Christian Heimes
44109d7de7
Issue #17134 : Finalize interface to Windows' certificate store. Cert and
...
CRL enumeration are now two functions. enum_certificates() also returns
purpose flags as set of OIDs.
2013-11-22 01:51:30 +01:00
Christian Heimes
225877917e
Issue #8813 : Add SSLContext.verify_flags to change the verification flags
...
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
2013-11-21 23:56:13 +01:00
Christian Heimes
bd3a7f90b5
Issue #18379 : SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP
...
and CRL distribution points.
2013-11-21 03:40:15 +01:00
Christian Heimes
efff7060f8
Issue #18138 : Implement cadata argument of SSLContext.load_verify_location()
...
to load CA certificates and CRL from memory. It supports PEM and DER
encoded strings.
2013-11-21 03:35:02 +01:00
Antoine Pitrou
6b2b084192
Issue #19508 : direct the user to read the security considerations for the ssl module
2013-11-17 15:36:03 +01:00
Antoine Pitrou
9eefe91fc2
Issue #19508 : direct the user to read the security considerations for the ssl module
2013-11-17 15:35:33 +01:00
Christian Heimes
9f09120b83
merge
2013-10-29 22:21:16 +01:00
Christian Heimes
47674bc470
fix language
2013-10-29 22:19:39 +01:00
Christian Heimes
ee0bac66b2
Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding
...
It is causing trouble like e.g. hanging processes.
2013-10-29 21:11:55 +01:00
Christian Heimes
3046fe4c03
Issue #18747 : document issue with OpenSSL's CPRNG state and fork
2013-10-29 21:08:56 +01:00
Georg Brandl
72c98d3a76
Issue #17997 : Change behavior of ``ssl.match_hostname()`` to follow RFC 6125,
...
for security reasons. It now doesn't match multiple wildcards nor wildcards
inside IDN fragments.
2013-10-27 07:16:53 +01:00
Georg Brandl
b89b5df9c9
merge with 3.3
2013-10-27 07:46:09 +01:00
Georg Brandl
99b1a12f2f
merge with 3.3
2013-10-06 18:20:39 +02:00
Georg Brandl
4a6cf6c9d1
Closes #19177 : replace dead link to SSL/TLS introduction with the version from Apache.
2013-10-06 18:20:31 +02:00
Antoine Pitrou
20b85557f2
Issue #19095 : SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done.
2013-09-29 19:50:53 +02:00
Larry Hastings
d36fc4307e
Fix minor documentation markup error.
2013-08-03 02:49:53 -07:00
R David Murray
fe3ae3cdc7
Merge #18311 : fix typo.
2013-06-26 15:11:32 -04:00
R David Murray
c7f7579855
#18311 : fix typo.
2013-06-26 15:11:12 -04:00
Christian Heimes
9a5395ae2b
Issue #18147 : Add diagnostic functions to ssl.SSLContext().
...
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
2013-06-17 15:44:12 +02:00
Christian Heimes
46bebee25f
Issue #17134 : Add ssl.enum_cert_store() as interface to Windows' cert store.
2013-06-09 19:03:31 +02:00
Christian Heimes
3e738f97f8
removed accidental new line
2013-06-09 18:07:16 +02:00
Christian Heimes
6d7ad13a45
Issue #18143 : Implement ssl.get_default_verify_paths() in order to debug
...
the default locations for cafile and capath.
2013-06-09 18:02:55 +02:00
Antoine Pitrou
9b42128e2c
Issue #17739 : fix the description of SSLSocket.getpeercert(binary_form=True) for server sockets.
...
Thanks to David D Lowe for reporting.
2013-04-16 20:28:15 +02:00
Antoine Pitrou
d34941ad4e
Issue #17739 : fix the description of SSLSocket.getpeercert(binary_form=True) for server sockets.
...
Thanks to David D Lowe for reporting.
2013-04-16 20:27:17 +02:00
Antoine Pitrou
50b24d0d7c
Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.
...
