7386268ffd
Issue #23804 : Merge SSL recv() fix from 3.5
2016-07-11 01:32:09 +00:00
bed7f1a512
Issue #23804 : Fix SSL zero-length recv() calls to not block and raise EOF
2016-07-11 00:17:13 +00:00
2954f83999
- Issue #27332 : Fixed the type of the first argument of module-level functions
...
generated by Argument Clinic. Patch by Petr Viktorin.
2016-07-07 18:20:03 +03:00
1a2b24f02d
Issue #27332 : Fixed the type of the first argument of module-level functions
...
generated by Argument Clinic. Patch by Petr Viktorin.
2016-07-07 17:35:15 +03:00
50600a78cb
merge 3.5 ( #24557 )
2016-07-06 23:58:16 -07:00
b8a2f51ceb
assume egd unless OPENSSL_NO_EGD is defined—remove configure check ( closes #24557 )
2016-07-06 23:55:15 -07:00
2c164b738d
Fix unused variable 'libver' warning in Modules/_ssl.c
...
It can be seen on various buildbots like 3.x.cea-indiana-amd64
and 3.x.murray-snowleopard:
/export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver'
/Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
2016-04-14 16:49:21 +03:00
dfcb041195
Fix unused variable 'libver' warning in Modules/_ssl.c
...
It can be seen on various buildbots like 3.x.cea-indiana-amd64
and 3.x.murray-snowleopard:
/export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver'
/Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
2016-04-14 16:48:48 +03:00
f01e408c16
Issue #26200 : Added Py_SETREF and replaced Py_XSETREF with Py_SETREF
...
in places where Py_DECREF was used.
2016-04-10 18:12:01 +03:00
57a01d3a0e
Issue #26200 : Added Py_SETREF and replaced Py_XSETREF with Py_SETREF
...
in places where Py_DECREF was used.
2016-04-10 18:05:40 +03:00
ec39756960
Issue #22570 : Renamed Py_SETREF to Py_XSETREF.
2016-04-06 09:50:03 +03:00
48842714b9
Issue #22570 : Renamed Py_SETREF to Py_XSETREF.
2016-04-06 09:45:48 +03:00
afd465d497
Issue #26644 : Merge SSL negative read fix from 3.5
2016-03-27 10:40:22 +00:00
5503d4731e
Issue #26644 : Raise ValueError for negative SSLSocket.recv() and read()
2016-03-27 05:35:19 +00:00
4a180a693f
merge 3.5 ( closes #25939 )
2016-02-17 22:18:35 -08:00
1378f7ca68
merge 3.4 ( closes #25939 )
2016-02-17 22:18:20 -08:00
9491272751
open the cert store readonly
...
Patch from Chi Hsuan Yen.
2016-02-17 22:13:19 -08:00
5db60aa84e
merge 3.5 ( closes #25672 )
2016-01-07 21:38:51 -08:00
3b1a8b3bbe
enable SSL_MODE_RELEASE_BUFFERS
...
Patch by Cory Benfield.
2016-01-07 21:37:37 -08:00
ef1585eb9a
Issue #25923 : Added more const qualifiers to signatures of static and private functions.
2015-12-25 20:01:53 +02:00
5a57ade58e
Issue #20440 : Massive replacing unsafe attribute setting code with special
...
macro Py_SETREF.
2015-12-24 10:35:59 +02:00
fcc2e71e99
merge 3.4 ( #25578 )
2015-11-14 15:14:42 -08:00
025a1fd990
rm trailing ws
2015-11-14 15:12:38 -08:00
f0c9038a36
fix possible memory lea k in _get_aia_uri ( closes #25578 )
2015-11-14 15:12:18 -08:00
2463001a15
merge 3.4 ( #25569 )
2015-11-14 00:11:09 -08:00
806fb25405
fix build with older openssl ( #25569 )
2015-11-14 00:09:22 -08:00
45bde5d2ee
merge 3.4 ( #25530 )
2015-11-11 22:45:22 -08:00
a9dcdabccb
always set OP_NO_SSLv3 by default ( closes #25530 )
2015-11-11 22:38:41 -08:00
86429bd174
merge 3.5 ( #25569 )
2015-11-11 22:14:08 -08:00
eda06c8f5e
fix memory leak in _get_crl_dp ( closes #25569 )
...
Patch started by Stéphane Wirtel.
2015-11-11 22:07:38 -08:00
f51d715845
Issue #25523 : Further a-to-an corrections new in 3.5.
2015-11-02 14:40:41 +02:00
a84f6c3dd3
Issue #25523 : Merge a-to-an corrections from 3.4.
2015-11-02 14:39:05 +02:00
d65c9496da
Issue #25523 : Further a-to-an corrections.
2015-11-02 14:10:23 +02:00
d330822c12
detect alpn by feature flag not openssl version ( closes #23329 )
2015-09-27 00:09:02 -07:00
d113c967b4
improve style of the convert macro ( #24655 )
...
Patch by Brian Cain.
