Commit Graph

327 Commits

Author SHA1 Message Date
Serhiy Storchaka 911068e250 [3.6] Regenerate Argument Clinic code for bpo-19180. (GH-2073). (#2077)
(cherry picked from commit 5f31d5cf6e)
2017-06-10 13:48:53 +03:00
Nick Coghlan c422959dac [3.6] bpo-19180: Updated references for RFC 1750, RFC 3280 & RFC 4366
* RFC 1750 has been been obsoleted by RFC 4086.
* RFC 3280 has been obsoleted by RFC 5280.
* RFC 4366 has been obsoleted by RFC 6066.
(cherry picked from commit 63c2c8ac17)
2017-06-09 22:37:53 +10:00
Nathaniel J. Smith 854f7ba1d5 [3.6] bpo-30594: Fixed refcounting in newPySSLSocket (GH-1992) (#1994)
If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults.
(cherry picked from commit 65ece7ca23)
2017-06-08 14:14:40 +03:00
Mariatta 8e7201342d [3.6] bpo-29738: Fix memory leak in _get_crl_dp (GH-526) (GH-1142)
* Remove conditional on free of `dps`, since `dps` is now allocated for
all versions of OpenSSL
* Remove call to `x509_check_ca` since it was only used to cache
the `crldp` field of the certificate
CRL_DIST_POINTS_free is available in all supported versions of OpenSSL
(recent 0.9.8+) and LibreSSL.
(cherry picked from commit 2849cc34a8)
2017-04-14 18:34:11 -07:00
Donald Stufft 784ba7c8ad bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (#397) 2017-03-02 12:32:13 -05:00
Christian Heimes 1a63b9f288 Typo 2016-09-24 12:07:21 +02:00
Christian Heimes a5d0765990 Finish GC code for SSLSession and increase test coverage 2016-09-24 10:48:05 +02:00
Christian Heimes f6365e3816 Issue #28188: Use PyMem_Calloc() to get rid of a type-limits warning and an extra memset() call in _ssl.c. 2016-09-13 20:48:13 +02:00
Victor Stinner 410b9887e1 Issue #27866: Fix refleak in cipher_to_dict() 2016-09-12 12:00:23 +02:00
Christian Heimes 5fe668c672 Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContext 2016-09-12 00:01:11 +02:00
Christian Heimes 99a6570295 Issue #19500: Add client-side SSL session resumption to the ssl module. 2016-09-10 23:44:53 +02:00
Christian Heimes 358cfd426c Issue 28043: SSLContext has improved default settings
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
2016-09-10 22:43:48 +02:00
Christian Heimes fe3c9c1ee9 Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. 2016-09-06 23:27:06 +02:00
Christian Heimes 1c03abd026 Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. 2016-09-06 23:25:35 +02:00
Christian Heimes 0061bf5892 Issue #26470: Use short name rather than name for compression name to fix #27958. 2016-09-06 01:14:34 +02:00
Christian Heimes 281e5f8839 Issue #26470: Use short name rather than name for compression name to fix #27958. 2016-09-06 01:10:39 +02:00
Christian Heimes 25bfcd5d9e Issue #27866: Add SSLContext.get_ciphers() method to get a list of all enabled ciphers. 2016-09-06 00:04:45 +02:00
Christian Heimes 01113faef9 Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. 2016-09-05 23:23:24 +02:00
Christian Heimes 598894ff48 Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. 2016-09-05 23:19:05 +02:00
Benjamin Peterson a853c479ee merge 3.5 (#27773) 2016-08-15 21:56:11 -07:00
Benjamin Peterson 81b9ecd2a3 fix corner cases in the management of server_hostname (closes #27773) 2016-08-15 21:55:37 -07:00
Victor Stinner d3afb62b8f Merge 3.5 (INVALID_SOCKET) 2016-07-22 17:47:09 +02:00
Victor Stinner 524714eeda socket: use INVALID_SOCKET
* Replace "fd = -1" with "fd = INVALID_SOCKET"
* Replace "fd < 0" with "fd == INVALID_SOCKET": SOCKET_T is unsigned on Windows

