Commit Graph

154 Commits

Author SHA1 Message Date
Antoine Pitrou d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
Antoine Pitrou c135fa424e Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay. 2012-02-19 21:22:39 +01:00
Antoine Pitrou ce816a5111 Issue #13895: fix test_ssl hanging under Ubuntu 2012-01-28 17:40:23 +01:00
Antoine Pitrou eba63c4203 Issue #13895: fix test_ssl hanging under Ubuntu 2012-01-28 17:38:34 +01:00
Antoine Pitrou 6636887104 Fix intermittent test_ssl failure. 2012-01-27 17:34:56 +01:00
Antoine Pitrou eced82ecbf Fix intermittent test_ssl failure. 2012-01-27 17:33:01 +01:00
Antoine Pitrou 8f85f907e3 Issue #13636: Weak ciphers are now disabled by default in the ssl module
(except when SSLv2 is explicitly asked for).
2012-01-03 22:46:48 +01:00
Antoine Pitrou 65a3f4b8c5 Use context managers in test_ssl to simplify test writing. 2011-12-21 16:52:40 +01:00
Antoine Pitrou 72aeec35a1 Issue #13636: Weak ciphers are now disabled by default in the ssl module
(except when SSLv2 is explicitly asked for).
2012-01-03 22:49:08 +01:00
Antoine Pitrou 0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
Antoine Pitrou 6b15c90fd8 Use context managers in test_ssl to simplify test writing. 2011-12-21 16:54:45 +01:00
Antoine Pitrou 501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
(followup to issue #13627)
2011-12-21 09:27:41 +01:00
Antoine Pitrou 8691bff6db Fix for buggy test 2011-12-20 10:47:42 +01:00
Antoine Pitrou 8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou 923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
Antoine Pitrou 6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
Barry Warsaw c21a81bf76 - Issue #13218: Fix test_ssl failures on Debian/Ubuntu. 2011-10-28 17:08:12 -04:00
Barry Warsaw 46ae0efce1 - Issue #13218: Fix test_ssl failures on Debian/Ubuntu. 2011-10-28 16:52:17 -04:00
Antoine Pitrou 41032a69c1 Issue #11183: Add finer-grained exceptions to the ssl module, so that
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
Antoine Pitrou a02a12c517 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:22:30 +02:00
Antoine Pitrou d8c347a8de Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:20:25 +02:00
Nick Coghlan 513886aabb Fix #12835: prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson) 2011-08-28 00:00:27 +10:00
Antoine Pitrou 4fd1e6a3ba Issue #12803: SSLContext.load_cert_chain() now accepts a password argument
to be used if the private key is encrypted.  Patch by Adam Simpkins.
2011-08-25 14:39:44 +02:00
Nick Coghlan 5fab03fd15 Remove the SSLSocket versions of sendmsg/recvmsg due to lack of proper tests and documentation in conjunction with lack of any known use cases (see issue #6560 for details) 2011-08-23 22:26:44 +10:00
Nick Coghlan 96fe56abec Add support for the send/recvmsg API to the socket module. Patch by David Watson and Heiko Wundram. (Closes #6560) 2011-08-22 11:55:57 +10:00
Antoine Pitrou d649480739 Issue #12551: Provide a get_channel_binding() method on SSL sockets so as
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.

Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
Antoine Pitrou 7128f95bd2 Issue #12440: When testing whether some bits in SSLContext.options can be
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:49:07 +02:00
Antoine Pitrou b9ac25d1c3 Issue #12440: When testing whether some bits in SSLContext.options can be
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:47:06 +02:00
Victor Stinner 2e2baa9208 Issue #12049: test_ssl now checks also that RAND_bytes() raises an error if
there is not enough entropy.
2011-05-25 11:15:16 +02:00
Victor Stinner 99c8b16143 Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
module.
2011-05-24 12:05:19 +02:00
Antoine Pitrou 7a616f2fc5 Issue #12065: connect_ex() on an SSL socket now returns the original errno
when the socket's timeout expires (it used to return None).
2011-05-18 18:52:20 +02:00
Antoine Pitrou b4410dbea6 Issue #12065: connect_ex() on an SSL socket now returns the original errno
when the socket's timeout expires (it used to return None).
2011-05-18 18:51:06 +02:00
Victor Stinner 17ca323e7c (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
Victor Stinner ee18b6f2fd Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
Victor Stinner 3de49192aa Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
Antoine Pitrou ff9bfca482 Issue #12000: When a SSL certificate has a subjectAltName without any
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:20:55 +02:00
Antoine Pitrou 1c86b44506 Issue #12000: When a SSL certificate has a subjectAltName without any
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:19:49 +02:00
Antoine Pitrou 5aefa6637c Fix whitespace 2011-04-28 19:24:46 +02:00
Antoine Pitrou 15399c3f09 Issue #11811: ssl.get_server_certificate() is now IPv6-compatible. Patch
by Charles-François Natali.
2011-04-28 19:23:55 +02:00
Antoine Pitrou d1c9845b54 Merged revisions 88671 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r88671 | antoine.pitrou | 2011-02-27 16:44:12 +0100 (dim., 27 févr. 2011) | 3 lines