2015-07-18 10:59:13 -07:00
0544cf0eb9
merge 3.4 ( #24655 )
2015-07-18 11:00:00 -07:00
dbfdc380df
Issue #24001 : Argument Clinic converters now use accept={type}
...
instead of types={'type'} to specify the types the converter accepts.
2015-05-04 06:59:46 -07:00
4b7b82f133
Issue #20179 : Converted the _ssl module to Argument Clinic.
2015-05-03 16:14:08 +03:00
146907081c
Issue #23853 : Methods of SSL socket don't reset the socket timeout anymore each
...
time bytes are received or sent. The socket timeout is now the maximum total
duration of the method.
This change fixes a denial of service if the application is regulary
interrupted by a signal and the signal handler does not raise an exception.
2015-04-06 22:46:13 +02:00
7d71c97ec3
merge 3.4 ( #23875 )
2015-04-06 13:06:21 -04:00
43b842775f
remove extra arguments in arg parsing format codes ( closes #23875 )
2015-04-06 13:05:22 -04:00
4e3cfa46dc
Issue #23853 : Cleanup _ssl.c
...
* Rename check_socket_and_wait_for_timeout() to PySSL_select()
* PySSL_select() is now clearly splitted betwen poll() and select()
* Add empty lines for readability
2015-04-02 21:28:28 +02:00
869e1778c0
Issue #22117 : Replace usage of _PyTime_ROUND_UP with _PyTime_ROUND_CEILING
...
All these functions only accept positive timeouts, so this change has no effect
in practice.
2015-03-30 03:49:14 +02:00
ea9c0dd2c2
Issue #22117 : Fix usage of _PyTime_AsTimeval()
...
Add _PyTime_AsTimeval_noraise() function. Call it when it's not possible (or
not useful) to raise a Python exception on overflow.
2015-03-30 02:51:13 +02:00
e245231fab
Issue #22117 : Fix ssl to use _PyTime_t API on sock_timeout
...
I didn't notice that the ssl module uses private attributes of socket objects.
2015-03-28 03:00:46 +01:00
8490f5acfe
Issue #23001 : Few functions in modules mmap, ossaudiodev, socket, ssl, and
...
codecs, that accepted only read-only bytes-like object now accept writable
bytes-like object too.
2015-03-20 09:00:36 +02:00
e42ccd2bfd
Issue #23694 : Enhance _Py_fopen(), it now raises an exception on error
...
* If fopen() fails, OSError is raised with the original filename object.
* The GIL is now released while calling fopen()
2015-03-18 01:39:23 +01:00
de8eca4638
merge 3.4
2015-03-04 22:50:25 -05:00
990fcaac3c
expose X509_V_FLAG_TRUSTED_FIRST
2015-03-04 22:49:41 -05:00
b64ae7bf2d
merge 3.4 ( #23476 )
2015-03-04 22:11:48 -05:00
fdb1971587
enable X509_V_FLAG_TRUSTED_FIRST when possible ( closes #23476 )
2015-03-04 22:11:12 -05:00
0bfd0a4048
Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.
2015-03-04 20:54:57 +01:00
f7f3b0a14a
Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.
2015-03-04 20:51:55 +01:00
4d0d982985
Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer
...
overflows. Added few missed PyErr_NoMemory().
2015-02-16 13:33:32 +02:00
1a1ff29659
Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer
...
overflows. Added few missed PyErr_NoMemory().
2015-02-16 13:28:22 +02:00
c54de47759
ifdef our way to compatibility with old openssl ( closes #23335 )
2015-01-28 12:06:39 -05:00
07f0515667
disable ALPN on LibreSSL, which has a large version number, but not ALPN support ( closes #23329 )
2015-01-27 11:10:18 -05:00
8861502e07
prefer server alpn ordering over the client's
2015-01-23 17:30:26 -05:00
cca2732a82
add support for ALPN ( closes #20188 )
2015-01-23 16:35:37 -05:00
baf7c1e546
use SSL_get_session
2015-01-07 11:32:00 -06:00
4cb17812d9
expose the client's cipher suites from the handshake ( closes #23186 )
2015-01-07 11:14:26 -06:00
fcfed19913
Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The
...
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
2015-01-06 13:54:58 +01:00
5e8430d02c
Issue #23143 : Remove compatibility with OpenSSLs older than 0.9.8.
...
(the last 0.9.7 release was in 2007)
2015-01-03 23:17:23 +01:00
e32467cf6a
allow ssl module to compile if openssl doesn't support SSL 3 ( closes #22935 )
...
Patch by Kurt Roeckx.
2014-12-05 21:59:35 -05:00
7243b574e5
don't require OpenSSL SNI to pass hostname to ssl functions ( #22921 )
...
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
22293df016
merge 3.4 ( #22935 )
2014-12-05 22:11:33 -05:00
beeb512fe1
Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The
...
availability of the function is checked during the compilation.
Patch written by Bernard Spil.
2014-11-28 13:28:25 +01:00
f9284ae8ed
merge 3.4 ( #22921 )
2014-11-23 17:06:39 -06:00
b1fdf47ff5
Issue #21965 : Add support for in-memory SSL to the ssl module.