Patch by Kazuhiro Yoshida.
(originally issue #8109 )
2013-04-11 20:48:42 +02:00
Antoine Pitrou
2463e5fee4
Issue #16692 : The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù.
2013-03-28 22:24:43 +01:00
Terry Jan Reedy
8e7586bd44
Issue #17047 : remove doubled words added in 3.4,
...
as reported by Serhiy Storchaka and Matthew Barnett.
2013-03-11 18:38:13 -04:00
Antoine Pitrou
58ddc9d743
Issue #8109 : The ssl module now has support for server-side SNI, thanks to a :meth:`SSLContext.set_servername_callback` method.
...
Patch by Daniel Black.
2013-01-05 21:20:29 +01:00
Antoine Pitrou
d9a7e70939
Update the getpeercert() example with a real-world cert showing non-trivial issuer, subject and subjectAltName.
2012-08-16 22:18:37 +02:00
Antoine Pitrou
b7c6c8105e
Update the getpeercert() example with a real-world cert showing non-trivial issuer, subject and subjectAltName.
2012-08-16 22:14:43 +02:00
Antoine Pitrou
3b36fb1f53
Issue #14837 : SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule.
...
The str() of a SSLError is also enhanced accordingly.
NOTE: this commit creates a reference leak. The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type. The leak is on the
type object when it is instantiated:
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
2012-06-22 21:11:52 +02:00
Antoine Pitrou
d5d17eb653
Issue #14204 : The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
...
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
Antoine Pitrou
e10ae8871a
Clarify that ssl.OP_ALL can be different from OpenSSL's SSL_OP_ALL.
2012-01-27 10:03:23 +01:00
Antoine Pitrou
9f6b02ecde
Clarify that ssl.OP_ALL can be different from OpenSSL's SSL_OP_ALL.
2012-01-27 10:02:55 +01:00
Antoine Pitrou
ac8bfcacfc
Issue #13747 : fix SSL compatibility table.
2012-01-09 21:43:18 +01:00
Antoine Pitrou
84a2edcdf7
Issue #13747 : fix documentation error about the default SSL version.
2012-01-09 21:35:11 +01:00
Antoine Pitrou
441ae043df
Update printout of SSL certificate examples for 3.2+.
2012-01-06 20:06:15 +01:00
Antoine Pitrou
b7ffed8a50
Add a subsection explaning cipher selection.
2012-01-04 02:53:44 +01:00
Antoine Pitrou
8a9b9c7d16
Merge SSL doc fixes (issue #13747 ).
2012-01-09 21:46:11 +01:00
Antoine Pitrou
deec7566ae
Update printout of SSL certificate examples for 3.2+.
2012-01-06 20:09:29 +01:00
Antoine Pitrou
8f746d83e2
Add a subsection explaning cipher selection.
2012-01-04 02:54:12 +01:00
Antoine Pitrou
0e576f1f50
Issue #13626 : Add support for SSL Diffie-Hellman key exchange, through the
...
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
Antoine Pitrou
501da61671
Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
...
(followup to issue #13627 )
2011-12-21 09:27:41 +01:00
Antoine Pitrou
8abdb8abd8
Issue #13634 : Add support for querying and disabling SSL compression.
2011-12-20 10:13:40 +01:00
Antoine Pitrou
923df6f22a
Issue #13627 : Add support for SSL Elliptic Curve-based Diffie-Hellman
...
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
Antoine Pitrou
6db4944cc5
Issue #13635 : Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
...
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
Antoine Pitrou
f3dc2d7afd
Fix typo
2011-10-28 00:01:03 +02:00
Antoine Pitrou
873bf262ad
Update example of non-blocking SSL code for the new finer-grained exceptions
2011-10-27 23:59:03 +02:00
Antoine Pitrou
41032a69c1
Issue #11183 : Add finer-grained exceptions to the ssl module, so that
...
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
Antoine Pitrou
5574c3012d
Replace mentions of socket.error.
2011-10-12 17:53:43 +02:00