowns.
2010-04-22 23:33:02 +00:00
Antoine Pitrou 878602a284 Merged revisions 80314-80315 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines

  Issue #8484: Load all ciphers and digest algorithms when initializing
  the _ssl extension, such that verification of some SSL certificates
  doesn't fail because of an "unknown algorithm".
........
  r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines

  Forgot to add the sample certificate (followup to r80314)
........
2010-04-21 19:41:28 +00:00
Antoine Pitrou c715a9ed08 Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
2010-04-21 19:28:03 +00:00
Antoine Pitrou 0a6373c1a9 Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the
available cipher list.  Helps fix test_ssl with OpenSSL 1.0.0.
2010-04-17 17:10:38 +00:00
Antoine Pitrou 343314a11c Revert r79915 (temporary commit to check for buildbots -> the fix was successful) 2010-04-09 22:41:31 +00:00
Antoine Pitrou 9c6cd56e91 Temporarily commit fix to issue #8108, to check for buildbot response 2010-04-09 21:00:36 +00:00
Antoine Pitrou 206685be96 Merged revisions 79910 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r79910 | antoine.pitrou | 2010-04-09 22:38:39 +0200 (ven., 09 avril 2010) | 4 lines

  SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6.  Fix compilation
  with earlier versions.
........
2010-04-09 20:44:09 +00:00
Antoine Pitrou 92719c546f SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6. Fix compilation
with earlier versions.
2010-04-09 20:38:39 +00:00
Antoine Pitrou f9de534c21 Issue #8321: Give access to OpenSSL version numbers from the `ssl` module,
using the new attributes `ssl.OPENSSL_VERSION`, `ssl.OPENSSL_VERSION_INFO`
and `ssl.OPENSSL_VERSION_NUMBER`.
2010-04-05 21:35:07 +00:00
Antoine Pitrou cfd6200db5 Merged revisions 79448 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r79448 | antoine.pitrou | 2010-03-26 20:27:16 +0100 (ven., 26 mars 2010) | 6 lines

  Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
  reads and writes are always retried by OpenSSL itself.

  (this is a followup to issue #3890)
........
2010-03-26 19:33:53 +00:00
Antoine Pitrou eee91cda80 Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
reads and writes are always retried by OpenSSL itself.

(this is a followup to issue #3890)
2010-03-26 19:27:16 +00:00
Barry Warsaw 3c67d6ae54 Reverting r78597. This is not a critical fix and we're in rc mode. 2010-03-03 12:34:43 +00:00
Victor Stinner 8898b24bf9 Merged revisions 78596 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r78596 | victor.stinner | 2010-03-02 23:44:42 +0100 (mar., 02 mars 2010) | 4 lines

  Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and
  method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel
  Black.
........
2010-03-02 22:46:25 +00:00
Victor Stinner 3f75cc5cb5 Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and
method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel
Black.
2010-03-02 22:44:42 +00:00
Antoine Pitrou 5ba84910ae Issue #7133: SSL objects now support the new buffer API.
This fixes the test_ssl failure.
2009-10-19 17:59:07 +00:00
Jeffrey Yasskin 7937d939b1 Fix nearly all compilation warnings under Apple gcc-4.0. Tested with OPT="-g
-Wall -Wstrict-prototypes -Werror" in both --with-pydebug mode and --without.
There's still a batch of non-prototype warnings in Xlib.h that I don't know how
to fix.
2009-05-29 03:44:31 +00:00
Raymond Hettinger 8fb67e038e Fix signed/unsigned mismatch. 2009-01-26 16:55:41 +00:00
Raymond Hettinger 354cfc1330 Fix signed/unsigned mismatch. 2009-01-26 16:52:22 +00:00
Bill Janssen 934b16d0c2 various SSL fixes; issues 1251, 3162, 3212 2008-06-28 22:19:33 +00:00
Gregory P. Smith dd96db63f6 This reverts r63675 based on the discussion in this thread:
http://mail.python.org/pipermail/python-dev/2008-June/079988.html

