traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
86,128 Commits 9 Branches 456 Tags 1.7 GiB
Commit Graph

239 Commits

Author SHA1 Message Date
Benjamin Peterson 43b842775f remove extra arguments in arg parsing format codes (closes #23875) 2015-04-06 13:05:22 -04:00
Benjamin Peterson 990fcaac3c expose X509_V_FLAG_TRUSTED_FIRST 2015-03-04 22:49:41 -05:00
Benjamin Peterson fdb1971587 enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476) 2015-03-04 22:11:12 -05:00
Antoine Pitrou f7f3b0a14a Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed. 2015-03-04 20:51:55 +01:00
Serhiy Storchaka 1a1ff29659 Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer 
overflows.  Added few missed PyErr_NoMemory().
 2015-02-16 13:28:22 +02:00
Victor Stinner fcfed19913 Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The 
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
 2015-01-06 13:54:58 +01:00
Benjamin Peterson e32467cf6a allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935) 
Patch by Kurt Roeckx.
 2014-12-05 21:59:35 -05:00
Benjamin Peterson 7243b574e5 don't require OpenSSL SNI to pass hostname to ssl functions (#22921) 
Patch by Donald Stufft.
 2014-11-23 17:04:34 -06:00
Victor Stinner cd75298611 Issue #21781, _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires 
size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".
 2014-07-07 21:52:29 +02:00
Victor Stinner 2e57b4e488 Issue #21781: Make the ssl module "ssize_t clean" for parsing parameters. 
ssl.RAND_add() now supports strings longer than 2 GB.
 2014-07-01 16:37:17 +02:00
Antoine Pitrou 0bebbc33fa Issue #21015: SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". 
(should also fix a buildbot failure introduced by #20995)
 2014-03-22 18:13:50 +01:00
Gregory P. Smith 83fed26953 avoid a compiler warning about assigning const char * to char *. 2014-01-17 12:09:05 -08:00
Gregory P. Smith f34890937b avoid a compiler warning about assigning const char * to char *. 2014-01-17 12:08:49 -08:00
Antoine Pitrou 78ace81c93 Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for. 2014-01-09 20:09:03 +01:00
Antoine Pitrou 2f7c31678a Remove conditional: it is useless at this point (OpenSSL headers are not yet included) 2014-01-09 20:07:41 +01:00
Antoine Pitrou cd3d7cabef Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for. 2014-01-09 20:02:20 +01:00
Victor Stinner 36e96b8716 (Merge 3.3) Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now 
raise a ValueError if num is negative (instead of raising a SystemError).
 2013-12-19 16:47:25 +01:00
Victor Stinner 1e81a399a2 Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a 
ValueError if num is negative (instead of raising a SystemError).
 2013-12-19 16:47:04 +01:00
Christian Heimes 1aa9a75fbf Issue #19509: Add SSLContext.check_hostname to match the peer's certificate 
with server_hostname on handshake.
 2013-12-02 02:41:19 +01:00
Christian Heimes 470fba1f9f SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too 2013-11-28 15:12:15 +01:00
Christian Heimes 2427b50fdd Issue #8813: X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+ 
The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
 2013-11-23 11:24:32 +01:00
Christian Heimes 5398e1a56e Issue #19448: report name / NID in exception message of ASN1Object 2013-11-22 16:20:53 +01:00
Christian Heimes f22e8e5426 Issue #18147: Add missing documentation for SSLContext.get_ca_certs(). 
Also change the argument name to the same name as getpeercert()
 2013-11-22 02:22:51 +01:00
Christian Heimes 44109d7de7 Issue #17134: Finalize interface to Windows' certificate store. Cert and 
CRL enumeration are now two functions. enum_certificates() also returns
purpose flags as set of OIDs.
 2013-11-22 01:51:30 +01:00
Christian Heimes 1dbf61fa46 downcast len to int. The code has already checked that len < INT_MAX 2013-11-22 00:34:18 +01:00
Christian Heimes 18fc7be80d lst might be NULL here 
CID 1130752:  Dereference after null check  (FORWARD_NULL)
 2013-11-21 23:57:49 +01:00
Christian Heimes 225877917e Issue #8813: Add SSLContext.verify_flags to change the verification flags 
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
 2013-11-21 23:56:13 +01:00
Christian Heimes 949ec14209 Issue #19682: Fix compatibility issue with old version of OpenSSL that 
was introduced by Issue #18379.
 2013-11-21 16:26:51 +01:00
Christian Heimes bd3a7f90b5 Issue #18379: SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP 
and CRL distribution points.
 2013-11-21 03:40:15 +01:00
Christian Heimes efff7060f8 Issue #18138: Implement cadata argument of SSLContext.load_verify_location() 
to load CA certificates and CRL from memory. It supports PEM and DER
encoded strings.
 2013-11-21 03:35:02 +01:00
Christian Heimes b08ff7dcb4 Safely downcast SOCKET_T to int in _ssl module 2013-11-18 10:04:07 +01:00
Christian Heimes a6bc95aa02 Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name. 2013-11-17 19:59:14 +01:00
Victor Stinner a9eb38f02a Issue #19437: Fix newPySSLSocket(), handle PyWeakref_NewRef() failure 2013-10-31 16:35:38 +01:00
Victor Stinner ba9be477b0 Issue #19437: Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue() 
failure

Don't call PyObject_CallObject() with NULL parameters and an exception set.
 2013-10-31 15:00:24 +01:00
Christian Heimes ee0bac66b2 Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding 
It is causing trouble like e.g. hanging processes.
 2013-10-29 21:11:55 +01:00
Christian Heimes fb6b44e830 Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding 
It is causing trouble like e.g. hanging processes.
 2013-10-29 20:50:01 +01:00
Georg Brandl 81be27d53e Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL 
pseudo-random number generator on fork().
 2013-10-27 07:56:11 +01:00
Georg Brandl fb404f528a #19227: merge with 3.3 2013-10-27 07:57:42 +01:00
Antoine Pitrou b2201e1aa6 Properly initialize all fields of a SSL object after allocation. 2013-09-29 19:53:45 +02:00
Antoine Pitrou 860aee75b8 Properly initialize all fields of a SSL object after allocation. 2013-09-29 19:52:45 +02:00
Antoine Pitrou 20b85557f2 Issue #19095: SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done. 2013-09-29 19:50:53 +02:00
Christian Heimes 2d7aba3db1 Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:50 +02:00
Christian Heimes 60bf2fc25b Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:35 +02:00
Victor Stinner daf455554b Issue #18571: Implementation of the PEP 446: file descriptors and file handles 
are now created non-inheritable; add functions os.get/set_inheritable(),
os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().
 2013-08-28 00:53:59 +02:00
Christian Heimes cfa47962c2 Issue #18747: Fix spelling errors in my commit message and comments, 
thanks to Vajrasky Kok for proof-reading.
 2013-08-25 14:19:29 +02:00
Christian Heimes 61636e7105 Issue #18747: Fix spelling errors in my commit message and comments, 
thanks to Vajrasky Kok for proof-reading.
 2013-08-25 14:19:16 +02:00
Richard Oudkerk cabbde9e1e Fix compiler warning on Windows. 2013-08-24 23:46:27 +01:00
Christian Heimes f54c24628b Issue #18747: Use a parent atfork handler instead of a child atfork handler. 
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
 2013-08-22 13:19:56 +02:00
Christian Heimes 80c5de93f9 Issue #18747: Use a parent atfork handler instead of a child atfork handler. 
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
 2013-08-22 13:19:48 +02:00
Christian Heimes 6acbe2aaa3 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork. 
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
 2013-08-21 13:26:34 +02:00