...
Patch by Geert Jansen.
2014-10-05 20:41:53 +02:00
47e40429fb
Issue #20421 : Add a .version() method to SSL sockets exposing the actual protocol version in use.
2014-09-04 21:00:10 +02:00
e03de09ff2
(Merge 3.4) Issue #21781 , _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format
...
requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".
2014-07-07 21:52:49 +02:00
cd75298611
Issue #21781 , _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires
...
size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".
2014-07-07 21:52:29 +02:00
7f084064e8
(Merge 3.4) Issue #21781 : Make the ssl module "ssize_t clean" for parsing
...
parameters. ssl.RAND_add() now supports strings longer than 2 GB.
2014-07-01 16:39:23 +02:00
2e57b4e488
Issue #21781 : Make the ssl module "ssize_t clean" for parsing parameters.
...
ssl.RAND_add() now supports strings longer than 2 GB.
2014-07-01 16:37:17 +02:00
45e8e2f218
Issue #21490 : Add new C macros: Py_ABS() and Py_STRINGIFY()
...
Keep _Py_STRINGIZE() in PC/pyconfig.h to not introduce a dependency between
pyconfig.h and pymacros.h.
2014-05-14 17:24:35 +02:00
0bebbc33fa
Issue #21015 : SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1".
...
(should also fix a buildbot failure introduced by #20995 )
2014-03-22 18:13:50 +01:00
83fed26953
avoid a compiler warning about assigning const char * to char *.
2014-01-17 12:09:05 -08:00
f34890937b
avoid a compiler warning about assigning const char * to char *.
2014-01-17 12:08:49 -08:00
78ace81c93
Issue #20207 : Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.
2014-01-09 20:09:03 +01:00
2f7c31678a
Remove conditional: it is useless at this point (OpenSSL headers are not yet included)
2014-01-09 20:07:41 +01:00
cd3d7cabef
Issue #20207 : Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.
2014-01-09 20:02:20 +01:00
36e96b8716
(Merge 3.3) Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now
...
raise a ValueError if num is negative (instead of raising a SystemError).
2013-12-19 16:47:25 +01:00
1e81a399a2
Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a
...
ValueError if num is negative (instead of raising a SystemError).
2013-12-19 16:47:04 +01:00
1aa9a75fbf
Issue #19509 : Add SSLContext.check_hostname to match the peer's certificate
...
with server_hostname on handshake.
2013-12-02 02:41:19 +01:00
470fba1f9f
SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too
2013-11-28 15:12:15 +01:00
2427b50fdd
Issue #8813 : X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+
...
The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
2013-11-23 11:24:32 +01:00
5398e1a56e
Issue #19448 : report name / NID in exception message of ASN1Object
2013-11-22 16:20:53 +01:00
f22e8e5426
Issue #18147 : Add missing documentation for SSLContext.get_ca_certs().
...
Also change the argument name to the same name as getpeercert()
2013-11-22 02:22:51 +01:00
44109d7de7
Issue #17134 : Finalize interface to Windows' certificate store. Cert and
...
CRL enumeration are now two functions. enum_certificates() also returns
purpose flags as set of OIDs.
2013-11-22 01:51:30 +01:00
1dbf61fa46
downcast len to int. The code has already checked that len < INT_MAX
2013-11-22 00:34:18 +01:00
18fc7be80d
lst might be NULL here
...
CID 1130752: Dereference after null check (FORWARD_NULL)
2013-11-21 23:57:49 +01:00
225877917e
Issue #8813 : Add SSLContext.verify_flags to change the verification flags
...
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
2013-11-21 23:56:13 +01:00
949ec14209
Issue #19682 : Fix compatibility issue with old version of OpenSSL that
...
was introduced by Issue #18379 .
2013-11-21 16:26:51 +01:00
bd3a7f90b5
Issue #18379 : SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP
...
and CRL distribution points.
2013-11-21 03:40:15 +01:00
efff7060f8
Issue #18138 : Implement cadata argument of SSLContext.load_verify_location()
...
to load CA certificates and CRL from memory. It supports PEM and DER
encoded strings.
2013-11-21 03:35:02 +01:00
b08ff7dcb4
Safely downcast SOCKET_T to int in _ssl module
2013-11-18 10:04:07 +01:00
a6bc95aa02
Issue #19448 : Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name.
2013-11-17 19:59:14 +01:00
a9eb38f02a
Issue #19437 : Fix newPySSLSocket(), handle PyWeakref_NewRef() failure
2013-10-31 16:35:38 +01:00
ba9be477b0
Issue #19437 : Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue()
...
failure
Don't call PyObject_CallObject() with NULL parameters and an exception set.
2013-10-31 15:00:24 +01:00
ee0bac66b2
Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding
...
It is causing trouble like e.g. hanging processes.
2013-10-29 21:11:55 +01:00
Martin Panter
Serhiy Storchaka
Benjamin Peterson
Berker Peksag
Larry Hastings
Victor Stinner
Antoine Pitrou
Gregory P. Smith
Christian Heimes