Python 2.6 should stick with PyString_* in its codebase.  The PyBytes_* names
in the spirit of 3.0 are available via a #define only.  See the email thread.
2008-06-09 04:58:54 +00:00
Christian Heimes 593daf545b Renamed PyString to PyBytes 2008-05-26 12:51:38 +00:00
Neal Norwitz 5802bb2319 Fix compiler warnings 2008-03-27 05:03:11 +00:00
Neal Norwitz e9057ff1a9 Initialize variable to prevent warning on some platform/config. 2008-01-27 17:10:35 +00:00
Christian Heimes e93237dfcc #1629: Renamed Py_Size, Py_Type and Py_Refcnt to Py_SIZE, Py_TYPE and Py_REFCNT. Macros for b/w compatibility are available. 2007-12-19 02:37:44 +00:00
Christian Heimes a63f268351 Fixed warning in ssl module 2007-12-14 04:38:13 +00:00
Bill Janssen 296a59d3be Add support for asyncore server-side SSL support. This requires
adding the 'makefile' method to ssl.SSLSocket, and importing the
requisite fakefile class from socket.py, and making the appropriate
changes to it to make it use the SSL connection.

Added sample HTTPS server to test_ssl.py, and test that uses it.

Change SSL tests to use https://svn.python.org/, instead of
www.sf.net and pop.gmail.com.

Added utility function to ssl module, get_server_certificate,
to wrap up the several things to be done to pull a certificate
from a remote server.
2007-09-16 22:06:00 +00:00
Bill Janssen 98d19dafd9 More work on SSL support.
* Much expanded test suite:

  All protocols tested against all other protocols.
  All protocols tested with all certificate options.
  Tests for bad key and bad cert.
  Test of STARTTLS functionality.
  Test of RAND_* functions.

* Fixes for threading/malloc bug.

* Issue 1065 fixed:

  sslsocket class renamed to SSLSocket.
  sslerror class renamed to SSLError.
  Function "wrap_socket" now used to wrap an existing socket.

* Issue 1583946 finally fixed:

  Support for subjectAltName added.
  Subject name now returned as proper DN list of RDNs.

* SSLError exported from socket as "sslerror".

* RAND_* functions properly exported from ssl.py.

* Documentation improved:

  Example of how to create a self-signed certificate.
  Better indexing.
2007-09-10 21:51:02 +00:00
Bill Janssen ffe576dc78 SSL certificate distinguished names should be represented by tuples 2007-09-05 00:46:27 +00:00
Guido van Rossum 780b80dc08 > Some of the code sets the error string in this directly before
> returning NULL, and other pieces of the code call PySSL_SetError,
> which creates the error string.  I think some of the places which set
> the string directly probably shouldn't; instead, they should call
> PySSL_SetError to cons up the error name directly from the err code.
> However, PySSL_SetError only works after the construction of an ssl
> object, which means it can't be used there...  I'll take a longer look
> at it and see if there's a reasonable fix.

Here's a patch which addresses this.  It also fixes the indentation in
PySSL_SetError, bringing it into line with PEP 7, fixes a compile warning
about one of the OpenSSL macros, and makes the namespace a bit more
consistent.  I've tested it on FC 7 and OS X 10.4.

% ./python ./Lib/test/regrtest.py -R :1: -u all test_ssl
test_ssl
beginning 6 repetitions
123456
......
1 test OK.
[29244 refs]
%

