Commit Graph

91 Commits

Author SHA1 Message Date
Miss Islington (bot) 2614ed4c6e
bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (GH-5663)
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 05d9fe32a1)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 00:17:49 -08:00
Victor Stinner 51500f3745
bpo-32706: Skip test_ftplib.test_check_hostname() (#5422)
This test is unstable and currently prevents to make any new change
since the test always fails on Travis CI.

Skip the test to get more time to fix it.
2018-01-29 13:21:34 +01:00
Christian Heimes 61d478c71c
bpo-31399: Let OpenSSL verify hostname and IP address (#3462)
bpo-31399: Let OpenSSL verify hostname and IP

The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.

* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-27 15:51:38 +01:00
Christian Heimes a170fa162d bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)
Replaces PROTOCOL_TLSv* and PROTOCOL_SSLv23 with PROTOCOL_TLS_CLIENT and
PROTOCOL_TLS_SERVER.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:27:30 +02:00
Victor Stinner b157ce1e58 bpo-31234: Fix dangling thread in test_ftplib (#3544)
Clear also self.server_thread attribute in TestTimeouts.tearDown().
2017-09-13 06:43:58 -07:00
Victor Stinner d403a29c00 bpo-31234: Fix dangling thread in test_ftp/poplib (#3540)
Explicitly clear the server attribute in test_ftplib and test_poplib
to prevent dangling thread.
2017-09-13 03:58:25 -07:00
Antoine Pitrou a6a4dc816d bpo-31370: Remove support for threads-less builds (#3385)
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
2017-09-07 18:56:24 +02:00
Dong-hee Na 2b1e6e9696 bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal command (#1214) 2017-07-22 19:20:22 +02:00
Victor Stinner 73528640ff bpo-30818: test_ftplib calls asyncore.close_all() (#2514)
Always clear asyncore socket map using
asyncore.close_all(ignore_all=True) in tearDown() method.

This change should fix this warning:

Warning -- asyncore.socket_map was modified by test_ftplib
  Before: {}
  After:  {4: <test.test_ftplib.DummyTLS_FTPServer 127.0.0.1:0 at 0x805feccf0>}
2017-06-30 17:36:57 +02:00
Christian Heimes d04863771b Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.