Bug found by Pavel Belikov ("Fragment N1"):
http://www.viva64.com/en/b/0414/#ID0ECDAE
2016-07-22 17:43:59 +02:00
Martin Panter 7386268ffd Issue #23804: Merge SSL recv() fix from 3.5 2016-07-11 01:32:09 +00:00
Martin Panter bed7f1a512 Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOF 2016-07-11 00:17:13 +00:00
Serhiy Storchaka 2954f83999 - Issue #27332: Fixed the type of the first argument of module-level functions
generated by Argument Clinic.  Patch by Petr Viktorin.
2016-07-07 18:20:03 +03:00
Serhiy Storchaka 1a2b24f02d Issue #27332: Fixed the type of the first argument of module-level functions
generated by Argument Clinic.  Patch by Petr Viktorin.
2016-07-07 17:35:15 +03:00
Benjamin Peterson 50600a78cb merge 3.5 (#24557) 2016-07-06 23:58:16 -07:00
Benjamin Peterson b8a2f51ceb assume egd unless OPENSSL_NO_EGD is defined—remove configure check (closes #24557) 2016-07-06 23:55:15 -07:00
Berker Peksag 2c164b738d Fix unused variable 'libver' warning in Modules/_ssl.c
It can be seen on various buildbots like 3.x.cea-indiana-amd64
and 3.x.murray-snowleopard:

/export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver'

/Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
2016-04-14 16:49:21 +03:00
Berker Peksag dfcb041195 Fix unused variable 'libver' warning in Modules/_ssl.c
It can be seen on various buildbots like 3.x.cea-indiana-amd64
and 3.x.murray-snowleopard:

/export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver'

/Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
2016-04-14 16:48:48 +03:00
Serhiy Storchaka f01e408c16 Issue #26200: Added Py_SETREF and replaced Py_XSETREF with Py_SETREF
in places where Py_DECREF was used.
2016-04-10 18:12:01 +03:00
Serhiy Storchaka 57a01d3a0e Issue #26200: Added Py_SETREF and replaced Py_XSETREF with Py_SETREF
in places where Py_DECREF was used.
2016-04-10 18:05:40 +03:00
Serhiy Storchaka ec39756960 Issue #22570: Renamed Py_SETREF to Py_XSETREF. 2016-04-06 09:50:03 +03:00
Serhiy Storchaka 48842714b9 Issue #22570: Renamed Py_SETREF to Py_XSETREF. 2016-04-06 09:45:48 +03:00
Martin Panter afd465d497 Issue #26644: Merge SSL negative read fix from 3.5 2016-03-27 10:40:22 +00:00
Martin Panter 5503d4731e Issue #26644: Raise ValueError for negative SSLSocket.recv() and read() 2016-03-27 05:35:19 +00:00
Benjamin Peterson 4a180a693f merge 3.5 (closes #25939) 2016-02-17 22:18:35 -08:00
Benjamin Peterson 1378f7ca68 merge 3.4 (closes #25939) 2016-02-17 22:18:20 -08:00
Benjamin Peterson 9491272751 open the cert store readonly
Patch from Chi Hsuan Yen.
2016-02-17 22:13:19 -08:00
Benjamin Peterson 5db60aa84e merge 3.5 (closes #25672) 2016-01-07 21:38:51 -08:00
Benjamin Peterson 3b1a8b3bbe enable SSL_MODE_RELEASE_BUFFERS
Patch by Cory Benfield.
2016-01-07 21:37:37 -08:00
Serhiy Storchaka ef1585eb9a Issue #25923: Added more const qualifiers to signatures of static and private functions. 2015-12-25 20:01:53 +02:00
Serhiy Storchaka 5a57ade58e Issue #20440: Massive replacing unsafe attribute setting code with special
macro Py_SETREF.
2015-12-24 10:35:59 +02:00
Benjamin Peterson fcc2e71e99 merge 3.4 (#25578) 2015-11-14 15:14:42 -08:00
Benjamin Peterson 025a1fd990 rm trailing ws 2015-11-14 15:12:38 -08:00
Benjamin Peterson f0c9038a36 fix possible memory lea k in _get_aia_uri (closes #25578) 2015-11-14 15:12:18 -08:00
Benjamin Peterson 2463001a15 merge 3.4 (#25569) 2015-11-14 00:11:09 -08:00
Benjamin Peterson 806fb25405 fix build with older openssl (#25569) 2015-11-14 00:09:22 -08:00
Benjamin Peterson 45bde5d2ee merge 3.4 (#25530) 2015-11-11 22:45:22 -08:00