  Follow up to r88664: non-blocking connect-ex() can return EWOULDBLOCK under Windows
........
2011-02-27 15:45:16 +00:00
Antoine Pitrou 8a14a0c88b Follow up to r88664: non-blocking connect-ex() can return EWOULDBLOCK under Windows 2011-02-27 15:44:12 +00:00
Antoine Pitrou 86cbfec50a Merged revisions 88664 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines

  Issue #11326: Add the missing connect_ex() implementation for SSL sockets,
  and make it work for non-blocking connects.
........
2011-02-26 23:25:34 +00:00
Antoine Pitrou e93bf7aed2 Issue #11326: Add the missing connect_ex() implementation for SSL sockets,
and make it work for non-blocking connects.
2011-02-26 23:24:06 +00:00
Victor Stinner 80f75e684e Issue #10989: Fix a crash on SSLContext.load_verify_locations(None, True).
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
2011-01-29 11:31:20 +00:00
Antoine Pitrou 50778ab4c2 Merged revisions 87861,87863 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87861 | antoine.pitrou | 2011-01-08 11:23:29 +0100 (sam., 08 janv. 2011) | 3 lines

  Fix test_ssl after r87849
........
  r87863 | antoine.pitrou | 2011-01-08 11:28:11 +0100 (sam., 08 janv. 2011) | 3 lines

  Add EHOSTUNREACH ('No route to host') to the errnos trapped by transient_internet().
........
2011-01-08 10:31:09 +00:00
Antoine Pitrou 160fd938ed Fix test_ssl after r87849 2011-01-08 10:23:29 +00:00
Victor Stinner f332abbf15 test_ssl: test SHA256 using sha256.tbs-internet.com instead of sha2.hboeck.de 2011-01-08 03:16:05 +00:00
Antoine Pitrou c4df784514 Issue #10272: The ssl module now raises socket.timeout instead of a generic
SSLError on socket timeouts.
2010-12-03 19:59:41 +00:00
Ezio Melotti ed3a7d2d60 #10273: Rename assertRegexpMatches and assertRaisesRegexp to assertRegex and assertRaisesRegex. 2010-12-01 02:32:32 +00:00
Georg Brandl f55aa80b37 Merged revisions 85820,85823,85825,85840,85843-85845,85849-85851,85855,85867,85875,85907-85908,85911,85914 via svnmerge from
svn+ssh://svn.python.org/python/branches/py3k

........
  r85820 | georg.brandl | 2010-10-24 16:20:22 +0200 (So, 24 Okt 2010) | 1 line

  Remove usage of exception indexing.
........
  r85823 | georg.brandl | 2010-10-24 16:32:45 +0200 (So, 24 Okt 2010) | 1 line

  Fix style.
........
  r85825 | georg.brandl | 2010-10-24 17:16:02 +0200 (So, 24 Okt 2010) | 1 line

  Add documentation about the default warnings filters.
........
  r85840 | georg.brandl | 2010-10-25 19:50:20 +0200 (Mo, 25 Okt 2010) | 1 line

  #3018: tkinter demo fixes for py3k.
........
  r85843 | georg.brandl | 2010-10-26 08:59:23 +0200 (Di, 26 Okt 2010) | 1 line

  Markup fix.
........
  r85844 | georg.brandl | 2010-10-26 12:39:14 +0200 (Di, 26 Okt 2010) | 1 line

  Work a bit more on tkinter demos.
........
  r85845 | georg.brandl | 2010-10-26 12:42:16 +0200 (Di, 26 Okt 2010) | 1 line

  faqwiz is removed.
........
  r85849 | georg.brandl | 2010-10-26 21:31:06 +0200 (Di, 26 Okt 2010) | 1 line

  #10200: typo.
........
  r85850 | georg.brandl | 2010-10-26 21:58:11 +0200 (Di, 26 Okt 2010) | 1 line

  #10200: typo.
........
  r85851 | georg.brandl | 2010-10-26 22:12:37 +0200 (Di, 26 Okt 2010) | 1 line

  Fix import.
........
  r85855 | georg.brandl | 2010-10-27 09:21:54 +0200 (Mi, 27 Okt 2010) | 1 line

  Encoding fix.
........
  r85867 | georg.brandl | 2010-10-27 22:01:51 +0200 (Mi, 27 Okt 2010) | 1 line

  Add David.
........
  r85875 | georg.brandl | 2010-10-28 10:38:30 +0200 (Do, 28 Okt 2010) | 1 line

  Fix bytes/str issues in get-remote-certificate.py.
........
  r85907 | georg.brandl | 2010-10-29 06:54:13 +0200 (Fr, 29 Okt 2010) | 1 line

  #10222: fix for overzealous AIX compiler.
........
  r85908 | georg.brandl | 2010-10-29 07:22:17 +0200 (Fr, 29 Okt 2010) | 1 line

  send_bytes obviously needs bytes...
........
  r85911 | georg.brandl | 2010-10-29 07:36:28 +0200 (Fr, 29 Okt 2010) | 1 line

  Fix markup error and update false positive entries from "make suspicious".
........
  r85914 | georg.brandl | 2010-10-29 08:17:38 +0200 (Fr, 29 Okt 2010) | 1 line

  (?:...) is a non-capturing, but still grouping construct.
........
2010-11-26 08:59:40 +00:00