[GvR: slightly edited to enforce 79-char line length, even if it required
 violating the style guide.]
2007-08-27 18:42:23 +00:00
Neal Norwitz dc988119b5 Fix a few more variables to try to get this to compile with Visual Studio. 2007-08-25 16:58:09 +00:00
Neal Norwitz 049da9e1cf Try to get this to build with Visual Studio by moving all the variable
declarations to the beginning of a scope.
2007-08-25 16:41:36 +00:00
Guido van Rossum 4f2c3ddca4 Server-side SSL and certificate validation, by Bill Janssen.
While cleaning up Bill's C style, I may have cleaned up some code
he didn't touch as well (in _ssl.c).
2007-08-25 15:08:43 +00:00
Martin v. Löwis 6819210b9e PEP 3123: Provide forward compatibility with Python 3.0, while keeping
backwards compatibility. Add Py_Refcnt, Py_Type, Py_Size, and
PyVarObject_HEAD_INIT.
2007-07-21 06:55:02 +00:00
Martin v. Löwis a811c38d8e Fix various minor errors in passing arguments to
PyArg_ParseTuple.
2006-10-19 11:00:37 +00:00
Anthony Baxter 93ab5fa191 #1494314: Fix a regression with high-numbered sockets in 2.4.3. This
means that select() on sockets > FD_SETSIZE (typically 1024) work again.
The patch makes sockets use poll() internally where available.
2006-07-11 02:04:09 +00:00
Neal Norwitz 38e3b7d2d3 Don't mask a no memory error with a less meaningful one as discussed on python-checkins 2006-05-11 07:51:59 +00:00
Neal Norwitz c6a989ac3a Fix problems found by Coverity.
longobject.c: also fix an ssize_t problem
  <a> could have been NULL, so hoist the size calc to not use <a>.

_ssl.c: under fail: self is DECREF'd, but it would have been NULL.

_elementtree.c: delete self if there was an error.

_csv.c: I'm not sure if lineterminator could have been anything other than
a string.  However, other string method calls are checked, so check this
one too.
2006-05-10 06:57:58 +00:00
Neal Norwitz c859b5c04e Remove unused field 2006-04-17 01:49:28 +00:00
Georg Brandl 43f08a85e4 Patch #1380952: fix SSL objects timing out on consecutive read()s 2006-03-31 18:01:16 +00:00
Neal Norwitz 389cea8efc Try to improve name based on discussion on python-checkins with Jim Jewett 2006-02-13 00:35:21 +00:00
Martin v. Löwis f84d1b9375 Introduce Py_SOCKET_FD_CAN_BE_GE_FD_SETSIZE.
Proposed by Tim Peters.
2006-02-11 09:27:05 +00:00
Neal Norwitz 082b2df33f Bug #876637, prevent stack corruption when socket descriptor
is larger than FD_SETSIZE.

This can only be acheived with ulimit -n SOME_NUMBER_BIGGER_THAN_FD_SETSIZE
which is typically only available to root.  Since this wouldn't normally
be run in a test (ie, run as root), it doesn't seem too worthwhile to
add a normal test.  The bug report has one version of a test.  I've
written another.  Not sure what the best thing to do is.

Do the check before calling internal_select() because we can't set
an error in between Py_BEGIN_ALLOW_THREADS and Py_END_ALLOW_THREADS.
This seemed the clearest solution, ie handle before calling internal_select()
rather than inside.  Plus there is at least one place outside
of internal_select() that needed to be handled.

