Commit Graph

209 Commits

Author SHA1 Message Date
Christian Heimes b08ff7dcb4 Safely downcast SOCKET_T to int in _ssl module 2013-11-18 10:04:07 +01:00
Christian Heimes a6bc95aa02 Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name. 2013-11-17 19:59:14 +01:00
Victor Stinner a9eb38f02a Issue #19437: Fix newPySSLSocket(), handle PyWeakref_NewRef() failure 2013-10-31 16:35:38 +01:00
Victor Stinner ba9be477b0 Issue #19437: Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue()
failure

Don't call PyObject_CallObject() with NULL parameters and an exception set.
2013-10-31 15:00:24 +01:00
Christian Heimes ee0bac66b2 Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding
It is causing trouble like e.g. hanging processes.
2013-10-29 21:11:55 +01:00
Christian Heimes fb6b44e830 Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding
It is causing trouble like e.g. hanging processes.
2013-10-29 20:50:01 +01:00
Georg Brandl 81be27d53e Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL
pseudo-random number generator on fork().
2013-10-27 07:56:11 +01:00
Georg Brandl fb404f528a #19227: merge with 3.3 2013-10-27 07:57:42 +01:00
Antoine Pitrou b2201e1aa6 Properly initialize all fields of a SSL object after allocation. 2013-09-29 19:53:45 +02:00
Antoine Pitrou 860aee75b8 Properly initialize all fields of a SSL object after allocation. 2013-09-29 19:52:45 +02:00
Antoine Pitrou 20b85557f2 Issue #19095: SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done. 2013-09-29 19:50:53 +02:00
Christian Heimes 2d7aba3db1 Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:50 +02:00
Christian Heimes 60bf2fc25b Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:35 +02:00
Victor Stinner daf455554b Issue #18571: Implementation of the PEP 446: file descriptors and file handles
are now created non-inheritable; add functions os.get/set_inheritable(),
os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().
2013-08-28 00:53:59 +02:00
Christian Heimes cfa47962c2 Issue #18747: Fix spelling errors in my commit message and comments,
thanks to Vajrasky Kok for proof-reading.
2013-08-25 14:19:29 +02:00
Christian Heimes 61636e7105 Issue #18747: Fix spelling errors in my commit message and comments,
thanks to Vajrasky Kok for proof-reading.
2013-08-25 14:19:16 +02:00
Richard Oudkerk cabbde9e1e Fix compiler warning on Windows. 2013-08-24 23:46:27 +01:00
Christian Heimes f54c24628b Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
2013-08-22 13:19:56 +02:00
Christian Heimes 80c5de93f9 Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
2013-08-22 13:19:48 +02:00
Christian Heimes 6acbe2aaa3 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
2013-08-21 13:26:34 +02:00
Christian Heimes f77b4b20e9 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
2013-08-21 13:26:05 +02:00
Christian Heimes 85532eb212 Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
2013-08-19 17:36:39 +02:00
Christian Heimes 4d98ca9ff6 Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
2013-08-19 17:36:29 +02:00
Christian Heimes f920a1c1f1 Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:27 +02:00
Christian Heimes 3c2593b2bb Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:18 +02:00
Christian Heimes 9b5907cbd5 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:19:03 +02:00
Christian Heimes 474afdda60 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:18:56 +02:00
Ezio Melotti a7e7497d88 #18466: merge with 3.3. 2013-08-17 16:58:13 +03:00
Ezio Melotti 85a8629d21 #18466: fix more typos. Patch by Févry Thibault. 2013-08-17 16:57:41 +03:00
Christian Heimes e06d47c70c Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
2013-08-17 00:58:00 +02:00
Christian Heimes 824f7f366d Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
2013-08-17 00:54:47 +02:00
Christian Heimes 9bfcaa6fb3 Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:35 +02:00
Christian Heimes 5962bef8aa Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:18 +02:00
Victor Stinner 11ebff2757 Issue #18203: Replace malloc() with PyMem_Malloc() in _ssl for the password 2013-07-07 17:07:52 +02:00
Victor Stinner b64049183c Issue #18203: Replace malloc() with PyMem_Malloc() in Python modules
Replace malloc() with PyMem_Malloc() when the GIL is held, or with
PyMem_RawMalloc() otherwise.
2013-07-07 16:21:41 +02:00
Victor Stinner 7e00151e1f _ssl.c: strip trailing spaces 2013-06-25 00:44:31 +02:00
Victor Stinner 86073dc3c2 (Merge 3.3) Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if
the input string in longer than 2 gigabytes, and
ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer
than 2 gigabytes. The ssl module does not support partial write.
2013-06-25 00:43:47 +02:00
Victor Stinner 6efa965a27 Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises
a ValueError if the password is longer than 2 gigabytes. The ssl module does
not support partial write.
2013-06-25 00:42:31 +02:00
Victor Stinner 8cfd67cfe7 (Merge 3.3) Issue #18135: Fix a possible integer overflow in
ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and
passwords longer than 2 gigabytes.
2013-06-23 15:09:26 +02:00
Victor Stinner 9ee0203057 Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
and in ssl.SSLContext.load_cert_chain() for strings and passwords longer
than 2 gigabytes.
2013-06-23 15:08:23 +02:00
Victor Stinner 4569cd5eab _ssl.c: strip trailing spaces 2013-06-23 14:58:43 +02:00
Christian Heimes 9a5395ae2b Issue #18147: Add diagnostic functions to ssl.SSLContext().
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
2013-06-17 15:44:12 +02:00
Christian Heimes 200bb1b08c Simplify return value of ssl.get_default_verify_paths
prefix function with PySSL_, too. Other module level functions have a prefix, too.
2013-06-14 15:14:29 +02:00
Christian Heimes 75b8426698 fixd refleak 2013-06-10 10:47:22 +02:00
Christian Heimes 46bebee25f Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store. 2013-06-09 19:03:31 +02:00
Christian Heimes 142ec2c014 get_default_verify_paths doesn't belong inside the ifdef block 2013-06-09 18:29:54 +02:00
Christian Heimes 6d7ad13a45 Issue #18143: Implement ssl.get_default_verify_paths() in order to debug
the default locations for cafile and capath.
2013-06-09 18:02:55 +02:00
Antoine Pitrou 19fef69b75 Fix compilation under MSVC: ssl_set_mode() is a macro, and the MSVC preprocessor doesn't process #ifdef's inside a macro argument list.
(found explanation at http://www.tech-archive.net/Archive/VC/microsoft.public.vc.language/2007-05/msg00385.html)
2013-05-25 13:23:03 +02:00
Antoine Pitrou 3a65ad7f08 Issue #8240: Set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag on SSL sockets. 2013-05-25 13:02:32 +02:00
Antoine Pitrou 50b24d0d7c Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.
Patch by Kazuhiro Yoshida.
(originally issue #8109)
2013-04-11 20:48:42 +02:00