ssl.wrap_socket() is not marked as deprecated yet.
2016-09-10 23:23:33 +02:00
Martin Panter 19e69c5a20 Issue #23883: Add missing APIs to __all__; patch by Jacek Kołodziej 2015-11-14 12:46:42 +00:00
Benjamin Peterson 22293df016 merge 3.4 (#22935) 2014-12-05 22:11:33 -05:00
Benjamin Peterson e32467cf6a allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935)
Patch by Kurt Roeckx.
2014-12-05 21:59:35 -05:00
Benjamin Peterson f9284ae8ed merge 3.4 (#22921) 2014-11-23 17:06:39 -06:00
Benjamin Peterson 7243b574e5 don't require OpenSSL SNI to pass hostname to ssl functions (#22921)
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
Berker Peksag 8f791d358b Issue #6623: Remove deprecated Netrc class in the ftplib module.
Patch by Matt Chaput.
2014-11-01 10:45:57 +02:00
Charles-François Natali 6e20460dc6 Issue #21566: Make use of socket.listen() default backlog. 2014-07-23 19:28:13 +01:00
Serhiy Storchaka d3e1207191 Issue #20555: Use specific asserts in urllib, httplib, ftplib, cgi, wsgiref tests. 2014-02-08 14:51:10 +02:00
Serhiy Storchaka 25d8aeac7c Issue #20555: Use specific asserts in urllib, httplib, ftplib, cgi, wsgiref tests. 2014-02-08 14:50:08 +02:00
Christian Heimes b2a794d235 fixed test_ftplib 2013-12-15 19:50:13 +01:00
Christian Heimes e7945d76ff test_ftplib: skip check_hostname test when SNI is not available 2013-12-15 19:38:22 +01:00
Christian Heimes e5b5edfa2c Issue #19781: ftplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
2013-12-02 02:56:02 +01:00
Serhiy Storchaka 43767638a9 Issue #18702: All skipped tests now reported as skipped. 2013-11-03 21:31:38 +02:00
Serhiy Storchaka 7908068627 Issue #18702: All skipped tests now reported as skipped. 2013-11-03 21:31:18 +02:00
Serhiy Storchaka 2acc456c33 Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.
2013-10-20 17:02:10 +03:00
Serhiy Storchaka c30b178cbc Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.
2013-10-20 16:58:27 +03:00
Benjamin Peterson 42686e45c1 merge 3.3 (#19118) 2013-09-29 10:51:08 -04:00
Benjamin Peterson f8ab76039b remove duplicate test_mkd (closes #19118) 2013-09-29 10:51:00 -04:00
Antoine Pitrou 1e440cf5a2 Issue #18792: Use "127.0.0.1" or "::1" instead of "localhost" as much as possible, since "localhost" goes through a DNS lookup under recent Windows versions. 2013-08-22 00:39:46 +02:00
Antoine Pitrou f6fbf56071 Issue #18792: Use "127.0.0.1" or "::1" instead of "localhost" as much as possible, since "localhost" goes through a DNS lookup under recent Windows versions. 2013-08-22 00:39:46 +02:00
Senthil Kumaran 07abe7aedb merge from 3.3
Increasing test coverage of ftplib. Patch by Muhammad Jehanzeb
2013-08-12 22:26:14 -07:00
Senthil Kumaran 0d53860e2c Increasing test coverage of ftplib. Patch by Muhammad Jehanzeb 2013-08-12 22:25:27 -07:00
Florent Xicluna c2464bf5c6 test_ftplib: silence a BytesWarning when checking TypeError 2013-07-06 15:08:29 +02:00
Florent Xicluna 5f3fef37f6 test_ftplib: silence a BytesWarning when checking TypeError 2013-07-06 15:08:21 +02:00
Giampaolo Rodola' 0d4f08cee3 ftplib tests: provide a global socket's TIMEOUT variable and use it everywhere so that failing tests won't accidentally hang 2013-05-16 15:12:01 +02:00
Victor Stinner 4489e927a6 (Merge 3.3) Close #6822: ftplib.FTP.storlines() expects a binary file, not a text file
Add an unit test to ensure that text files are rejectect (with TypeError)
2013-04-02 22:13:49 +02:00
Victor Stinner ed3a303548 Close #6822: ftplib.FTP.storlines() expects a binary file, not a text file
Add an unit test to ensure that text files are rejectect (with TypeError)
2013-04-02 22:13:27 +02:00
R David Murray 87632f1a9e #6623: Add explicit deprecation warning for ftplib.Netrc. 2013-02-19 18:32:28 -05:00
Andrew Svetlov f7a17b48d7 Replace IOError with OSError (#16715) 2012-12-25 16:47:37 +02:00
Antoine Pitrou aa03a1fe2a Small cleanup in test_ftplib 2012-12-19 20:44:37 +01:00
Antoine Pitrou 08d02724df Small cleanup in test_ftplib 2012-12-19 20:44:02 +01:00
Andrew Svetlov 0832af6628 Issue #16717: get rid of socket.error, replace with OSError 2012-12-18 23:10:48 +02:00
Benjamin Peterson b29614e047 compare singletons by identity not equality (closes #16712)
Patch from Serhiy Storchaka.
2012-10-09 11:16:03 -04:00
Giampaolo Rodola' 8bc8585873 provide a common method to check for RETR_DATA validity, first checking the expected len and then the actual data content; this way we get a failure on len mismatch rather than content mismatch (which is very long and unreadable) 2012-01-09 17:10:10 +01:00
Charles-François Natali b01c32dab4 Issue #13453: Try to increase some socket timeouts to make some buildbots stop
failing.
2011-12-19 16:12:59 +01:00
Charles-François Natali 4ce2f36461 Issue #13453: Try to increase some socket timeouts to make some buildbots stop
failing.
2011-12-19 16:12:23 +01:00
Giampaolo Rodola' 5de1532163 Issue 12139: ftplib - remove 'post CCC' test to fix various buildot failures due to dummy test server not properly handling SSL shutdown(), see http://bugs.python.org/msg139499 2011-06-30 18:34:41 +02:00
Giampaolo Rodola' 096dcb1eff Issue 12139: add CCC command support to FTP_TLS class to revert the SSL connection back to clear-text. 2011-06-27 11:17:51 +02:00
Giampaolo Rodola' ffc235cbbf merge with 3.2 2011-05-07 19:11:06 +02:00
Giampaolo Rodola' 24befa87dc merge with 3.1 2011-05-07 19:09:34 +02:00