Will backport.
2006-02-07 07:04:46 +00:00
Neal Norwitz 19cbcad20e Fix indentation (whitespace only). 2006-02-07 06:59:20 +00:00
Neal Norwitz 1ac754fa10 Check return result from Py_InitModule*(). This API can fail.
Probably should be backported.
2006-01-19 06:09:39 +00:00
Michael W. Hudson 5910d81c97 Add a missing decref -- PyErr_SetObject increfs the 'object'! 2004-08-04 14:59:00 +00:00
Andrew M. Kuchling 27d3dda7f1 [Patch #909007] Enable a bunch of safe bug workarounds in OpenSSL, for compatibility with various broken SSL implementations out there. 2004-07-10 21:36:55 +00:00
Andrew M. Kuchling 9c3efe3ec6 [Patch #945642] Fix non-blocking SSL sockets, which blocked on reads/writes in Python 2.3.
(It turns out that the Debian unstable packaging of Python 2.3.4 includes this patch.)
Patch by Tino Lange.
2004-07-10 21:15:17 +00:00
Brett Cannon 06c34798df Make socket.sslerror a subclass of socket.error .
Added socket.error to the socket module's C API.
2004-03-23 23:16:54 +00:00
Martin v. Löwis 405a7952fd Patch #803998: Correctly check for error in SSL_write. 2003-10-27 14:24:37 +00:00
Walter Dörwald f0dfc7ac5c Fix a bunch of typos in documentation, docstrings and comments.
(From SF patch #810751)
2003-10-20 14:01:56 +00:00
Neal Norwitz a9002f824b Fix SF #754870, SSL crash interpreter when remote side closes during connect
Also fix a memory leak.
2003-06-30 03:25:20 +00:00
Martin v. Löwis afec8e3bde Patch #751916: Check for signals, fix some refcounting errors. 2003-06-28 07:40:23 +00:00
Neal Norwitz 529baf2b57 Fix compiler warning 2003-02-02 17:08:33 +00:00
Guido van Rossum 4f707ac8b1 SF patch 676472 by Geoff Talvola, reviewed by Ben Laurie.
Geoff writes:
  This is yet another patch to _ssl.c that sets the
  underlying BIO to non-blocking if the socket being
  wrapped is non-blocking. It also correctly loops when
  SSL_connect, SSL_write, or SSL_read indicates that it
  needs to read or write more bytes.

  This seems to fix bug #673797 which was not fixed by my
  previous patch.
2003-01-31 18:13:18 +00:00
Guido van Rossum 99d4abf8a2 Support socket timeout in SSL, by Geoff Talvola.
(SF patch #675750, to fix SF bug #675552.)
2003-01-27 22:22:50 +00:00
Mark Hammond fe51c6d66e Excise DL_EXPORT/DL_IMPORT from Modules/*. Required adding a prototype
for Py_Main().

Thanks to Kalle Svensson and Skip Montanaro for the patches.
2002-08-02 02:27:13 +00:00
Martin v. Löwis 09c35f78fe Patch #575827: allow threads inside SSL creation. 2002-07-28 09:57:45 +00:00
Jeremy Hylton 938ace69a0 staticforward bites the dust.
The staticforward define was needed to support certain broken C
compilers (notably SCO ODT 3.0, perhaps early AIX as well) botched the
static keyword when it was used with a forward declaration of a static
initialized structure.  Standard C allows the forward declaration with
static, and we've decided to stop catering to broken C compilers.  (In
fact, we expect that the compilers are all fixed eight years later.)

I'm leaving staticforward and statichere defined in object.h as
static.  This is only for backwards compatibility with C extensions
that might still use it.

XXX I haven't updated the documentation.
2002-07-17 16:30:39 +00:00
Jeremy Hylton 4e54730ed5 Repair badly formatted code. 2002-07-02 18:25:00 +00:00
Martin v. Löwis 14f8b4cfcb Patch #568124: Add doc string macros. 2002-06-13 20:33:02 +00:00
Tim Peters 5de9842b34 Repair widespread misuse of _PyString_Resize. Since it's clear people
don't understand how this function works, also beefed up the docs.  The
most common usage error is of this form (often spread out across gotos):

	if (_PyString_Resize(&s, n) < 0) {
		Py_DECREF(s);
		s = NULL;
		goto outtahere;
	}

The error is that if _PyString_Resize runs out of memory, it automatically
decrefs the input string object s (which also deallocates it, since its
refcount must be 1 upon entry), and sets s to NULL.  So if the "if"
branch ever triggers, it's an error to call Py_DECREF(s):  s is already
NULL!  A correct way to write the above is the simpler (and intended)

	if (_PyString_Resize(&s, n) < 0)
		goto outtahere;

Bugfix candidate.
2002-04-27 18:44:32 +00:00
Martin v. Löwis 6af3e2dc31 Forward port of patch # 500311: Work around for buggy https servers.
Fixes #494762.
2002-04-20 07:47:40 +00:00