TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.
To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
https://github.com/openssl/openssl/pull/6340) is required.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 529525fb5a)
Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.
Also update multissltests and Travis config to test with latest OpenSSL.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit e8eb6cb792)
Co-authored-by: Christian Heimes <christian@python.org>
as docstrings and translatable strings, and rejects
bytes literals and f-string expressions.
(cherry picked from commit 69524821a8)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
LibreSSL < 2.7.
Documentation updates and fixes for failing tests will be provided in
another patch set.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 4ca0739c9d)
Co-authored-by: Christian Heimes <christian@python.org>
Creating backup files with ~ suffix can be undesirable in some environment,
such as when building RPM packages. Instead of requiring the user to remove
those files manually, option -n was added, that simply disables this feature.
-n was selected because 2to3 has the same option with this behavior.
(cherry picked from commit 5affd5c29e)
Co-authored-by: Miro Hrončok <miro@hroncok.cz>
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes
Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.
I'm going to address these issues when OpenSSL 1.1.1 reaches beta.
OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 05d9fe32a1)
Co-authored-by: Christian Heimes <christian@python.org>
* Fix multiple typos in code comments
* Add spacing in comments (test_logging.py, test_math.py)
* Fix spaces at the beginning of comments in test_logging.py
CPython migrated from CVS to Subversion, to Mercurial, and then to
Git. CVS and Subversion are not more used to develop CPython.
* platform module: drop support for sys.subversion. The
sys.subversion attribute has been removed in Python 3.3.
* Remove Misc/svnmap.txt
* Remove Tools/scripts/svneol.py
* Remove Tools/scripts/treesync.py
* distutils.config: Use the PyPIRCCommand.realm attribute if set
* turtledemo: wait until macOS osascript command completes to not
create a zombie process
* Tools/scripts/treesync.py: declare 'default_answer' and
'create_files' as globals to modify them with the command line
arguments. Previously, -y, -n, -f and -a options had no effect.
flake8 warning: "F841 local variable 'p' is assigned to but never
used".
kB (*kilo* byte) unit means 1000 bytes, whereas KiB ("kibibyte")
means 1024 bytes. KB was misused: replace kB or KB with KiB when
appropriate.
Same change for MB and GB which become MiB and GiB.
Change the output of Tools/iobench/iobench.py.
Round also the size of the documentation from 5.5 MB to 5 MiB.
When a single .c file contains several functions and/or methods with
the same name, a safety _METHODDEF #define statement is generated
only for one of them.
This fixes the bug by using the full name of the function to avoid
duplicates rather than just the name.
* Add Tools/scripts/smelly.py: script checking if all symbols
exported by libpython start with "Py" or "_Py".
* Modify "make smelly" to run smelly.py: the command now fails with a
non-zero exit code if libpython leaks a "smelly" symbol.
* Travis CI now runs "make smelly"
* group the (stateful) runtime globals into various topical structs
* consolidate the topical structs under a single top-level _PyRuntimeState struct
* add a check-c-globals.py script that helps identify runtime globals
Other globals are excluded (see globals.txt and check-c-globals.py).
* group the (stateful) runtime globals into various topical structs
* consolidate the topical structs under a single top-level _PyRuntimeState struct
* add a check-c-globals.py script that helps identify runtime globals
Other globals are excluded (see globals.txt and check-c-globals.py).
PEP 523 introduced _PyEval_EvalFrameDefault which inlines PyEval_EvalFrameEx on
non-debug shared builds. This breaks the ability to use py-bt, py-up, and
a few other Python-specific gdb integrations.
This patch fixes the problem by only looking for _PyEval_EvalFrameDefault
frames.
test_gdb passes on both a debug and a non-debug build.
Original patch by Bruno "Polaco" Penteado.
Tools/scripts/patchcheck.py now ignores changes in directories which
are copies of external libraries:
* Modules/_ctypes/libffi_msvc/
* Modules/_ctypes/libffi_osx/
* Modules/_decimal/libmpdec/
* Modules/expat/
* Modules/zlib/
Drop also support for Mercurial, since CPython migrated to Git.
Exclude also libmpdec
patchcheck: exclude also libffi_osx and libffi_msvc
* Revert "Add Bruno Penteado to ACKS (#3091)"
This reverts commit f978405b3f.
* Revert "bpo-30983: eval frame rename in pep 0523 broke gdb's python extension (#2803)"
This reverts commit 2e0f4db114.
pep 0523 renames PyEval_EvalFrameEx to _PyEval_EvalFrameDefault while the gdb python extension only looks for PyEval_EvalFrameEx to understand if it is dealing with a frame.
Final effect is that attaching gdb to a python3.6 process doesnt resolve python objects. Eg. py-list and py-bt dont work properly.
This patch fixes that. Tested locally on python3.6
* Enable building MSI, zip and nuget packages when Py_OutDir is set.
* Restore the --build option, which got reverted at some point.
* Ensure output directory is created.
* Enables BuildForDaily and DailyBuildVersion options for nuget package.